r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d27590a1d3cbe1e9632b8ae92aaae3f4
202b34e8a0c3b88c8826fd56c6227b34f2cd6f46
6bcfa518476658128c1fb4ea2435c4e58531454cf97138dce7ece9def589aead
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BCFA518476658128C1FB4EA2435C4E58531454CF97138DCE7ECE9DEF589AEAD"
Last-Modified: Wed, 16 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2894
Expires: Fri, 18 Nov 2022 11:39:14 GMT
Date: Fri, 18 Nov 2022 10:51:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3a38b6dd8a4cc335c026aebf2ed348b6
8a386e0ccb0ca4dc502746c45b2ebc3aa3f83cf8
8b4040a645cec1841a00a22765eb3a74978559daf15c54bd4b41b6b48aab7f95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B4040A645CEC1841A00A22765EB3A74978559DAF15C54BD4B41B6B48AAB7F95"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4119
Expires: Fri, 18 Nov 2022 11:59:39 GMT
Date: Fri, 18 Nov 2022 10:51:00 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 8Do4fhnP0hcLee7wD7VB+sMrMbKFL1m0Fm/UlRDOKa2160eIIiu6uPl7GmTMXD103tKJOaDmAUo=
x-amz-request-id: QGSZ3B3HJG6KGH39
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 18 Nov 2022 09:52:50 GMT
age: 3490
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash be1be806b5dca7facbb45a6c3db44652
7ae9380a2f3eca959fe6ff6b3832a17cffd12cf4
1f3338058f8e9cae5c9fdd733c74564312726b01c6efdcd628d851d0c99876b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3944
Cache-Control: max-age=89167
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 10:51:00 GMT
Etag: "63760d7b-1d7"
Expires: Sat, 19 Nov 2022 11:37:07 GMT
Last-Modified: Thu, 17 Nov 2022 10:31:23 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 18 Nov 2022 10:45:03 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 357
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 10:51:00 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 18 Nov 2022 10:44:49 GMT
cache-control: public,max-age=3600
age: 372
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 10:51:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
webmail.grupomoxin.com.do/
162.215.3.16200 OK 3.5 kB URL HTTP/1.1 webmail.grupomoxin.com.do/
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2891)
Hash e9658cff450e6c1ccdc73046afe22cba
9eb029709b6f432064fd91f6ec4b42a3492631c1
d1d6f0090c4d3041ed01884b2c65e60640521f51504ce80cdc1c72a989ea7cf3
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET / HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Fri, 18 Nov 2022 10:51:01 GMT
Last-Modified: Fri, 18 Nov 2022 10:51:01 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: sameorigin
Content-Language: en
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Set-Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; path=/; HttpOnly
__cf_bm=8fFcIA4W7B6xu9c0pyPBTjHZt.J.6fcaOT3OdTWMVNk-1668768661-0-ATC9BtqJAB1od5A0TA1QRjeYYKCXVwOK1O4VsPthdpW6bzJOK1zHQwv2tDXlDPKdE9JO/HvhRpEVbPC09kWGzCA=; path=/; expires=Fri, 18-Nov-22 11:21:01 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
__cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu; SameSite=Lax; path=/; expires=Fri, 18-Nov-22 11:21:01 GMT; HttpOnly
CF-RAY: 76c026022dfd7d7c-LAX
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 10:51:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 10:51:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 10:51:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 10:51:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c10055ce87434f700ff8b20e3be1f919
477b3c9f1da0c464282bb54572737e76b6e346da
4d78eb296876122e5ff40fcd7667adf1bf8a4b1ee4c8203c88a63ce8d7910a57
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5823
Cache-Control: max-age=85977
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 10:51:01 GMT
Etag: "6375f9af-1d7"
Expires: Sat, 19 Nov 2022 10:43:58 GMT
Last-Modified: Thu, 17 Nov 2022 09:06:55 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 10:51:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
34.214.17.205101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.17.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KTpjokyEo8rfoDZdzgX4YQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 0DA6rxWL1iMJfSIT81t0My64a3s=
webmail.grupomoxin.com.do/plugins/xbackground/assets/plugin/login.css?s=1656346465
162.215.3.16200 OK 437 B URL HTTP/1.1 webmail.grupomoxin.com.do/plugins/xbackground/assets/plugin/login.css?s=1656346465
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 00f4b060e03a59d13608dc6e7cbd9538
6b72f352c03701c77d0bdfbc5a2c0d435f027122
275b5cda760036db15860c0108d7e42145df5204ba7231bd64ba286cf6af5268
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /plugins/xbackground/assets/plugin/login.css?s=1656346465 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:25 GMT
