{"report_id":"d4372019-ed3c-4282-9537-ebba615b618d","version":6,"status":"done","tags":["zimbra","phishing"],"date":"2025-05-25T15:42:47Z","url":{"schema":"http","addr":"webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":0,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"webmail.gorge.net/?RelayState=%2Fmodern%2Femail%2FInbox%2Fconversation%2Ftwitter.com%2Fshare%3Furl%3Dhttps%3A%2F%2Fcatalystpet.com","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"title":"Zimbra Web Client Sign In"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-03T15:42:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"webmail.gorge.net","ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"domain_registered":"1995-02-08","domain_rank":0,"first_seen":"2025-05-25T15:42:48.408787Z","last_seen":"2025-05-25T15:42:48.408787Z","alert_count":19,"request_count":19,"received_data":5038628,"sent_data":8778,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cas.neonova.net","ip":{"addr":"137.118.7.42","port":443,"asn":6250,"as":"NEONOVA-NET","country":"United States","country_code":"US"},"domain_registered":"1998-06-19","domain_rank":571223,"first_seen":"2012-07-13T15:31:12Z","last_seen":"2025-04-16T03:30:08.824681Z","alert_count":0,"request_count":1,"received_data":9719,"sent_data":416,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"webmail.gorge.net/modern/scripts/zimbra-locales/locale-template-en_US-json.e300b3bb.chunk.js","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c85e8d11bf385031367b6e51ef25cf52","sha1":"6658b57d365075e6a37fa3633965e2d86d782f78","sha256":"77ec0318ff29cf9a32ac0ba6f951a820c301d942dcf73b1386acecd7d0a93975","sha512":"257b2d825d4b8562af8a3c414b2e3f1459eb708ea74a2825c21f6c48c534a364bf0105ceefe25f015083ce7e1c623014ce236650d507f78cd4bbafd1c01645b4","ssdeep":"","tlshash":"cc21ad2d93743e9a9aee97c03498da422fe82246dd1c4985c37cdb0f13dab396901668","size":1293,"data":"","first_seen":"2025-05-25T15:42:53.982774Z","last_seen":"2026-01-29T04:40:04.501308Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.gorge.net/?RelayState=%2Fmodern%2Femail%2FInbox%2Fconversation%2Ftwitter.com%2Fshare%3Furl%3Dhttps%3A%2F%2Fcatalystpet.com","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"introduction_type":"eventHandler","is_inline":false,"md5":"8330d67045d053b17fa969ef2bdb5e54","sha1":"041174325b27a7b4d2d1b1a0e353fa82d1cb6431","sha256":"ceecf99c8bd1f6e5f89a26d3b40e009d48860d674231297254ff75d817b9a883","sha512":"74d90352264865f9903b3845c8d7c001ae7efeee02016907f39d1726f12a1f33903ebeeed1d3643de50ff4919cd819a4e419a918b584a3950f2a4ff9ca7bb1f3","ssdeep":"","tlshash":"e7500000030030c00300000c3000000c000000c30003c000000000003c300000030030","size":9,"data":"","first_seen":"2023-04-11T04:37:13Z","last_seen":"2026-04-03T16:34:55.381603Z","times_seen":3693,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.gorge.net/?RelayState=%2Fmodern%2Femail%2FInbox%2Fconversation%2Ftwitter.com%2Fshare%3Furl%3Dhttps%3A%2F%2Fcatalystpet.com","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"14d2c51d7bccb7367d195e6586374efa","sha1":"53ae9803db0e5e597caa05477ecd814d8c56e3f1","sha256":"bc5614df019b24db1b91b6bb9c8fdf5bdb519591dc94b9f0a82cf363676d9c71","sha512":"a509eaa7a1197ffebc102e889aba2db6b30b4d369f429fbf1533359a6bf40d419e920f6984f6c93cd2dca42d7b3b785c9b950324b3fc2dd9f5fded1f890fd8d1","ssdeep":"384:RKUT4ObYXhl2Ei0m5HDpupShi4i2iZi5iFieigiMiniHiNJci8ii:RKUT4Ob6tc/oVHgA0v9BiCNJRxi","tlshash":"b27287ba35ea18510aa770bc89df111834b098171009df047dfc91a87fb5e7a16a7bfe","size":16535,"data":"","first_seen":"2025-05-25T15:42:53.985756Z","last_seen":"2025-05-25T15:42:53.985756Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/scripts/3723.79403834fd65adf3ffd4.js","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d99c42cdd91d41b077358f3b5531c879","sha1":"11eaaadda743b023787fb44423d9b87343376a02","sha256":"bddbc416521fa7e8cbc40991e3abf09845aa08b41e429a6760f682880bcdd104","sha512":"07696f7d6acee323c147da5701d6afebb9b8de6297df877e5afd1a8b306aa512aef1602c610c14ed7a292825030a2233da436a0cfcf5830798988c62118b644f","ssdeep":"49152:Wqib0a1mq1de5xHwpyOxat59kZEzzeMbeP:I1U5xHwb7","tlshash":"69b5db68351af3948909c0d3f9377c84d1e8d19aa08b10d16f7457f78ab174aeaadf23","size":2373823,"data":"","first_seen":"2025-05-25T15:42:53.961201Z","last_seen":"2025-05-25T15:42:53.961201Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/scripts/bundle.445e8d14e663fe1aa746.js","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7276aa9d222a5baa99e20fec31fbcbae","sha1":"a1edebd7dd3fdf20de15bf58ca18382e784ff080","sha256":"9e80a7c7f5afa6cfcbf6731fe53b17807e4f709cb41f4b4ecb7aaaace38f1497","sha512":"0e2392fc7cfa5cd832d6e05d9bf351103623f04fe3c9e784fd082039b31b898431d9f60b69bc47c5af76638314067aa176634df90e23b4caadc6f167818fd870","ssdeep":"49152:obTYdH9HHWmC5rs1/RPG0jCv/oo+4Wk82K:tdL2K","tlshash":"bc853cae7054b5b50de7c7b2c05b940031f56a3a308a88e4b178e98e5dbd84d7663f3b","size":1834750,"data":"","first_seen":"2025-05-25T15:42:53.953268Z","last_seen":"2025-05-25T15:42:53.953268Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/scripts/indexeddb-storage.c9d72a6c.chunk.js","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9637dd512e2effe5697762f11462ebf9","sha1":"7193407dac44dc5b455d1118e49c63d29045db22","sha256":"39d5a55abe594cef8769c896e44079add0ee05fb0e12febd9ec6f84da6c05fd6","sha512":"685b0ffcac27f77f457dc5e8b58ed67efe587c571340525bb47f4d1551a67abbe362e1b22dd006776599d0134a3013bee1ce1f04d1c3d668f30a15b0d930a6a2","ssdeep":"","tlshash":"9f219bc536c4b52923abe470c4afc065e33f6489580f48b4f30aead57e754ec661b978","size":1127,"data":"","first_seen":"2025-05-25T15:42:53.970522Z","last_seen":"2026-01-29T04:40:04.500228Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/scripts/zimbra-locales/moment-locale-config-en_US-js.70aaff07.chunk.js","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"788ecac7a34903968a973688cc04c63e","sha1":"d6eda13a2981c18d4f773d63bcdc94ef9ff776