Vary: Accept-Encoding
ETag: W/"62b9d761-542"
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3888
Expires: Fri, 18 Nov 2022 14:51:01 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=uQOAQPlZT1BRLWQzWa_X0qOn9k.rrwJ5lr4W0ryWSWY-1668768661-0-Adnpau7wfN9lrgYwPF42geF9lokgOTQgqiuyMBDKpLP1rMIzaJH/Hbw5xZTiurqm2CyUb7E2QGq5jXgyuRBAt24=; path=/; expires=Fri, 18-Nov-22 11:21:01 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c026076c737e10-LAX
webmail.grupomoxin.com.do/plugins/xcalendar/assets/styles/elastic.css?s=1656346471
162.215.3.16200 OK 5.5 kB URL HTTP/1.1 webmail.grupomoxin.com.do/plugins/xcalendar/assets/styles/elastic.css?s=1656346471
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 92a088d8ac4d760514b44473859b069c
55b67b951d500639042f7e7d189a21a0423aa895
702d4f03a22445602bc56d77785520a328f18facb40619fb10e2809524c89fd5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /plugins/xcalendar/assets/styles/elastic.css?s=1656346471 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:31 GMT
Vary: Accept-Encoding
ETag: W/"62b9d767-8892"
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3888
Expires: Fri, 18 Nov 2022 14:51:01 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=jDn7w6JksG4nHaYOtBYC1E7Qyq4vPy1G6RIoW3gzEKY-1668768661-0-Afg4zTj7ih0fhqfYEdlQK1zXRCMhn0LC/pMTFR//Lt//HS7UUEzXYMF7uCfeTIE+6p8cDpgiFkYDDbxvwinYfqY=; path=/; expires=Fri, 18-Nov-22 11:21:01 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c026075b3f7d3b-LAX
webmail.grupomoxin.com.do/plugins/jqueryui/themes/elastic/jquery-ui.css?s=1656346460
162.215.3.16200 OK 8.2 kB URL HTTP/1.1 webmail.grupomoxin.com.do/plugins/jqueryui/themes/elastic/jquery-ui.css?s=1656346460
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2515)
Hash 385390f21c8bb9cbf1fa0da9308491b2
791c1f72fc7162657fbae14cde78a5db84259e96
c7c7c56a6d6aa7e85fe61fcb0494d898ac729ead7f1733d3acc6679d9e7ee6db
Analyzer Verdict Alert quad9 Sinkholed
GET /plugins/jqueryui/themes/elastic/jquery-ui.css?s=1656346460 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:20 GMT
Vary: Accept-Encoding
ETag: W/"62b9d75c-858e"
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Expires: Fri, 18 Nov 2022 14:51:01 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=2KnVezWbkJt1VPHyUxEL4GxvJeRU4qdecc.fgIzYT.4-1668768661-0-Abux+dXsQoKxZxltUc6WzRhSoUpq776rFk6zVd+A4CBsDeu4OBdJsvArLKXiXkcFAGOJ74+AzlqlZKPDuYM8lIg=; path=/; expires=Fri, 18-Nov-22 11:21:01 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c026076d1f7bb3-LAX
webmail.grupomoxin.com.do/skins/elastic/deps/bootstrap.min.css?s=1656346496
162.215.3.16200 OK 23 kB URL HTTP/1.1 webmail.grupomoxin.com.do/skins/elastic/deps/bootstrap.min.css?s=1656346496
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65324)
Hash a9d40b3e764c70c415f1f9b945a4d1c3
e8ed4b7c5055b8c7fc7b430a05a32b4599db74fb
3ab5e51022e604b45cae48afa6e14616f2673e43c227d041609af4f4b654a3e2
Analyzer Verdict Alert quad9 Sinkholed
GET /skins/elastic/deps/bootstrap.min.css?s=1656346496 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:56 GMT
Vary: Accept-Encoding
ETag: W/"62b9d780-26041"
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Expires: Fri, 18 Nov 2022 14:51:01 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=0RQ2c3ZsLNZpOx9blutAQLfuTMm2bEEgqc7fbdrd7PQ-1668768661-0-AWZ42vRAr0djlrpo1ut2adxnvgELykd6J77+yKkcEXFsNQ2HfdToVT9L1Cl4A7nV/FDFUiHujSJ5umWDyeNpjdU=; path=/; expires=Fri, 18-Nov-22 11:21:01 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c0260639310cd3-LAX
webmail.grupomoxin.com.do/skins/gmail_plus/assets/styles.css?s=1656346497
162.215.3.16200 OK 4.3 kB URL HTTP/1.1 webmail.grupomoxin.com.do/skins/gmail_plus/assets/styles.css?s=1656346497
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 14ee6e627166b99379a17e84998054aa
c301d0eddef7d873f34ecd39812d84a0b070ff61
77f4cd71c80f04f8751b08f6a5798306a5f2bbb5d1c179331100d7f32215c675
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /skins/gmail_plus/assets/styles.css?s=1656346497 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:57 GMT
Vary: Accept-Encoding
ETag: W/"62b9d781-73ed"
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Expires: Fri, 18 Nov 2022 14:51:01 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=zTqtLMTtTMJCAlyHWrTiUerB0XswalQaxhtknPOqCt4-1668768661-0-AdBDYC6EyOcUzTWM7ixO5Jz0dIhUQZpMMDz7tbLn9bqHKu2miDQKYbvDXHbIaVS5PY2IhN9SV7dm/ZZeQCJx2ss=; path=/; expires=Fri, 18-Nov-22 11:21:01 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c026071a327a93-LAX
webmail.grupomoxin.com.do/plugins/xskin/assets/elastic_styles/styles.css?s=1656346491
162.215.3.16200 OK 2.0 kB URL HTTP/1.1 webmail.grupomoxin.com.do/plugins/xskin/assets/elastic_styles/styles.css?s=1656346491