f3","sha256":"52e06a2c0c31f323d6a942fc932594c0ae11df5218f1938302c2f710b334db77","sha512":"63d1266b4102da8fa0b5eb95b093dd7f1139ca1b2eeb8f7152c849bca4be6b47f7d71d7350129b6d94108580d910c571946ede2d95a02fc91c3b311f3d30b661","ssdeep":"","tlshash":"9341b1ebc96628e88bbd475f29ee13468f079975ecc07813a71f264a12f0cd943683d5","size":2135,"data":"","first_seen":"2025-05-25T15:42:53.987258Z","last_seen":"2026-01-29T04:40:04.512896Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/scripts/zimbra-locales/locale-en_US-json.3b6a8ab6.chunk.js","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"56bdce477727f5033158c49cffcac976","sha1":"cae41e84dc6b1deb087489e9c09e1eaf87dbea37","sha256":"25958add1f1cb25a5da38910819db54ef49829a07f131a9788d796144be0eef7","sha512":"75a920e87a4d248df749f5124874be68e8c1b04ddc465a2d0ac8dc0ae2f47c850ba5cdb9630e84d0d65267d09c39b4ff4aa1994b78418b4750b825d1e1c8c13e","ssdeep":"1536:jDGI1lxLKP046QpGe691TNRvtotEKEP7Ga3Ton2jaCZUos6+/ZwPP:jDn5w3yVNRVotGCa3To2jaIs6+/ZwH","tlshash":"77b3f70b5a102e7b4b9b43e3b8473d46a7f542ae66c10826c8dcc41c12ecfddb63b695","size":111453,"data":"","first_seen":"2025-05-25T15:42:53.989118Z","last_seen":"2025-05-25T15:42:53.989118Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"webmail.gorge.net/modern/scripts/bundle.445e8d14e663fe1aa746.js","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:14.589Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /modern/scripts/bundle.445e8d14e663fe1aa746.js HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:14 GMT\r\nContent-Type: application/x-javascript\r\nContent-Length: 315621\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jan 2000 20:46:50 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\nLast-Modified: Thu, 05 Dec 2024 13:17:16 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1834750,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"7276aa9d222a5baa99e20fec31fbcbae","sha1":"a1edebd7dd3fdf20de15bf58ca18382e784ff080","sha256":"9e80a7c7f5afa6cfcbf6731fe53b17807e4f709cb41f4b4ecb7aaaace38f1497","sha512":"0e2392fc7cfa5cd832d6e05d9bf351103623f04fe3c9e784fd082039b31b898431d9f60b69bc47c5af76638314067aa176634df90e23b4caadc6f167818fd870","ssdeep":"49152:obTYdH9HHWmC5rs1/RPG0jCv/oo+4Wk82K:tdL2K","tlshash":"bc853cae7054b5b50de7c7b2c05b940031f56a3a308a88e4b178e98e5dbd84d7663f3b","first_seen":"2025-05-25T15:42:53.953268Z","last_seen":"2025-05-25T15:42:53.953268Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1442,"timings":{"blocked":193,"dns":1,"connect":92,"send":0,"wait":103,"receive":947,"ssl":102},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/?RelayState=%2Fmodern%2Femail%2FInbox%2Fconversation%2Ftwitter.com%2Fshare%3Furl%3Dhttps%3A%2F%2Fcatalystpet.com","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-25T15:42:17.831Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /?RelayState=%2Fmodern%2Femail%2FInbox%2Fconversation%2Ftwitter.com%2Fshare%3Furl%3Dhttps%3A%2F%2Fcatalystpet.com HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:17 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: -1\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nContent-Language: en-US\r\nSet-Cookie: ZM_TEST=true\nZM_LOGIN_CSRF=dc0d7523-0cd8-4733-969e-fe34d06d5bc1; HttpOnly\r\nX-UA-Compatible: IE=edge\r\nVary: User-Agent, Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23412,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (631)","md5":"4b5c731ebfdd7f0fbb46966e5c1bd400","sha1":"1398c5adfda147b47583eceb8acccb8b9d028271","sha256":"a793b945724f80ec742ba099e4ea9984673248078d5488b5513a1f11b63d83de","sha512":"d6f8bde87c3e6c014ef7b29c06472b4c2e3cbca7ba41d635fa016e4a6acc244f25a689f8e7792b2b9219d271a0bad46809e9372f2b5dd1dc9b0f012655b66d57","ssdeep":"384:KB9TkwmMO7ihkKUT4ObYXhl2Ei0m5HDpupShi4i2iZi5iFieigiMiniHiNJci8ir:q9Tm7ihkKUT4Ob6tc/oVHgA0v9BiCNJH","tlshash":"9db2d76625e51c610aa370bc59cf111934b49c270109ce087dfc92a83fb6d6a57a7bfe","first_seen":"2025-05-25T15:42:53.955442Z","last_seen":"2025-05-25T15:42:53.955442Z","times_seen":1,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/css/common,login,zhtml,skin.css?skin=harmony\u0026v=250123180901","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/?RelayState=%2Fmodern%2Femail%2FInbox%2Fconversation%2Ftwitter.com%2Fshare%3Furl%3Dhttps%3A%2F%2Fcatalystpet.com","date":"2025-05-25T15:42:17.985Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /css/common,login,zhtml,skin.css?skin=harmony\u0026v=250123180901 HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ZM_TEST=true; ZM_LOGIN_CSRF=dc0d7523-0cd8-4733-969e-fe34d06d5bc1\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:18 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jun 2025 16:42:18 GMT\r\nCache-Control: public, max-age=2595600\r\nVary: User-Agent, Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":65812,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (751)","md5":"901412c5bd123608724056c8c5d8efdb","sha1":"315c0b89c57bb030bc1327d899ee8ec53f3a554d","sha256":"28ac5920b07814e93160c1c643a90604a9e1b4d08f7707023a82de6f70239026","sha512":"1aba1bf35b662f08a4d802d23c31fe03eac42a0212e2f8c058142c687784c5211f8a7e1767cf912b91f537f448d18d6b77db814e1da25ea6297da5478638da5a","ssdeep":"384:twGDVYTNgzXv1ZQeZmlucf+TRmyiFEu+jF9a/C/WYlcdBC7h/GZDQIgLq/EtwXsC:tFfv1ZuuLaEu+0C/mDU/twcx9545b","tlshash":"1253c831f342201eb02bc46ee443fad8692a9157c9675f79f937b479eac60dd1a23306","first_seen":"2025-05-25T15:42:53.956933Z","last_seen":"2025-05-25T15:42:53.956933Z","times_seen":1,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":182,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"cas.neonova.net/zimbra/gorge.net-large.png","fqdn":"cas.neonova.net","domain":"neonova.net","tld":"net"},"ip":{"addr":"137.118.7.42","port":443,"asn":6250,"as":"NEONOVA-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/?RelayState=%2Fmodern%2Femail%2FInbox%2Fconversation%2Ftwitter.com%2Fshare%3Furl%3Dhttps%3A%2F%2Fcatalystpet.com","date":"2025-05-25T15:42:18.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.neonova.net","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 05 Nov 2024 14:36:26 GMT","end":"Sun, 07 Dec 2025 14:36:26 GMT"},"fingerprint":{"sha1":"32:61:79:42:4E:E6:FA:E0:18:21:31:2D:F6:BF:ED:10:68:1B:00:93","sha256":"94:76:8B:82:01:8D:02:50:01:CA:56:F8:0B:A3:D3:83:37:5F:F0:17:55:7F:2C:5C:7A:C4:96:A7:54:8A:C0:72"}}},"request":{"raw":"GET /zimbra/gorge.net-large.png HTTP/1.1\r\nHost: cas.neonova.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 25 May 2025 15:42:20 GMT\r\nServer: Apache/2.2.15 (CentOS)\r\nLast-Modified: Mon, 28 Aug 2023 17:34:05 GMT\r\nETag: \"a5080-24f7-603ff19d1fd40\"\r\nAccept-Ranges: bytes\r\nContent-Length: 9463\r\nConnection: close\r\nContent-Type: image/png\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9463,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 440 x 60, 8-bit/color RGBA, non-interlaced","md5":"9801b050f0d24b58f02aba1ed193a836","sha1":"cedac30b3d467609ab6ffa0fb707dbaf7143ffe7","sha256":"c911aa2a20f672f0aa519265fb0b3ecf8c4f4600335d7df68d71a641e521007d","sha512":"81b222db314ca6cb01c40aa5052a6fe61d4036ae023c189f54b3d179cbf2fd9ece2b10cb4caf63971c6a7536c97db23733cc4ab860692d459ef25805d6ff5683","ssdeep":"192:nzgpkHZJwlMJoARMgqXL+wuRcsTOR42bO6N0uTFhBGFMlD7Db9ZTHgYP:zgpMZJwlAWSesTO+/664wFMlrJZLgYP","tlshash":"e512af7b7341bdc8580924afb716a8b5260101087153bf5c6aa064bce888d5ed7e77e6","first_seen":"2024-09-28T08:16:18.328759Z","last_seen":"2025-05-25T15:42:53.958563Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3926,"timings":{"blocked":1901,"dns":586,"connect":119,"send":0,"wait":119,"receive":1,"ssl":1196},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.gorge.net/img/questionMark.png","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/?RelayState=%2Fmodern%2Femail%2FInbox%2Fconversation%2Ftwitter.com%2Fshare%3Furl%3Dhttps%3A%2F%2Fcatalystpet.com","date":"2025-05-25T15:42:18.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /img/questionMark.png HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ZM_TEST=true; ZM_LOGIN_CSRF=dc0d7523-0cd8-4733-969e-fe34d06d5bc1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 5359\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jun 2025 16:42:18 GMT\r\nCache-Control: public, max-age=2595600\r\nLast-Modified: Thu, 23 Jan 2025 17:57:14 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5359,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit/color RGBA, non-interlaced","md5":"5d496d46fe9801cf0e92af8337b3b6af","sha1":"6f9e34028d56b0229759aad8dab4f0c30be30a7e","sha256":"395b89ffffb5b6ea44d2933531396f8d2ae8ff84bae554a1c245d0777af59034","sha512":"1a0c2ff7c5a88ae03d8df8d31473144e969f007ecf4cea45af065770ec3279fb72d3ceb2b28d684becffb65bc60f9681f7c65e503279d8ed4a5aa44132ba9ba0","ssdeep":"96:iDA+MJVudjvxHeroWIEqS9gLNUMvCIRubbiCIdhDdUrEGZ1AkNnlakE:izBjYrdILS0NVtBU11AkrvE","tlshash":"72b18ed0dae8ef886981a95adb2f14e0cb05b15f52fe3cd90b370a0d154f584c53a1be","first_seen":"2023-05-12T15:26:00Z","last_seen":"2026-04-03T16:34:55.378326Z","times_seen":729,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/scripts/3723.79403834fd65adf3ffd4.js","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:14.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /modern/scripts/3723.79403834fd65adf3ffd4.js HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:14 GMT\r\nContent-Type: application/x-javascript\r\nContent-Length: 310866\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jan 2000 20:46:50 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\nLast-Modified: Thu, 05 Dec 2024 13:17:16 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2373823,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (47933)","md5":"d99c42cdd91d41b077358f3b5531c879","sha1":"11eaaadda743b023787fb44423d9b87343376a02","sha256":"bddbc416521fa7e8cbc40991e3abf09845aa08b41e429a6760f682880bcdd104","sha512":"07696f7d6acee323c147da5701d6afebb9b8de6297df877e5afd1a8b306aa512aef1602c610c14ed7a292825030a2233da436a0cfcf5830798988c62118b644f","ssdeep":"49152:Wqib0a1mq1de5xHwpyOxat59kZEzzeMbeP:I1U5xHwb7","tlshash":"69b5db68351af3948909c0d3f9377c84d1e8d19aa08b10d16f7457f78ab174aeaadf23","first_seen":"2025-05-25T15:42:53.961201Z","last_seen":"2025-05-25T15:42:53.961201Z","times_seen":1,"resource_available":true,"data":null}},"time_used":588,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":485,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/css/bundle.f99877c257d2400034e2.css","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:14.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /modern/css/bundle.f99877c257d2400034e2.css HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:14 GMT\r\nContent-Type: text/css\r\nContent-Length: 42292\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jan 2000 20:46:50 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\nLast-Modified: Thu, 05 Dec 2024 13:17:16 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":539328,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65534), with no line terminators","md5":"bc1460c392c0c551d015ae57d7316845","sha1":"86896c505685496c2624bf7e202bb46be579c312","sha256":"4c21675078ad96db0b6ff16eb56ebdda575019228062816abc62af8f5f438e70","sha512":"79a7109f8e8a59dba84d396e63d671e11096f0ec0174cc2e5aa889e14f9c4f9bda2d24c191de27a91b782301d7ab521b8de8a737bc397e5dda5aab42cc9895fb","ssdeep":"1536:RLmJudKDILN3f6Oz/f95GWUM4z5B1l4w0XZ9jesBW2VidW2t2jvUEOq+AlH7UVte:ZLidWxHIVttdap85E","tlshash":"d5b4ca689ceccd3820ebcf36e28de6195ab49e214973fe5f9428404d2dc75e462eb705","first_seen":"2025-05-25T15:42:53.962722Z","last_seen":"2025-05-25T15:42:53.962722Z","times_seen":1,"resource_available":false,"data":null}},"time_used":699,"timings":{"blocked":194,"dns":1,"connect":100,"send":0,"wait":101,"receive":194,"ssl":103},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/css/3723.a4763f176c1c72ae4619.css","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:14.