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d508f9776b90e3499a954b3430d28345
6c1d0b11c3af82b45c6f4250ee8b76786200a953
d9c7030be5facb4b562a204d46241df63f945cc131ac0dbeb30cde5b3c81bc62
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /plugins/xskin/assets/elastic_styles/styles.css?s=1656346491 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:51 GMT
Vary: Accept-Encoding
ETag: W/"62b9d77b-22af"
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 4088
Expires: Fri, 18 Nov 2022 14:51:01 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=28ZHyRs8i7_k0XWJNQB45xfUI096avjhwcnqEJA6o9o-1668768661-0-AV06WRHSpldZi67f8sAaqO2M71tQCGGrElL+Zx7DL5dNUsDE7X2k6OKZIuejKbBii0UW3y1Edw20lE1pf346ovg=; path=/; expires=Fri, 18-Nov-22 11:21:01 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c026076eb60d10-LAX
webmail.grupomoxin.com.do/program/js/common.min.js?s=1656346492
162.215.3.16200 OK 4.9 kB URL HTTP/1.1 webmail.grupomoxin.com.do/program/js/common.min.js?s=1656346492
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1382)
Hash 0757740af68a9185a87740075401568c
e2078fc5bbecb750b27731eda7838bad082404f5
a6d65d0126ca91488d096bed94f3ffd9b81272b6a072a93bbc99e2566af1236d
Analyzer Verdict Alert quad9 Sinkholed
GET /program/js/common.min.js?s=1656346492 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:52 GMT
Vary: Accept-Encoding
ETag: W/"62b9d77c-3376"
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 467
Expires: Fri, 18 Nov 2022 14:51:01 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=TB97lxfg_UyLXXtmmYmil1Vy0iLt0j7pdygHPYAhso4-1668768661-0-AW5qAZ++w4hCSIhGvhNVguEho6bZ8Oghcu2pmicoubwe3pfA/1o9QwRSIru6OJh0m5wkGaJ7ZPn14gFIc0X5Nm8=; path=/; expires=Fri, 18-Nov-22 11:21:01 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c026092f6f7d65-LAX
webmail.grupomoxin.com.do/program/js/jstz.min.js?s=1656346493
162.215.3.16200 OK 4.9 kB URL HTTP/1.1 webmail.grupomoxin.com.do/program/js/jstz.min.js?s=1656346493
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (12020)
Hash a4008d24a2ff374b7cf52d75e1040dc6
2822ee92f22e56166f053af1d6f995c7576cc7a6
70f35fc1fe49ef7b710165c172772c1eb2cf752291ec3f4318cc70eeed21cb04
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /program/js/jstz.min.js?s=1656346493 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:53 GMT
Vary: Accept-Encoding
ETag: W/"62b9d77d-350a"
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=QjOoq5o5pgtp4Q8RTTcODM2SKCWciqGR_dGZnu7nwAI-1668768662-0-AQLnIMhGVk0DQvXpMbqi4GRyR3c28MqY21OexUYUqYbtg6MfT+R08SQtzEs3VuAgtwvG2lE1kjzP1h+wIC6zJ+A=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c026095e9852d1-LAX
webmail.grupomoxin.com.do/program/js/jquery.min.js?s=1656346493
162.215.3.16200 OK 32 kB URL HTTP/1.1 webmail.grupomoxin.com.do/program/js/jquery.min.js?s=1656346493
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (64001)
Hash da8fc51506b0be225f3579e40dbc77bf
c3eed487cca8c30549a949f7accca551509a44b1
d35e95e00e248a6624547c5d5603f3b20dd25c85e2e0d89bad968e31e463ebdc
Analyzer Verdict Alert quad9 Sinkholed
GET /program/js/jquery.min.js?s=1656346493 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:53 GMT
Vary: Accept-Encoding
ETag: W/"62b9d77d-15dfb"
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 467
Expires: Fri, 18 Nov 2022 14:51:01 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=OIqlWNIvXGV2sQjVHwEbzSkSEwH7MOMoEd6WR2VYTGk-1668768661-0-Ael3sPEBoruOFUy7Ciw6XkFLsz5n6/XqnmMRgtrneIa9x0WhDxsTTKoeqsdekkxSQl0K99NEu+23OZzcGWnXPQo=; path=/; expires=Fri, 18-Nov-22 11:21:01 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c0260919567bd3-LAX
webmail.grupomoxin.com.do/plugins/xframework/assets/scripts/framework.min.js?s=1656346484
162.215.3.16200 OK 3.5 kB URL HTTP/1.1 webmail.grupomoxin.com.do/plugins/xframework/assets/scripts/framework.min.js?s=1656346484
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (12118), with no line terminators
Hash f64f6ba20e38d3a5fdab64f17f3f8919
efc4ce182e61bb763b4f8aaa2571533d452034d8
c7cd8375f6c03422f5314b377a180cdeafdb7232f5f3b0a2ebb044a6ee9aa336
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /plugins/xframework/assets/scripts/framework.min.js?s=1656346484 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:44 GMT
Vary: Accept-Encoding
ETag: W/"62b9d774-2f56"
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 4089
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=kVXNTHiA42i9TBaI5hDWVNx8KQHI326CC.FbhvH3HLM-1668768662-0-AdIyrAd+uvrdmCq5ah4f6zv7xlK0vM+VERf4HM2cy/EMcXOrBulxoPShFEpikSW1sImm5aAafFQji+/PnePM4yk=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c0260a8cb40d40-LAX
webmail.grupomoxin.com.do/program/js/app.min.js?s=1656346492
162.215.3.16200 OK 49 kB URL HTTP/1.1 webmail.grupomoxin.com.do/program/js/app.min.js?s=1656346492
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (690)
Hash 0bd9d62546d6f8472f02a3294b6c982e
3beb8d052ca693b2d28a2b8f10ed9295a8b2b6f4
caae90b6153e15e6d72465e1b1dabb4fb653ce80e5d2d06b93b5c3879672f582
Analyzer Verdict Alert quad9 Sinkholed
GET /program/js/app.min.js?s=1656346492 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:52 GMT
Vary: Accept-Encoding
ETag: W/"62b9d77c-29fd8"
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=3G6weSC9ovtZ.56Mu3OReZ2kf26AfU_ThY3TpzpcR6U-1668768662-0-AbFnpNW1qyikuT6zXqGa1ZNZTY07j5eN/KoJYUvHuMJPpzIHxSK58eFGfhWDo09dldZU5Qjd6pj1zCbgYkEjG5k=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
__cflb=0H28uvCS3AcYQweMTgxjwBAhYMqzb6Z8FSaaGvCM8J9; SameSite=Lax; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; HttpOnly
CF-RAY: 76c026094ed05239-LAX
webmail.grupomoxin.com.do/plugins/xframework/assets/bower_components/js-cookie/src/js.cookie.min.js?s=1656346479
162.215.3.16200 OK 1.0 kB URL HTTP/1.1 webmail.grupomoxin.com.do/plugins/xframework/assets/bower_components/js-cookie/src/js.cookie.min.js?s=1656346479
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1791)
Hash ace296f296809eacfa90e00cd48d7b1e
fd728e22001ff7a277d3c51e1c16b044785a4553
c16d58b0a4b303bd2b304378fc024e3be469b9e8231aaacd7e889e0c1672b80d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /plugins/xframework/assets/bower_components/js-cookie/src/js.cookie.min.js?s=1656346479 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:39 GMT
Vary: Accept-Encoding
ETag: W/"62b9d76f-7a4"
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=6q7hs3EjLKGNSauYP3H14fZ5yIz9ThdTxjNKPxU6S8Y-1668768662-0-AYOMhgreCqW7z6cG4vDWJXdJ8teJkDJD98YgJ6j5kdYaw6Tgrj+1eFraFv1hoOOcM5gI2yfjtKpDjWsOb/kelNw=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c0260a89dfdbcc-LAX
webmail.grupomoxin.com.do/plugins/xframework/assets/bower_components/howler.js/dist/howler.min.js?s=1656346477
162.215.3.16200 OK 9.5 kB URL HTTP/1.1 webmail.grupomoxin.com.do/plugins/xframework/assets/bower_components/howler.js/dist/howler.min.js?s=1656346477
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (26058)
Hash 092b3a650a8da5a0a44f68c664ab70f5
b502de355a92e0e4c2038d142e11a4de634e2cda
0ad54e2728709b5aa59036e77b05a91e2b20f766b2b5803a3090c8a3afb3ed53
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /plugins/xframework/assets/bower_components/howler.js/dist/howler.min.js?s=1656346477 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:37 GMT
Vary: Accept-Encoding
ETag: W/"62b9d76d-8a48"
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=rqGpRQx7qoZUjPVZP5XUPQes3O0fz0dJ7waPQ.yTEl8-1668768662-0-AcREzt94W1wpqXNZhcquejwsHxFDAZYIak+RPkqJiGqDqz7RSCS/wGK2PhJm3win6Kezi6HSl2ZZogiwXf/Q71I=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c0260befad5301-LAX
webmail.grupomoxin.com.do/plugins/xskin/assets/elastic_scripts/xskin.min.js?s=1656346491
162.215.3.16200 OK 1.1 kB URL HTTP/1.1 webmail.grupomoxin.com.do/plugins/xskin/assets/elastic_scripts/xskin.min.js?s=1656346491
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2521), with no line terminators
Hash 8416dcc50dc909e7a7076f30b0e84602
bcca9d0de44c3acb846f20a125e757d086c266da
0c3f201ec08a8100e533ccc2e9bc0706b8f4da3e56b74bf5603580a557f6c03e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /plugins/xskin/assets/elastic_scripts/xskin.min.js?s=1656346491 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:51 GMT
Vary: Accept-Encoding
ETag: W/"62b9d77b-9d9"
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=I7m.4P_GUMCTH7v5_GafgK7wrjWTWZ.Pcso8zG5db0U-1668768662-0-AbQconXpYqo/2g98xVKMrfRkoa7CG1ltrFml4QyUnrCl7PIQuUlQALq82o3nqbuBm3zi8rSG6hBqjcDulnJ3RjE=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c0260ae8a17a99-LAX
webmail.grupomoxin.com.do/skins/gmail_plus/assets/scripts.min.js?s=1656346497
162.215.3.16200 OK 225 B URL HTTP/1.1 webmail.grupomoxin.com.do/skins/gmail_plus/assets/scripts.min.js?s=1656346497
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (324), with no line terminators
Hash 0751b48a24b936c9551806dda8919f51
3d0c747d56a86516359c3affcef80faa78121725
6cacbc577a67aa76b9b130136043884dd6cd86ed747b2c6e85df6662ef34d0aa
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /skins/gmail_plus/assets/scripts.min.js?s=1656346497 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:57 GMT
ETag: W/"62b9d781-144"
CF-Cache-Status: HIT
Age: 4089
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=Hpt4GupCamJfJko2d.g.QWCys8iDvxG1yzEu55MC_Co-1668768662-0-AZw1IWWQnueWGGyX27s4mAJrC1oADONg4pMRV6qEq+AgjuksDlS4mZl2aC49r2Qi9XNtjsPqhbNZuJFadxOcWzw=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
Vary: Accept-Encoding
CF-RAY: 76c0260b3dfe7ca1-LAX
Content-Encoding: gzip
webmail.grupomoxin.com.do/plugins/jqueryui/js/jquery-ui.min.js?s=1656346460