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /modern/css/3723.a4763f176c1c72ae4619.css HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:14 GMT\r\nContent-Type: text/css\r\nContent-Length: 3503\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jan 2000 20:46:50 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\nLast-Modified: Thu, 05 Dec 2024 13:17:16 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19577,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (19577), with no line terminators","md5":"b0f6cd1a755e15984866981524d6669d","sha1":"0ffcdc0df1142bebfaf115702ae70b4d56f9b7f9","sha256":"ad5d71a909305a8d1817d90cfc1bd04c4fcfb533e0d0baaf1cac7381e8b441cf","sha512":"f48ad9745bb81bbdadd682ec4bf9d916a8dfc21394589c5e0015caf1012587948d8a2b4626aa19af1bfc4c1087e97ec3c2a529be8717a6d0715b018306a6031b","ssdeep":"192:FDVi9Nnr3/wNmk66iSvZIem5KhlTHFid5D0VMGGJqGLW4jPAE8GyKV5ZFTZ:F5uNn3RmZIem5KhpcdB44Znv5ZFTZ","tlshash":"2592ad6c7026553737734d3e62cd9ad8e6c07e53ddf8ae86b80ad02026e65e2314b778","first_seen":"2025-05-25T15:42:53.964109Z","last_seen":"2025-05-25T15:42:53.964109Z","times_seen":1,"resource_available":false,"data":null}},"time_used":542,"timings":{"blocked":213,"dns":6,"connect":101,"send":0,"wait":109,"receive":0,"ssl":105},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/clients/default/pwa/icons/ios/icon_180x180.png","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:16.437Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /modern/clients/default/pwa/icons/ios/icon_180x180.png HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:16 GMT\r\nContent-Type: image/png\r\nContent-Length: 2308\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jan 2000 20:46:50 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nLast-Modified: Thu, 05 Dec 2024 13:17:16 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2308,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"42f1ea150b3168c3ad8d70a2e9c49a12","sha1":"8ac00bff345df447927b59405e9241a36dc20c0f","sha256":"9b3e0c870e2e5c725b38f1031a92c3ae56649a6583f5b10b0fa326ce70a10d4d","sha512":"0d12bedebfb21988baf96bf1f01e2787c1660cb29b3087862334083004c97e92d9aaea2b0923c3ba4a62fb83745e01c4498fb5e72dba3decf4e83af5e1f50585","ssdeep":"","tlshash":"6041b53d70c0a9073776a72bc6e6f8018decc31e6980e502a5689a66f5e3c5cd83b795","first_seen":"2025-05-25T15:42:53.965864Z","last_seen":"2026-01-29T04:40:04.504419Z","times_seen":5,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/clients/webmail.gorge.net/config.json?t=1748187737318","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:17.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /modern/clients/webmail.gorge.net/config.json?t=1748187737318 HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:17 GMT\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 923\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nPragma: no-cache\r\nCache-Control: must-revalidate,no-cache,no-store\r\nContent-Language: en-US\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":923,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"4aea8d5cd2b8b250da0b94bf2d713690","sha1":"21cc94df1adeac3af6afda9f5ab45ca5e41e6962","sha256":"29d41d0952e616f145a35dc0857c46952cf165ac51807029c37dfce0cd18359f","sha512":"3b237aeeb2557c3bb74f70d23a592581773045a5f6dc0d9700733c55173f529fb95fb42e2f0f6fdc3db5204e6d50b0801286602f3514f633b501b607734c10ac","ssdeep":"","tlshash":"8c11403b840a4e2b0220866074d03308c99f7e36b901a8c4fca7816f2fc2e4cc59b94a","first_seen":"2025-05-25T15:42:53.967524Z","last_seen":"2025-05-25T15:42:53.967524Z","times_seen":1,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-25T15:42:13.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:14 GMT\r\nContent-Type: text/html\r\nContent-Length: 498\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jan 2000 20:46:50 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\nLast-Modified: Thu, 05 Dec 2024 13:17:16 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1909,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1909), with no line terminators","md5":"810dbd99cdc8c868c4dec12e424dde4d","sha1":"b235d7d56fbd3cc376e2c177120d11c198f87a95","sha256":"e999c60239cfbd8c651a70a098a24607665575c23d2b80f93cf2b92fd0d73332","sha512":"1435a7b84baa104468696091e1bf086718e4278c7b96569c28c0b61fb1055061cc65886647169078ea16b195ef1554f638e6fb7fff0f1b6462f1d6aa434c5e79","ssdeep":"","tlshash":"9041dc439c319eaa221063bbfa29b0e9c4863c9d9901b80cf8d5649d45f9fe08a67731","first_seen":"2025-05-25T15:42:53.968819Z","last_seen":"2025-05-25T15:42:53.968819Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1689,"timings":{"blocked":795,"dns":442,"connect":94,"send":0,"wait":99,"receive":0,"ssl":257},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/favicon.ico","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:16.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:16 GMT\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 923\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nCache-Control: must-revalidate,no-cache,no-store\r\nContent-Language: en-US\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":923,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"4aea8d5cd2b8b250da0b94bf2d713690","sha1":"21cc94df1adeac3af6afda9f5ab45ca5e41e6962","sha256":"29d41d0952e616f145a35dc0857c46952cf165ac51807029c37dfce0cd18359f","sha512":"3b237aeeb2557c3bb74f70d23a592581773045a5f6dc0d9700733c55173f529fb95fb42e2f0f6fdc3db5204e6d50b0801286602f3514f633b501b607734c10ac","ssdeep":"","tlshash":"8c11403b840a4e2b0220866074d03308c99f7e36b901a8c4fca7816f2fc2e4cc59b94a","first_seen":"2025-05-25T15:42:53.967524Z","last_seen":"2025-05-25T15:42:53.967524Z","times_seen":1,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/scripts/indexeddb-storage.c9d72a6c.chunk.js","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:16.