162.215.3.16200 OK 70 kB URL HTTP/1.1 webmail.grupomoxin.com.do/plugins/jqueryui/js/jquery-ui.min.js?s=1656346460
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (33303)
Hash d7b7936f0a381e31cd8fd7e183bdeaae
010a48d26a3a353090f3230b96cc74ac46119a2c
962e92932d96267695c7e9028ef0ad387c608c2de5e6e2d95a60347bb54090cc
Analyzer Verdict Alert quad9 Sinkholed
GET /plugins/jqueryui/js/jquery-ui.min.js?s=1656346460 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:20 GMT
Vary: Accept-Encoding
ETag: W/"62b9d75c-3f6c0"
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 465
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=27Me3tlJtD_7u1FTN0s.MGkC5Wc_0cQCuclkIIGzp5Q-1668768662-0-AW7F5eVSnjkpuimF1uLUfqRPiz0vJf675Xk73suMWwoX7k2tJpFrAO7WU2eja/UGHMEnH3+DopluK6RpblGTfbE=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c0260c5e807e02-LAX
webmail.grupomoxin.com.do/skins/elastic/styles/styles.css?s=1656346497
162.215.3.16200 OK 20 kB URL HTTP/1.1 webmail.grupomoxin.com.do/skins/elastic/styles/styles.css?s=1656346497
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65536), with no line terminators
Hash fc2115b90a41c8ae6ae25443559f7bee
507c306ba6d9fd058d81df627969baf678a4f8c3
745b48b00e57b824e571af25839954f05fc6b644369b9034245afcb6448f3915
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /skins/elastic/styles/styles.css?s=1656346497 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:57 GMT
Vary: Accept-Encoding
ETag: W/"62b9d781-194ab"
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=v0AD1BdiWtDy8OuZ1s74OoiYhIQ7TVjHxEcP_fCjfmM-1668768662-0-AesFEoycqT9JAnlFKi8rQPa0ZeV+8UMgl6MBYp8GwiH88O4ODNHRiFnIVSmS1j3U6qo1iuZxSxU3xSRbpC1h6UE=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c0260c7da97cf7-LAX
webmail.grupomoxin.com.do/plugins/xcalendar/assets/scripts/common.min.js?s=1656346470
162.215.3.16200 OK 1.2 kB URL HTTP/1.1 webmail.grupomoxin.com.do/plugins/xcalendar/assets/scripts/common.min.js?s=1656346470
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3057), with no line terminators
Hash 0a1fb378330792374866ed2b91fee9c7
68d64c1e3373b978e2068fb66bd764e6d0ab512e
60afeea7a58e01dce2697e7e1b429d413981934217fa9ebbd4130540c72f861c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /plugins/xcalendar/assets/scripts/common.min.js?s=1656346470 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:30 GMT
Vary: Accept-Encoding
ETag: W/"62b9d766-bf1"
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=wMkX.jTa8__ke.GikR.RmL_rvpzVFZ3e7AivaHXpuic-1668768662-0-Ab+tjwbvhPUTiz8WHyh/p5Lxap3LfZ8ckWscMjG9BuHmhLNtWw3UAYpfHVh6Lg3Rz0HSpcBfKBfJPquGP8GK1KI=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c0260c3ca6520e-LAX
webmail.grupomoxin.com.do/plugins/skins/skins.css?s=1656346463
162.215.3.16200 OK 404 B URL HTTP/1.1 webmail.grupomoxin.com.do/plugins/skins/skins.css?s=1656346463
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 23bf506621ce8a74f5af612b1c4e125f
5c13b25fa756a3e886311ec3d5afa8d25dc69775
5e043e7769097457a4393566799041dfad302dec27a7ae388692ea4dc34a24a2
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /plugins/skins/skins.css?s=1656346463 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:23 GMT
Vary: Accept-Encoding
ETag: W/"62b9d75f-5ce"
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=IxeR56eg7nSeZYYDbonZQ2j1dGfxzykYsLoIGgjEiSM-1668768662-0-AUbNq83UuXECCRAhxlBPtQYb3eNzkSD4XKtada3t3KNVJ07hOWacvzxmYrTQgAQz35X8Q7DIgSuoLDIm9ftln8s=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
__cflb=0H28uvCS3AcYQweMTh9MnXCdaZL9ca1PGce9CL6T9Dw; SameSite=Lax; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; HttpOnly
CF-RAY: 76c0260dcdf47e46-LAX
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15050
Expires: Fri, 18 Nov 2022 15:01:53 GMT
Date: Fri, 18 Nov 2022 10:51:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15050
Expires: Fri, 18 Nov 2022 15:01:53 GMT
Date: Fri, 18 Nov 2022 10:51:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15050
Expires: Fri, 18 Nov 2022 15:01:53 GMT
Date: Fri, 18 Nov 2022 10:51:03 GMT
Connection: keep-alive
webmail.grupomoxin.com.do/skins/elastic/ui.min.js?s=1656346497
162.215.3.16200 OK 19 kB URL HTTP/1.1 webmail.grupomoxin.com.do/skins/elastic/ui.min.js?s=1656346497
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (597)
Hash 840b5b936fc7897849c5a9fad5e71c21
4f675ac3c8f2af52fa611420a4a678b252be468d
2859d05159ed502c6c454a510a1319e43a6c2730a7f8e8ef7d7360df55d9b719
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /skins/elastic/ui.min.js?s=1656346497 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:57 GMT
Vary: Accept-Encoding
ETag: W/"62b9d781-eb07"
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 458
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=N5G0pLAUSnMVQGOmdU0aiLUcE7ater6M8.5iot0tUHg-1668768662-0-Abg6B3FLNVmu4ywvMNAs9xRhOsBTGLJLy5Jt7HRG+su+FG4fLNCgv7rWE3+6eK82e4FgUIg9scgTRO4ymrc4Ta4=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c0260f39d40cef-LAX
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15050
Expires: Fri, 18 Nov 2022 15:01:53 GMT
Date: Fri, 18 Nov 2022 10:51:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84053cb2-edec-465e-8700-6af61bae8236.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84053cb2-edec-465e-8700-6af61bae8236.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 676b1603008690786aa36dc3113b7581
cbdc425467a5d41aba5e8e5c54354b4f03cd194a
7e5e7bf695ff31df6c97e502a44f4fa9197c6579b0c7a7c590457ea067d1cf1e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84053cb2-edec-465e-8700-6af61bae8236.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8155
x-amzn-requestid: 5650af50-eb93-47d9-8322-8a2e263e12ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-7vFU5IAMFYGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7e-759bbd5b5a22e07c1c181c0a;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: VikBDm5_Bqbs0gLFkhbT6H3i6t57bnC0Xq-gkiJBILQ8Ynw_7RqWNA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:55:43 GMT
etag: "cbdc425467a5d41aba5e8e5c54354b4f03cd194a"
content-type: image/jpeg
age: 46520
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
webmail.grupomoxin.com.do/plugins/xframework/assets/styles/elastic.css?s=1656346484
162.215.3.16200 OK 27 kB URL HTTP/1.1 webmail.grupomoxin.com.do/plugins/xframework/assets/styles/elastic.css?s=1656346484
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 3befdb783cad683b61b2735c1344bcc0
7f51d38884f28418822196ba46a9702bab7a0cf9
509a8ea29f719cd5c0d7cb9eebef1802cac91e45a3448b70f7789ed7e3c67996
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /plugins/xframework/assets/styles/elastic.css?s=1656346484 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:44 GMT
Vary: Accept-Encoding
ETag: W/"62b9d774-6a64d"
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 4089
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=iG4c1kWXMp5pQsz2jWZLTr3oCtPt9wNtFoHNxztQ6yU-1668768662-0-AQmc4Oye5AeRYRFxigGZ/CUtGMVgaCuAWIWC6MXlW4lx3kxlDoWc8sxW6zvx6KUIqweuIUtZhShrGtj/VuuFQa0=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c0260e387c7ce5-LAX
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd5bdc050716bb76afe8090fc81617e7
5109c156b180727767fc03c411190ccc0d3fb5fc
9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZLWa-RphwZqiAmeqffmEE8Mmfsfs9ZYz0bmANBEc5Ru1--VKDL4Fsw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 15:59:54 GMT
age: 67869
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05289172c1455c4134e496c6f4606efd
ce1bb33256b0754f9acc01e7e9f3e5dc85f89244
a8b4411a0310cc376efe2aec7c0830b8d3b63b8827631b0ff43ec092f1f80f82
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9672fb80-baaa-4ab8-b080-dc8c1ce94400.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12065
x-amzn-requestid: 45c97153-71c7-4985-a1ad-fc21a509d153
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-K5FyVIAMFtDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa45-0f9d22dd544a4580570f3089;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dxT2WJB7m5tUhgBn2PwTIN4Zskzm3X7CW-29hl1nCyNPbKt5j6q5iA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:55:27 GMT
age: 46536
etag: "ce1bb33256b0754f9acc01e7e9f3e5dc85f89244"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d9d6315-de31-43b3-8c19-dc3528c7eefe.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d9d6315-de31-43b3-8c19-dc3528c7eefe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 158a07cdb0174c0cf0c2473cb069a459
46753b0476f8a272a047b07070db272a0fd3b42e
40bacc15755d920085e52af0bc9f6e8eac0379a31765f6ba72cf53546e296a2e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d9d6315-de31-43b3-8c19-dc3528c7eefe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5917
x-amzn-requestid: 47ec37aa-10ef-4e35-a76c-301d34e4a102
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw9VaHt9oAMFpIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376a8ef-6eb9776b4df9facd0f19c974;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:34:39 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qReov2_mDTOantzcbI8dBALwKBsq58MGL2yHuJwk0DxNL7um6T_M1g==
via: 1.1 76dcc62b68091cc715d50b5017be77fc.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:55:57 GMT
age: 46506
etag: "46753b0476f8a272a047b07070db272a0fd3b42e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd2b71261-68cc-40d8-9fce-033095c5889d.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd2b71261-68cc-40d8-9fce-033095c5889d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f22c78eb5d83b4a108e0fff0806ff1a1