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /modern/scripts/indexeddb-storage.c9d72a6c.chunk.js HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:16 GMT\r\nContent-Type: application/x-javascript\r\nContent-Length: 481\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jan 2000 20:46:50 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\nLast-Modified: Thu, 05 Dec 2024 13:17:16 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1127,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (1127), with no line terminators","md5":"9637dd512e2effe5697762f11462ebf9","sha1":"7193407dac44dc5b455d1118e49c63d29045db22","sha256":"39d5a55abe594cef8769c896e44079add0ee05fb0e12febd9ec6f84da6c05fd6","sha512":"685b0ffcac27f77f457dc5e8b58ed67efe587c571340525bb47f4d1551a67abbe362e1b22dd006776599d0134a3013bee1ce1f04d1c3d668f30a15b0d930a6a2","ssdeep":"","tlshash":"9f219bc536c4b52923abe470c4afc065e33f6489580f48b4f30aead57e754ec661b978","first_seen":"2025-05-25T15:42:53.970522Z","last_seen":"2026-01-29T04:40:04.500228Z","times_seen":3,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":99,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/service/soap/BatchRequest","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:17.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"POST /service/soap/BatchRequest HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 383\r\nOrigin: https://webmail.gorge.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":383,"data":"{\"Body\":{\"BatchRequest\":{\"_jsns\":\"urn:zimbra\",\"GetPrefsRequest\":[{\"_jsns\":\"urn:zimbraAccount\"}],\"GetInfoRequest\":[{\"_jsns\":\"urn:zimbraAccount\",\"sections\":\"mbox,attrs,zimlets,props\"}]}},\"Header\":{\"context\":{\"_jsns\":\"urn:zimbra\",\"authTokenControl\":{\"voidOnExpired\":true},\"userAgent\":{\"name\":\"ZimbraModernWebClient - FF134 (Windows)\",\"version\":\"\"},\"session\":{\"id\":\"1\",\"_content\":\"1\"}}}}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:17 GMT\r\nContent-Type: text/javascript; charset=utf-8\r\nContent-Length: 608\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nCache-Control: no-store, no-cache\r\nVary: Accept-Encoding, User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":608,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JSON text data","md5":"668490019f46fc872cad22eba5b4d20c","sha1":"f8afc9da030aa2826d92ab0088d98bfd2155256d","sha256":"87b70c0fadc3ada4063ac8b8ff53b3edd105762ab020dada22294da681664181","sha512":"20ec3c9a9efe4187bd593f3d72c19c79ab73bae1bd5a99481ebd35e40dbe99e567069fed49221e7ab013619a4eec93026673caf18e61f54020d1040bfa03fcab","ssdeep":"","tlshash":"f3f02878a4d16f284a5e00d34d0f3c4236fac7ee065c8f681218d12608daf2ff8217b0","first_seen":"2025-05-25T15:42:53.972256Z","last_seen":"2025-05-25T15:42:53.972256Z","times_seen":1,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/clients/default/config.json","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:17.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /modern/clients/default/config.json HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:17 GMT\r\nContent-Type: application/json\r\nContent-Length: 449\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jan 2000 20:46:50 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: br\r\nLast-Modified: Thu, 05 Dec 2024 13:17:16 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1316,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7acc8d5940695792d109c01ea90dd7ec","sha1":"d14bee2215b7bf708242833eb91abe6cfd3a1bae","sha256":"918ea72e0533cd1fd6cd5d88e4245023f0fde239e571a57d5bb7a1302bec99b5","sha512":"7fe8474ab2b9823f3a1f48a838d78616db97b209725038ba0e99c9fbe9d79d6acde0045d114cb2cdfefcc5a271c35d772c269acbb95fb5d58b3429a1ea838b44","ssdeep":"","tlshash":"ad210fa8cd259c9322c6146948ed0807661b9d57074c3c0a733ed1cc1f6ca5f64b77dc","first_seen":"2025-05-25T15:42:53.973965Z","last_seen":"2026-01-29T04:40:04.512045Z","times_seen":3,"resource_available":false,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/img/new-back-ground-image.png","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/?RelayState=%2Fmodern%2Femail%2FInbox%2Fconversation%2Ftwitter.com%2Fshare%3Furl%3Dhttps%3A%2F%2Fcatalystpet.com","date":"2025-05-25T15:42:18.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /img/new-back-ground-image.png HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ZM_TEST=true; ZM_LOGIN_CSRF=dc0d7523-0cd8-4733-969e-fe34d06d5bc1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 141674\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jun 2025 16:42:18 GMT\r\nCache-Control: public, max-age=2595600\r\nLast-Modified: Thu, 23 Jan 2025 17:57:14 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":141674,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1440 x 1024, 8-bit colormap, non-interlaced","md5":"5a09af857512a874f5e2a6e01b80742b","sha1":"8c87bcfd42ee8fab57f08c3664abd1424e608b6a","sha256":"18b729cd6f3dd2b5657c1680e1388b825dc2c2d1e732e03478006714ac7ebc2d","sha512":"0f5a6c382957c3ee0078db97ae58f109e3ecc04d31609cd6047b4904b220bd45ff055e4a6abb058a6e0c760c4a4beba7f114a6d86b5179fccdcd5d334e835a1f","ssdeep":"3072:Xp4eV0s/ltkbEd0U+sl5mk0Xy0X+9uZPkB584B5DMs:Xd/ltka0LXmQw58EDL","tlshash":"00d3122e58f35215dce8e8bc3cbeb8fb295e23b44474dbfa5258c2050e99a36c4d8d11","first_seen":"2023-05-12T19:43:56Z","last_seen":"2026-04-03T16:34:55.377113Z","times_seen":817,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/fonts/roboto-v18-latin-regular..woff2","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:17.