7e246b0b4697140ae7429aeff92aa16ab88dd6f6
1afadc1fb89b5a321e067893609c154b6d7dbd39123d15883c799aab6214cd4a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd2b71261-68cc-40d8-9fce-033095c5889d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9661
x-amzn-requestid: dcff71d8-a6ac-45f2-acc1-e14314334495
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-7RHGAIAMFSOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7b-3598a746247615de161878e3;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:31 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: uxIoQVo_hTa5HkJ49W9gOdjJAXrLYwHglvZHsrfoOJFViGFAUuXKBw==
via: 1.1 bd6f70221217681265382902c6157c76.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:53:43 GMT
age: 46640
etag: "7e246b0b4697140ae7429aeff92aa16ab88dd6f6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d0b6106f00f9fd8b89c2d484a559a1a
399ac393209dcdac7d2188d7aa8d95f04570ef7c
5d8151c9eb558f4a2b8bd2952c6845606ddb0c27e36f6e49aca7e60908cd9fe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3759
x-amzn-requestid: 8c91ac59-89dc-4218-b69f-0cebb29f301b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-wJHgxoAMF-hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab33-4dac305614a92bc52c038222;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:44:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mb2-PTjNmt06Wd5jOjQ5WoLY-0NgI80CKPXtwgzBt4n5km8Pu_WN0Q==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:50:49 GMT
age: 46814
etag: "399ac393209dcdac7d2188d7aa8d95f04570ef7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
webmail.grupomoxin.com.do/skins/elastic/deps/bootstrap.bundle.min.js?s=1656346496
162.215.3.16200 OK 22 kB URL HTTP/1.1 webmail.grupomoxin.com.do/skins/elastic/deps/bootstrap.bundle.min.js?s=1656346496
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65297)
Hash 3eb212f2b1dda092a7243e02fe6b0bf4
7aa475aab4926aa9f099c47e7f90c30ef91ffbb3
78d8a3d420d07e59c76c14f407121ef5ed83165f6070cd2d0b55afdbe1ea9ab2
Analyzer Verdict Alert quad9 Sinkholed
GET /skins/elastic/deps/bootstrap.bundle.min.js?s=1656346496 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:56 GMT
Vary: Accept-Encoding
ETag: W/"62b9d780-132fb"
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 458
Expires: Fri, 18 Nov 2022 14:51:02 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=NJVhoAYT00ur4eu03MzltaKxbY4LpGf3W0u.9Sb7DsM-1668768662-0-AUSZe6kFifcTUWFUz2NDD4a8pPRP6z9OhI1rL/xzBieFL1UbckDBQj7ChJnZf+ZLbP9KeJusYs0t482jgumop8M=; path=/; expires=Fri, 18-Nov-22 11:21:02 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
CF-RAY: 76c0260e5eca7b08-LAX
webmail.grupomoxin.com.do/skins/elastic/images/logo.svg?s=1656346497
162.215.3.16200 OK 783 B URL HTTP/1.1 webmail.grupomoxin.com.do/skins/elastic/images/logo.svg?s=1656346497
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (1612)
Hash 16c0d6e76d50ca018bb44726cbccf8c8
514cab5354c96b6c35585c5cbfe051f5954cb5b1
44df2be7ac48f9f79502b71df7e47cebef80185a83cd7bc2f1162d2a52d9d35e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /skins/elastic/images/logo.svg?s=1656346497 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgmv5q237zshfA1HR4A2B1W4vUu
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:03 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:57 GMT
ETag: W/"62b9d781-81a"
CF-Cache-Status: HIT
Age: 459
Expires: Fri, 18 Nov 2022 14:51:03 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=TQqyQn.vqI5M_NleNQG7I6oaXECS7z_bsaFrHDGX1HQ-1668768663-0-AYTRAQHycUqKfz5/5C86GtNWjo64zzlQ1lF49Tj/OROBk8NwmMy11VyGsvgZsFZGIYkPT5PvYDtcVMBQPx44Fls=; path=/; expires=Fri, 18-Nov-22 11:21:03 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
Vary: Accept-Encoding
CF-RAY: 76c026110b6f7bd9-LAX
Content-Encoding: gzip
webmail.grupomoxin.com.do/login-backgound.jpg
162.215.3.16200 OK 16 kB URL HTTP/1.1 webmail.grupomoxin.com.do/login-backgound.jpg
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1920x1200, components 3\012- data
Hash 39e5463b5e72af036c523562d4d9a207
53e4b98c13033ad67093cf47909dc7814064d25a
38d0889576a6dcaf264c37c92b8dd22f9835c5890788e92bcf28301ca7729f29
Analyzer Verdict Alert quad9 Sinkholed
GET /login-backgound.jpg HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTh9MnXCdaZL9ca1PGce9CL6T9Dw
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:03 GMT
Content-Type: image/jpeg
Content-Length: 15571
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:16 GMT
ETag: "62b9d758-3cd3"
CF-Cache-Status: MISS
Expires: Fri, 18 Nov 2022 14:51:03 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Set-Cookie: __cf_bm=0_fT96e.cGSgWwlIYpe4A6hwHGptlvaH3wcO__pEnpA-1668768663-0-AVcCq5SQIS8Cmm+IVGCNW/UIWS17waosMNRG66kaB+EaRJFRe3iKmk6WwMIrcfDD8egPVkF0kIOLg7qiDldb598=; path=/; expires=Fri, 18-Nov-22 11:21:03 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