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /modern/fonts/roboto-v18-latin-regular..woff2 HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:17 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 15344\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jan 2000 20:46:50 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nLast-Modified: Thu, 05 Dec 2024 13:17:16 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15344,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15344, version 1.0","md5":"5d4aeb4e5f5ef754e307d7ffaef688bd","sha1":"06db651cdf354c64a7383ea9c77024ef4fb4cef8","sha256":"3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc","sha512":"7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48","ssdeep":"384:ctE5KIuhGO+DSdXwye6i9Xm81v4vMHCbppV0pr3Ll9/w:cqrVO++tw/9CICFbQLlxw","tlshash":"5162e16aef76dc7e4f1af1361c01b45404462290ba6155eff00d6e1d4eed1aff461392","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:19:39.140135Z","times_seen":535995,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/service/soap/BatchRequest","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:17.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"POST /service/soap/BatchRequest HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 383\r\nOrigin: https://webmail.gorge.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":383,"data":"{\"Body\":{\"BatchRequest\":{\"_jsns\":\"urn:zimbra\",\"GetPrefsRequest\":[{\"_jsns\":\"urn:zimbraAccount\"}],\"GetInfoRequest\":[{\"_jsns\":\"urn:zimbraAccount\",\"sections\":\"mbox,attrs,zimlets,props\"}]}},\"Header\":{\"context\":{\"_jsns\":\"urn:zimbra\",\"authTokenControl\":{\"voidOnExpired\":true},\"userAgent\":{\"name\":\"ZimbraModernWebClient - FF134 (Windows)\",\"version\":\"\"},\"session\":{\"id\":\"1\",\"_content\":\"1\"}}}}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:17 GMT\r\nContent-Type: text/javascript; charset=utf-8\r\nContent-Length: 608\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nCache-Control: no-store, no-cache\r\nVary: Accept-Encoding, User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":608,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JSON text data","md5":"4f6b946c3ea68bc9d883980ddf469359","sha1":"8a494356c5707208821271ce7a142435d5917382","sha256":"acab19affb69097d878357bcf7282482d1bb61b00d48a932032ed737f208be94","sha512":"9d4426d6cca71c1e8386d7195dc07307666443207d8de60711fb3d5830c81807124a7df0abf182a6033819749a1e7d9f2fe2a5f0f06563bb0b47cfb535aba910","ssdeep":"","tlshash":"1cf04c38e8d16f241a5e40d34e0f3c8131f9d7ae0758df681254d12608dab2ff4127b0","first_seen":"2025-05-25T15:42:53.978361Z","last_seen":"2025-05-25T15:42:53.978361Z","times_seen":1,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/modern/runtime-config.json","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/modern/email/Inbox/conversation/twitter.com/share?url=https://catalystpet.com","date":"2025-05-25T15:42:16.471Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /modern/runtime-config.json HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:16 GMT\r\nContent-Type: application/json\r\nContent-Length: 295\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jan 2000 20:46:50 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\nPragma: no-cache\r\nLast-Modified: Thu, 05 Dec 2024 13:17:16 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":295,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3d511493eb7d887863818311cd3ca46c","sha1":"1b3acecc8cdb253ac0aa3495a01627e9d96d4395","sha256":"c7279f79614bc50123924a12006c2a24097ff1c1f613f4a8f8161e6d5c3d9c02","sha512":"f98bec4cc3a0303f67397dfe35a3f8a7d5d99dcc345d8d67d509d8f3757fb5a1883bf58f9fe9b512c2453d76f470b62932e0a286e6a94332fdb22349ed6fb753","ssdeep":"","tlshash":"24e0c224cea22e94607acc500e163ed5372c1b771b04e8f9a1a35e4729f992d3823307","first_seen":"2025-05-25T15:42:53.980005Z","last_seen":"2026-01-29T04:40:04.516514Z","times_seen":5,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.gorge.net/img/logo/favicon.ico","fqdn":"webmail.gorge.net","domain":"gorge.net","tld":"net"},"ip":{"addr":"129.159.110.135","port":443,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://webmail.gorge.net/?RelayState=%2Fmodern%2Femail%2FInbox%2Fconversation%2Ftwitter.com%2Fshare%3Furl%3Dhttps%3A%2F%2Fcatalystpet.com","date":"2025-05-25T15:42:18.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gorge.net","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 22 Apr 2025 04:36:46 GMT","end":"Mon, 21 Jul 2025 04:36:45 GMT"},"fingerprint":{"sha1":"46:59:A5:12:20:5C:09:1C:32:9C:BA:56:87:A2:E3:2B:9C:21:B4:C0","sha256":"A1:7A:C0:17:B2:23:1F:C3:49:4E:76:B0:5A:50:00:0F:F0:C2:4D:3E:B4:4A:80:82:43:35:BA:F0:F4:F3:47:DD"}}},"request":{"raw":"GET /img/logo/favicon.ico HTTP/1.1\r\nHost: webmail.gorge.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ZM_TEST=true; ZM_LOGIN_CSRF=dc0d7523-0cd8-4733-969e-fe34d06d5bc1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":12057,"data":"Km9zUqBaU09UudQBDBc$Zzqr$Vk$68611qaBHv$-nrOnp9$C-NtQn0BL$uD9PGmm$VJ1$b$1r19B$w1BYQxzJ0melRz-njmkV+LcdPgzY1$EBU5tzojM$BtwSzNT+UhkIB+SBgPzqN$CL2-$QMe6qmzOl3B9tFeJLrS$Z5y$BFk5zLp5jmz6$BnLXhD$53aV$$5v$jWFq$$eiz$JdqSd$z$gLyaqbom51kS$-Xy0PzNKBjIEAkSd$qyypF90$UqvQo9dMKcrLbpaSB8KzU3BH9$9LQ2ww465SqX7nRPIopBRJE7tzRPIOIB5D7BcY5rGaObxoS$quTyBpzBBVSD1E7$BqxcBMSeoHSCHeU8wpHwFn7OrwzrBmZNBS$mMq1$BYTV2Q-q-IL6Fnz$GcZ85Obyvkr8q9KpvSIbZkKceJnbjZwP87vS$uhpJQuM5jXA6Vy$$58NetRK2PqL5eutzmibEucY3zBGkXbr++oHH$PEwwoBLaICdOi2J+6zGJFXqh0F31$bAY$r5-8bm3t-etlBoym3$WFSmvnzqal51vU0Kz$LG9-K4NgZLkZ3un9U$M4T-cuHbtgAA4uHYCDN25-NiBlq01YennuADNYag9y97b19HPobT3LyuX8oLEx2Sa4tjM41cp3HCcAI669OI-eo4W6ID6zkDoLIhAmo+8unONkkjQ15$BOAN-UTpBbV5uzLd$n+3c$5-w6g4un$upzTUugGW6Jj+u-1Ck8qWZB41bTdbUzPzd$mKBFBWV1wU$DMa$$9czaq0PGE$0d-jBy$G2zwq1V1NV92Sjdm2rk$GujyVX-18Z1j9-Pu4z+BW2kjP-Nq-UY4MhLWC$L-1t1dqnL60$CK$zzVBBbdVvJ2QtKurb5pq5qqKB6n1VkqJ1QMI9WvBj-NLk+ZG1Z+Kj0Uaqa4zNBNB$1Gyk6uW1aZmLmo5mPy8re$6dZaUQNmcd-uWmdTPkPbaHcOQioroUzaZJ$9B2nlqNW+dn3ZuiG-qCQDVkyY-qzjY$Giqy1qk49-G0pY5Q6b-t1E-MNt1YbXl6-$$jD5B6nUNqk-BT2ym$unjb$$0rtnj19VAgxGbm3cMWprKeD7-CUSZ8ry1Eoyd-puZXeeBAlwCEve7OFoXau1wVmeu9bkYzVQWzZaBVPzVZY+$gPwkB-ptzcyqrMEawtj1$y1mkDCmlV-dfQY6-Me$0Vwig-y3Azn-QNFa-Q90f-5qjt2SKBqzaE1nV9tWn$nyzoh9WkXQtQWb9WwE+QDBiDB3CkPW1gr+bQxTN-HIB+4r9DrVNJ$UuGo-wUmVYCBWamkMW$mEWunD1daX2tBWB0tUYdpjE$TPwV9Vz3w9pBbKU7PaPkd$tqad$k+JNvaqnYbmR2CBkh122GFxGS6V1gWnIW9p6nDop8xSQG5HiCBFkjjlm1znj6HjuWI-xGYWcgL39Xg3M7fgWw80A$wbIWwIXCLGw9ND9NM3PDwh3kdw0VotyjYAkRaVOLzjL+ZhKxSKwnqJTARWiqzcI$1TtUpCfFNRy7AfOkfYUpYk8hmd9k3CBMX4E9SaZ9TV4kc$$0LzB$fm53hCN$rvzK$zVydbe$O7WCJ0iTo$12yQt1ENAxCgaTzUz-ZjCU19DBrjB-oS-gvBgnC50V9$W179rT-5BfizB6XC5rx69dSK6XnDyN20QOvSKB6Fdz1p9yuohEV69ahU9zlowVz6t6ydjRdhznPWUuj9rk3Uqcz$GATwJa$V5QwaUT0BcdZPt6$A8fhVFTbQ--Q16$PVTp$bmhrWzRdb5qd$YC1jfrqc5--ySFyg$9B6VzKeKKWCndnP$jXNpyk7jmqWr$KhldXSG$99rpynUq$TGx2T7JUPVPb9p58hdyqhk6AAP36BD$n6-+FVYShaUhB9pm9Dnt753tXWz99V$JBWUG4tYrwBDz+ZN2tItnKvqZpTv3KuVr8EJ919QuXXn$C$VC-qhhnemH-khK5ZdN19oXYB$361tGQrDR66q4KV+n51U-d$tnxem7zd9ghb5$1rVCrkeirvGutYz1QvMNT+J1du2zDygPNL$4zOojqKjcy-Gpykdh7Pb5ygI$$iBMihW0iT5jmCz35CWISDR3K8mcpL3dS$+4zXJ8pTpX0HP30cztTVgi6ONEj7Tfonia0NlIRh9MVjc2u1jHJ-V3$aTjd41hSXVyIaTB$tq0iqAXH$QcwocQmJS$b1iUtZTGWGSYwcZW6dnMCFp3XDyVMnTWcVg6bCCVoBG08LHdLSJ1bZA7DZKzo5DhtO$KpSEy$WdOQK+haqtM7k91HhjXyYXT2ur1D5QTZKBwq7-1g+9BBWiqipur6U1HbLCxHXnYtiQD5Hvp6-WVajJRGJ8P5gUNJ1ByYSlXWgatKaTk$uZJB1p9-kd95N8tKQK26PV6S8VZQV$bfMp$1p-qU0YiDrj-gF60wpauR2Fqeo2Jq+KTXOMw119CPz72HL7hgTzEtKQMEbqFarB6lgoXCd-KMqE9JyBKXjtBK$hjWiIQKEApBRBdCReoq4o0w5mCpKznZ237idCB9$9Mg60gYlBm8ch92TEGpM53RM7TT9GC9C85$Ppc+YcupB-oOMMb02rZ3VXWtTE-Z4VcLYR15yWv$mhvWnBGpc99cBW3Qrm70w6r$pBKGT26Nm+-EX7vJtGjKGPoXiimZj9k6$avS4SQanIH3MgGd$0F-UcBt0Qlx5Hq1zPxVCbkCvj9j5fqoPPT0mSuQhJzbnfaJ$LZyWTByKuqeJ6+UaE$K5eSMn2qCpW$-IomdeyW5Lwqiev4aTkpGpm832ViZz6dXT6W32bqhkzAS6c0AOdQRlaUE8++F0A64h9j9ng+XVe6bSt32Vb0J-mPL2KuAVqyUNXzpJdui9u-iMG6EnocCH5AA03He$yTWkTbB4znK8quUfo+1gSDVCZ6TH9p$a$kFx5-CQc3ULyyJKq6GMS6LxlDQbHFtp+X9dUw9n+ybwn-$d6T7C7TXY1jh6kLB3IdyLdfGWvokcc0RrnUzpmxpu06q14S$IjrqAR+cdj9zQ0kZ7uuuXHqCKK0ahNALj$XelneyuMjHdaF-VKArcEr5OM9$OGRQe+nq8R8qglAHozGXbqdiCWv1tOrG24gqUz5LuPwZCJ-q8N1jEfJCUd-L4biUvF2QmH9XMRpHLzDdHGSzv8z6kTeiVvhHoq$8RbZ4fI-IME5FVnNVTFWyhRFQj1$1w7$2gA1c0qgFb0TYHCEY$ztvoP6B61Iy+aJTRruxQK4XI89FZW4KTjLl+j3V5UbkgmDTnLCVfzWZ4FD7iaD6xT4ZLWCgQu5xxLA5ddwcXLu1ZYz36B5gG$TYKbhXB9tp5kBqQZtzEQJZTvSBMGLaq3g$M27eeUQfExHCo34rV6BUHya+j$zSwUfy3c6ZV1FnwtIWv754MnkuyXjR31UAKql4MAUBdTxvKuSExwuuP$p$3Q1ByVuAUB66+qx-$phPcRRUWZWpxdxuKa$SZvmv4ARQ$Or2hp5gIAIg6u9p5oDTjvSaY4cvD$4vSgW0Rv810dk$7tf6JATwz63VP1H0O6d2u1huh6BE05IA74IAl531OZY-$51ZzVuAAjMROphuvV1$o$U$ITEuSuJdx4fAroYpuufwv1vt15ftJtkKZ1lQf2SbMpS08RcvzG0TlQcwO6cKupvRBpqAg9rw6UYEfan$KtqVCEfBu4pu198uP0OQRt3qRA1IK6ygruPuFT4Kk23duRPq1KZvZulA3VzuvUiVMw2d0jEa1m$lHuzwzOTAK4rKt0SmPTpP3Q3tOvhANa1P3u15DuPBSkMRcRf99U1i1J$C$5Bp--k1xvdwm09JPqSKFQuv82zuUg6qedogWtiV1AejL1TuTK6wREvRoERqS0O$Xaj-zgM$WLJQlKObup$R2P3Vcq$H-9dbuO1W9ty9PKmDcp86cjvvN0+gpQAEc0mkxPoKDpB-z5Rty98a$ldanvYoZV$CuU$9rKWWrtWNEuzh9Fmy$lB$ud8$huP-+uS5-$mrRd$umOZaSmvw6j6oZa$Gl23aWAAtGw36ga$Mh-qv8RptuMhAEtuxrPOQeuCmiUr5e2zpDv29fgVBP9UQtNCmzBygeZuNiAJbu-9czw-jEVB4zuW2yVBbBQ4qS$p$9Mg-uEV-P4teMZhAAgW6LtB4EQx6y1u8Wn$HIK$89HlvNKZvdVmx-mSw-RzgRj$4AqeKgQW2g2$j54z5B5W1ioO4O6mNvKL62tu0bRpRO4rVBKWPzpJ4uI5dtX-LZPJ6WJI1uMCSx$9u1p8AnFiwdP-JfA$b+9O2DZx-uU6jiZWdiQud1c3B0unDDqz9wZOPzdGk+4h5nYmGGHEEf6hu16Oad99V7Zy1HanbMb1gF6REzozRUpWlhZWVObahh1SMrTSLz7S7MpSMMBFEv1ukvP1IG+hQra$8IB1taXCGZofj$aW3tIuQVd$pGyAd-HRA1c-mqK6oxuP4Sycpmxrwmp$t39GRNjGMl63TRb$YOv9MS5miDqQJg5e0QLgbGYCo3d$TlvdBX9zANVCwJTB-1Y9cYgXTXKGFzGvvW3NIMVJ9w0oQP1uDyxuu1Ro1tYMj-L9fAg5Rzpp1pa$DNefE5tGpqEQIyk92DQzD5qz7Y2D6GJn7-EBgyd6LRjh4qS8TyMgwyYpvgp8VGimWqLl96vl0D1YjAUhVY10d0EQSuDkpuZh4Utuicb5AH4nmWfS+624$4dub4v$$6BOo0uF$9KWd90CxOuvq8j6vRK$ly4Wvz5ziQlga6$6fXjE1cB$jKpzG245ly62gz02pmC49SuUb$uOZwKyXJ1lbmGk1WnI21NVbuPe08A1N1er-KQ-fpBHbt+aN-Azu1QUqzjfwHgVKZ-XrKw-d99DExRTa$xruSE0$uEfVmyzbYq1Pb0ovYPAbu8cb25ddcpuqzp+--Me1uuSRj18U$Z9MH26a$O15SE$0RTR0C7Cy1-Z-nNSIQe9C5xt$z6gRaWrtac4K876IQfa51dm+8cDAv9TjVf97SSXwZUVNYb2AHUIEQzXV19X-X18HaH2VuaYaWWg2lo$B3ldV9TXzJ9ZbCM6P9HNGS5hBqLwoTAraVe-npE9vop5NL-36E4KE6-RBp$9X62zA6-gTKqA01k8X326eAUXXShTmvgnzTMruuKHTjAK-CD0cDvdwIaYoqmptpQ8FWOLEfjitGd$BdVVmSaqFR$J4uB1V9B9qVhNZ1MDXWTDYCq-JDPb9tCNrEuSTqJ5D9hWn3bWYM9aIMuP-2g49Suz9zGQfRqnGGCzVWNA0o1bgW2RUnGUddaayDCTYZ$JtVFV+Z0p6bE2vSJDr0mPt2a1x3zLE5f8RmeNDc9Z5108M85UQWpL4tiVPNnt34v76H$o51mz5A53E8mR-$uFURE$uhET88n5mzE3tNyB$uUeRObcEMdO25G6Qyu5N$8WVGm1TLTyZZ$DySRC1tq8Abc5FE5fuWRogD90d$9waNGv1ldSz1MPgR0VtTX6d999JtSKomWqCCyZ549G8blhAzpbEIKYlmqvEI10ynYbI7I90bu380ctH-pDh-f0n0+Ov7B6Z67-ZhwF9kaXSuQMq8BRPbauz4VFUbovR$Omfp2TXzYzbIVkkYRtrMAZ9Z0GM8B3IdKOEu4d4m88$FA-3ObmNmLbvSvS1uaJaYROBbC3w1ST20pg1rnLuAq$eu6-3$O-MhP0nGqm3gbunuieSrEtZkSwC$QDLNEvBkcz9DtVAlwumxpiuvpjHdtu5YTT+$QmDjPbtacuymzGG7IIBCcAVMuSvSwVNnJ8FVIVHV8M5LadE$4$U$AKQ6DPqnyknyuGa5JE0gbRtX3VqSE0MgAnfqXQFg9DKbKZuFtFKkbbK$fnQ3xMnulnekyztSo$0zaLRnAEQmOAjmJ57qm0fAaYPVoX19K1LNdWNYa1iwoEa1yVkkzQJxoLgpKQLSc3ROUbINozfz8zdDjQf8b$I0j$nupXA$p7xVwbR6N8p2bpXa7BcrTioES2AahgV$mwnwe6K611WY3l-Gy$JR5qO-78cIpxVYvtMSaXWTOrw-lu0VgWNc9BDkLiKObE8MXR-8xz5DCzUne6SMLqLVGY7ZTN+6cbO4vyR4Rpdzc3WSnVN25GmhKU2yYzRIMeSMut7t34Bq353lbbSxUdJ53oVBlW1-Gubr-DEpnAAz6v05dga$3oUJqSRViVxhnYNYnXVJo6JBCMK8rEwmvpN$YhtMaMU0VKjl2uw2U26acp0Q+dBO0V2hgh-fwfKVLb$p$X2WgWd$80YSaqEteL-tO-xrvF2S18lLPRZ7ldQ9fAwGN-xD4VGtYaW6ZxKO4CkUtpt1CMOHNQWS6QSylMxzwm-LKMBQXnXyW7len1wKF$O6gdllTk2WdbQ0WR$Ho8JXB$tjiJgyO1nSq1wLuPdCmWTvqe3LwKgF0563TLaqwBCqg5e$g6ZoeBcez4UkFHFWwEVextyH3dD8OrAEWz9AUH5rVKnEt95156Eu63+KVXN6wwmH3VROa5pqThc$A7f7NT1BWw2U5dbemPPeWzp9-zu3fOwwFBr6qVHBfpx8NEgVDH7Z6YkxNbmGhTldtYxz4EgF6y1o4rk$Tv2TTJvbJY$ezHCKYg4ctKAS3gRGk66KSH0Ui$QZ-QF-yK0WAwOKwK$zqUONwwmbj9ujl$Or-CrtWmJL03MPVnro0EPahxMrphExPS$fR25KjNIrbjM$V8MDZ$iIRx3eoxa$YMOuCT53kpgjMpc8rEz-UL6K-zUr3xGM6WexGjLJEDeteYeF08tDlv0HClbe2Yv7QuvvtGPeiYJ2X4EoQ36a3E3hyzvyz7tIeMf+RCZreS9zZZmoCcMEfXuneR0ccoCuTBDNMFdFaXFefP4U+ZP6lXiuz0O$2HGKgHnM7mPA974lq2khIfVMrEt4X3gTYfVMo3QW0V$QcDzuQru+YC9DxdQ8kJByO-l6+JC3K$bgUU$prfBfdx-Iey-yz3GyDltaYzTbk3aLBJGXA9FVufqbuh6WyFJ53Ty1tki1AjcJKkg-k4MH8$r1ZJTwWI9Ttc+iFo+K-NyE5Epwhw+ooc64CPCTz+UzJOA-YJlkwBF3WCGL3L42a6O-8bB14ATPhgCIcu6oivj1TbiMmTYCdu16-yR+DcPDeiJMkKpgvzY2Zt380jnENHCb8F+8ciCaI2QI0rcxC$1lAK$pgjInDmOLNnZHEuZJ+x995-E2X5OIxZUKKZPQLEHCxC8PuL9wo-Azpgo62TKUzu0+PJiWvJr655