__cflb=0H28uvCS3AcYQweMTh9C9rwA1YCjhcykMxERJGzznah; SameSite=Lax; path=/; expires=Fri, 18-Nov-22 11:21:03 GMT; HttpOnly
Vary: Accept-Encoding
CF-RAY: 76c026120e467d6a-LAX
webmail.grupomoxin.com.do/skins/elastic/fonts/roboto-v19-regular.woff2
162.215.3.16200 OK 51 kB URL HTTP/1.1 webmail.grupomoxin.com.do/skins/elastic/fonts/roboto-v19-regular.woff2
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format (Version 2), TrueType, length 51116, version 1.0\012- data
Hash 9549360090baf2eb8b25d3a9708fc19d
3229ae839d33696d39c89dc0d3e193fe985f1da4
a7bf1f115e60e0c8f3b335df66d4d77baaae4eb11d2cea2cf7c5b4693403a46f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /skins/elastic/fonts/roboto-v19-regular.woff2 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/skins/elastic/styles/styles.css?s=1656346497
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTh9MnXCdaZL9ca1PGce9CL6T9Dw
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:03 GMT
Content-Type: font/woff2
Content-Length: 51116
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:57 GMT
ETag: "62b9d781-c7ac"
CF-Cache-Status: MISS
Expires: Fri, 18 Nov 2022 14:51:03 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Set-Cookie: __cf_bm=pX9x9B6FNVrh6nauq9q1mxkIPqB1li12QFngsqDv35Y-1668768663-0-AZsSdxbH3URHFlrFxjj/niiTnB33MLR89MoYUebGyWe/zRqzraW9Oo1PGxtUQMFRo1YZDIyfHI6saOtMdeZSaVw=; path=/; expires=Fri, 18-Nov-22 11:21:03 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
__cflb=0H28uvCS3AcYQweMTgnFGmvY2YTzH4J2YTL3fSbKyr5; SameSite=Lax; path=/; expires=Fri, 18-Nov-22 11:21:03 GMT; HttpOnly
Vary: Accept-Encoding
CF-RAY: 76c02611ddda7ea1-LAX
webmail.grupomoxin.com.do/skins/elastic/images/favicon.ico?s=1656346497
162.215.3.16200 OK 1.5 kB URL HTTP/1.1 webmail.grupomoxin.com.do/skins/elastic/images/favicon.ico?s=1656346497
IP 162.215.3.16:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 64 x 64, 8-bit/color RGBA, interlaced\012- data
Hash 090a55a670f747a8b7223279dda5736f
6e34699f74ee073a118cef8e4b039b2d24796bef
93a73bccfed2b001109e0241a7dca68e0ae2331e1b37545049a76e70ca535cdb
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /skins/elastic/images/favicon.ico?s=1656346497 HTTP/1.1
Host: webmail.grupomoxin.com.do
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Cookie: roundcube_sessid=i93mlctarsssu65otu0o6819n6; __cflb=0H28uvCS3AcYQweMTgnFGmvY2YTzH4J2YTL3fSbKyr5
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 18 Nov 2022 10:51:03 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 16:14:57 GMT
ETag: W/"62b9d781-5da"
CF-Cache-Status: HIT
Age: 4088
Expires: Fri, 18 Nov 2022 14:51:03 GMT
Cache-Control: public, max-age=14400
Set-Cookie: __cf_bm=vrXoEYcze_YlynMOQYK_6tMiE07jXGjf4hrecvPm4Cg-1668768663-0-AT/CeoJHU6fsp5ziz8vqxdiIeKUCnM95za4735IkU9S9KZbY31Ce+Ha4fbf+0OUvdjVLmlRAAb27QVn9B1MqCwc=; path=/; expires=Fri, 18-Nov-22 11:21:03 GMT; domain=.mailhostbox.com; HttpOnly; Secure; SameSite=None
Vary: Accept-Encoding
CF-RAY: 76c026148bed7da6-LAX
Content-Encoding: gzip
fonts.googleapis.com/css?family=Merienda&subset=latin-ext
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Merienda&subset=latin-ext
IP 142.250.74.10:0
GET /css?family=Merienda&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 18 Nov 2022 10:51:01 GMT
date: Fri, 18 Nov 2022 10:51:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Cairo&subset=latin-ext
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Cairo&subset=latin-ext
IP 142.250.74.10:0
GET /css?family=Cairo&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 18 Nov 2022 10:51:01 GMT
date: Fri, 18 Nov 2022 10:51:01 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Sarala&subset=latin-ext
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Sarala&subset=latin-ext
IP 142.250.74.10:0
GET /css?family=Sarala&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 18 Nov 2022 10:51:01 GMT
date: Fri, 18 Nov 2022 10:51:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat+Alternates&subset=latin-ext
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat+Alternates&subset=latin-ext
IP 142.250.74.10:0
GET /css?family=Montserrat+Alternates&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 18 Nov 2022 10:51:01 GMT
date: Fri, 18 Nov 2022 10:51:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Quattrocento&subset=latin-ext
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Quattrocento&subset=latin-ext
IP 142.250.74.10:0
GET /css?family=Quattrocento&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://webmail.grupomoxin.com.do/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 18 Nov 2022 10:51:01 GMT
date: Fri, 18 Nov 2022 10:51:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2