mku2CEE+EnLzuvZK55pkhk38uuV8PPY1FW2h$G+wY4lr7+vp$4IQna7ofOPvywHJj$d84pYrM+5rzHFpopLbKpUpKL2NObU3YzweMQFVe9LvClJAF3n9v3S8Z2MRP2hRKRq$7jmcySuFuv5FSH1nMf4D36Ilf8QVrbSuHUv83czpb2NAMKp8E9yVhYN6weSVmqAiFOLJElu1dUO-hRYA6aMrJe-zp7G3tuz199UDnUIItE3uIkuf-4WHN2o$$9KJMZBBFXQLyYMpmWUYC1QSY7k6$KYEd11-$IXNqA$vFzGI$oO-X$OrKgqD6gB49UHpgJDc6cIBbzU-jmX+P8qCW1Qz60bq+BY3I$NzEC2MeKBWUI$LWli$zLmPSEjIa$71695eJ1$c-6$$6EzAC$tBJjt1KQAyB3ju-7++WIxbSMSKnJI$c9SgwS586FZKEkB8atkq1PLXtjw9a$aBh22W-arXz4rw6i1QYBYjWCF$a5vpk1Uwoj-x$3LM2kGVhzFBUzzm--VeBTqktiz379M$aPwULB8Sa5Z+Ve$NSC9y86uB-5vXwUSkbdpqBzvEmEWz5n1k9Adqk27mnkO3u0pmd6d2Bnkgf45lfO02ySzBk36ubxVKpEqNz6DwSVzBX-rqnGD1W0pv82$rqYnKjjmXQr0d9j3Xq$jXGHA0PMUO3Gm27CNo3-9B7btCEtMS6h$rUMkw$TuAFyNdpzRBaroSu-52BG1v6n1Y-WmvfBImUkjSe$ZGZ8$fkD$58byKaPyjT15afB0mQxq02OU3aH$WlWNp98EajWfBB5zJ8-zRUiNZSOoVN8hBvqlkw1fzC--0F+QOa$9Im4NZVJAEPB7CvdkBAtz-GCSC1aB$+DBrFq0uba09EB1nJTr49CSd-oakp-OqHXL3uXByhqUAB9zn7gWP$$U2NB-GF-pQv-ydzTGW6cxVmTN5Zro1Gwyz6m4U-S2+UWQ2evyKxU5zTGmj9w-$2nZ8BzyZ9WEjM-Vjtr6zc9XWX2CY$eVzNMkL$uH+aduPg1UjqzYmt5khVw$IjL9OS40K+d0Jd$bhtCtmZ1qDStzCbpzwn58McWljHWrWg3bmkzm$rKJ09tVpzS5x1rVl6u-NziB21CS0CwQjuZ8q1SF6jfVuB1-zJrqakJ8$ABhtYVwUC7EF2DpQ$3U4W1jhz70Pg$0dkJckkCZ9MY5g6eyq$l84n2c1rd6zCr8$VTBz-c-YJ6X3urGgQ$Pd3SQr9mMQ-T$aiMpuWm1eTPFJidVrh86SVWRnSGESB$ruC9q-CQJdSuqrtS1ZXDbe$KK2WftBkzpPdM6z2rftBSgIT3U89CSjGtJyodldy$wDCSpg5f2Hgl+jr1ttA+7KZdI$f9lh6D9yhHUJ$YSqzb$d1hSBxJKu$rgYKx8umeq0$PkRpQ4BcybpJnlm-1q1Pbc5uQp3tUqwHVYcREqpe$6yPSP9Cz$wXvhokZmhWhqxaz7vjz+cP62Z$tqUhpmhqYE0zGRXPMqGQlt23ijbzwM$ni$LfUVCo9uRUzUncgurhtpdY1LqhLY8nB-XgeuhB4$Li+1q7gVb0po61$VJvNq$rfBQUfpb9npVo6yQPP9MWrb9Kzbq21$$B611gmZhkj5ZSknjaV1VXKk6Q4wad7EkzWq1j44fb5C-EvgVu-yJ7-E$l99pQV1V2dBB1vFeTq+FI$4aYF9N4S95UYdvYqBuLZ$y6YOof91F6vQ9QQ$rKnt6tCyqOyvz$hGMrtn1Vhjw2qUFaMnp5RB9c6bUZpd1l9dt5d6$aM1aH1f9rhrdIBC-SI0mpQyk8vJVaiWOTBFVxd6zQMTFon1JL0LA$vCiWX2bpd4d+BbTpt0R+aVhSuBWuiWMQACYDYuNDtIC-t4a$8UN$x8ep6u5QqT$2o-rI0pyEQ-HkqygMiWYyUzvqdxJEzDuMQ$pUu6Jxkr5uOApiVyj18zE2uDjvxQ-ywxzEnQS85GUjLnkh1r-Rug1b8y51fDc$$zPmPbSXdujDtif$rqcPOGqjw1V1Z6vmCQJR$i9SLv6ZHVtBttx9uWZq$3q79Kz7nrXbOhHBpt-9NucDPrU0$p+4ueB1xpZQammrLbzLbT1lYhL1SZ5hYE0V25ayi1798n4MXrq1BQ1T9e$vyUjVeVYcWmr1d9UoQ7mz$79PG2M-SUGIJHZEXCbcX8tKLe84aPa2$ZS-Ogy4FEW-g9iiK$kKEIqR--yVjdUY6UbaT-iDRuqPyj8+WE1jlYFK4hB85$2-TDjPZVzEMUETui1$YQch46WwBaJK$EdT5TcqIi+6ZyAv-q0rRSdz6T4K1ZLzjZQXafb9gbHSfK0BeyBRPOvmyi96wkGzzvEn+C-$Vuh$1DohhZq9qv6R-TwtNymdBcEIft1DRc1OL2aOa9N8DRc24ciMc6PQZwt+CgYkuzIOzZalvQKYA8d$8SqTtzdlYT11QWaM7TbplCyxyudNc7AAZmkvcHIhGfNQ7tKhyBJu9qWXU8yUC78CIPGJeqI6zouQBakGnzEOKthN1W7caM$ddBW5T8PMYWCEpp2M8U8Yw4TK8dUq08hkbzgTpmyPS1$lHUE4NLfbljU372adLroB0PQgCFIydr3Bl$Se7cpJUEink$vH$m5kc2D7YUkugQ$ymEYdF6-$TRQSo12G6ty8DEj-2yHm79tQ0Wq1P4LQy1dql-zKRQ+L05Ww$qXBuuX-kfyUdbyfDEz+QACSfrbaZjEullLb5Fbhy8e0PK4MhpZdfqVOdlQHzbZ4dj9cGAfKN$Qc7$f-Hj4fpNqj53jG14xYP-KYA1wGLnvj6R8UYM5V8vuhp0K2SSQ-0dnaRp1Xyghq5zX76UpRzMW8oIO6e6+jjtG7z6SdIK6C$lCCtA6ZlNYK-MTWCPht8RNyXKpArqdzCBBMR-RM4nXVThq8hzqiMTVC0AxcBIp$EpEgK-UY$6$CC06pgQ4htMKh2yBDjDp-AvEMekGymjzByoNj4aX$Rtk9$eTvcQY0q7IuRDTTJQ79v$b1bx5UYAZVWmqy1PD9HI05DWMnM$juXypeKCdq$KAvCLrSSIyd5CnbjGBkodNL$t5J5Lr$DqgcZE5a9cbFOIuK95E1aFd0otfdVrpB$i$hEQVVhCZPB3q+8MjyVzrZpzB8MD2+vL6HuIk253bbGiu2$aDou-UhoQP$y1jc9l5m3ThVDPNjVEW1jhACUKh6i-hZ8eY6m+Go+6Eo8XXPYHQoAA$GX92R5RokhtScc9HnXEb55hqN$Ant1e5EuW7F1HLMxQ7o4u-+TjBTEF9YDhGdhAtqUE-XmDtXXPCT8M1wG3D2LbHoVcUhuNJbE8exYw8pot0ODjzPxCG$1H0XGbonPC5jixk60zRGZPK8Eik$1N6K6LpUhpX9HPXibA$VUt6X0I90YeRtWUoI8yIBK6+jApMko83HKaMr4TWc145YHo-6+wOQXodXpovaDBqYQTttXvoP8AwATlUAeikhQ7$k5bG1XLpJd40MwtzWhoiczmL5cdATlOCXr8ee3Fwj1-vh2i+HnOg+ATXRCiibo2N+r6VXRhwZFH9l47j5XRhR8gHvNSqw-XOZYZbo1qWSpXQITz5Boz5iayVezAzgT6NqWUuzW9u6Xtdz3e+jzMUAuZEr-XlB6ViSTHibopqJZe1eFpt578ltDkR1l1HV$Yd0RPU6$QSOGZ-KbVJYKSGSDN5ku2VhkGAQIAqZjdhuJHj9XTUpXEd3E6Jj3etAT1ZHoV+twCiWnwiHdIdVhjm+GooZSKhy3xj3eqt6S+HXY8r67iioXgOHYYDrjDWhoX0FHjYcr6DiCn75HKfyJ6qVMk575dKW6e2E-PyAj5MKm6ep13lHui53HD6JeAOC$nwiRK76gUudM3tJ5HYrVmMoQi-O60dhW-Rc6VlzI+ZvW9TJLPde0Tp0m+QTNEAQXqnMgDKPXyEuQWgZkgBMR3OZ2ne8H9$y+6TlauGMUo0i+k5d-zUebeByBkoK1xi0KZ+ov9XdODj2-rVzHI$y$q6$g1Jy-HdzDz693mpcY-pW13mG9wp03eW2GBv3VCwleh9W$8BM7yFaSwoZ+zfIK9$WDzRCUmkx+KMLYFrQ4eEC7$AoW1QS21beBVSa3cCwC5SU52GB9$$$wy7Dy1bCVS$Nap$1k61+Dx94N-D-Oy-13-G9Tk-jdHqoWq$xTT-$Jeu21j41od0D1$$9tztuwnQaBvySk2+A$VGG9pxhWB88eWQcGW1qkRk0kSzu1VGU0qBUq9ntCj92iMOqBY4e$vtPCU$qu3$$d$9BF$$B54LtYv69+254lz0LoxMIHNF74I$Q09fLuqu3JzYbkGZcW$UaYbrA6RVHnM$x4YbyYp$-0$Qze1lbmAEJ+AjL1w$ADX-V$$g$b3P4YblB-mBWzM$l+MeNOokUWdghy$qavjZXV+DL19pG$45gSduSUo418$$$Z2O$lB+bXI6zBeTokWx6$bvt-VSUGj-x2XdvgtdHU38L9C$pyp4Pbk2zfN6uu0EEOm-Wk31h8aRqJCmj2kw9Tme6BXhH$ukh1QwcNqwd2YPQZyCI091aStUeXEHvLEg$0hHqaml+i$2S9cVgn34fTXt7CPxWELI$Txl9b0Wt$9Unk0zq7Lz94lMBz$x14eCfRgXkB3kH4wW6$d8qk$YFm9pm1Ho$TyWJieEgnEkv6hyJ+mMSbduaiJLMUl5X-tmKWKdB1B9$WqXwO$5p5T-w1MSnBloTIPfD3kw141N6VFhD2qy0zx9$$Qjo3vNtm6gAFLBkl0reLDLF0lWBn+3l+l9u3$WPCjH$$$lC$$"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 25 May 2025 15:42:18 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 1150\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Robots-Tag: noindex\r\nReferrer-Policy: no-referrer\r\nX-Frame-Options: SAMEORIGIN\r\nExpires: Tue, 24 Jun 2025 16:42:18 GMT\r\nCache-Control: public, max-age=2595600\r\nLast-Modified: Thu, 23 Jan 2025 17:57:14 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"8c7d1c14e4b9c42f07bd6b800d93b806","sha1":"87e49826ffb3bc1ddac38feebb6bb98eaef568b2","sha256":"1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637","sha512":"cd34625876aaf6e8e3cb6da2a9277bab3375cb3515bc701d3a3a05796557c39e442f33c66ae056501c49a810b172a7f6f9c7a32f0b4000ce8472d14ba3e4f41b","ssdeep":"","tlshash":"902152fe66839d2de04c1a7fca7a8a3716cbcd4694e431120b79b209de33c9410e943c","first_seen":"2023-05-02T08:50:11Z","last_seen":"2026-04-03T16:34:55.380073Z","times_seen":3134,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Zimbra Web Client","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Zimbra phishing","tags":["zimbra","phishing"],"meta":null}]}}]}