Report - webmail.kswiss-uae.com/

Report Overview

Submitted URL
webmail.kswiss-uae.com/
IP
196.247.30.111
ASN
#41564 Orion Network Limited
Submitted
2024-04-25 21:26:19
Access
public
Website Title
Webmail Login
Final URL
webmail.kswiss-uae.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
webmail.kswiss-uae.com	unknown	unknown	No data	No data	8.7 kB	126 kB	196.247.30.111

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	kswiss-uae.com	Sinkholed
2024-04-25	medium	kswiss-uae.com	Sinkholed
2024-04-25	medium	kswiss-uae.com	Sinkholed
2024-04-25	medium	kswiss-uae.com	Sinkholed
2024-04-25	medium	kswiss-uae.com	Sinkholed
2024-04-25	medium	kswiss-uae.com	Sinkholed
2024-04-25	medium	kswiss-uae.com	Sinkholed
2024-04-25	medium	kswiss-uae.com	Sinkholed
2024-04-25	medium	kswiss-uae.com	Sinkholed
2024-04-25	medium	kswiss-uae.com	Sinkholed
2024-04-25	medium	kswiss-uae.com	Sinkholed
2024-04-25	medium	kswiss-uae.com	Sinkholed
2024-04-25	medium	kswiss-uae.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	webmail.kswiss-uae.com/	84 B	2023-03-07	2024-05-04
Pretty URL webmail.kswiss-uae.com/ IP 196.247.30.111 ASN #41564 Orion Network Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:37 Last Seen2024-05-04 10:51:30 Times Seen1376 Hash f88baf75b8e07dd7ec741e96546bc4f7 a74b22312f7ce6ea751190a32f188b305f2e71e3 1e5f5c8697f7a5934a4e88d298805feb7272c5ae7b1a357b44ec0b5289b60a50 Loading...

	webmail.kswiss-uae.com/	19 kB	2023-05-19	2024-05-04
Pretty URL webmail.kswiss-uae.com/ IP 196.247.30.111 ASN #41564 Orion Network Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-19 06:37:57 Last Seen2024-05-04 01:30:16 Times Seen13 Hash 5d4065da723a3773ce89c10fe9bef6f2 65250d7938e654978b63fe4dcf2fc780113db637 478ee0eab90968ac09bf604bc9590be2d5886104c31b3238bb7071c4526b555e Loading...

HTTP Transactions (13)

URL IP Response Size

webmail.kswiss-uae.com/

196.247.30.111

200 OK

12 kB

URL User Request GET HTTP/1.1
webmail.kswiss-uae.com/
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10609)
Size
12 kB (12141 bytes)
Hash
263da85b77c3e4acaffde87927155119
520a9248c79f0be6cf5076c25488231481bebbcd
cac93ad70ce9fd2c00b3700d135a61c4bcbd454059b09094c69793fd7bd05a4c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:54 GMT
Server: Apache
Content-Type: text/html; charset="utf-8"
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, private, no-cache, no-store, must-revalidate, private
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 12141
Set-Cookie: webmailrelogin=no; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; HttpOnly; path=/; port=443; secure
roundcube_sessid=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
roundcube_sessauth=expired; HttpOnly; domain=webmail.kswiss-uae.com; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
PPA_ID=expired; HttpOnly; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; port=443; secure
roundcube_cookies=enabled; HttpOnly; expires=Fri, 25-Apr-2025 21:25:54 GMT; path=/; port=443; secure
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

webmail.kswiss-uae.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/open_sans.min.css

196.247.30.111

200 OK

522 B

URL GET HTTP/1.1
webmail.kswiss-uae.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/open_sans.min.css
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Requested by
https://webmail.kswiss-uae.com/
Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
ASCII text, with very long lines (6358), with no line terminators
Size
522 B (522 bytes)
Hash
952b5c93a75a89c458fe5093480dd1bc
564d17e569cb59cf7043d7f777727c19a3cbda3a
17781767b9edf1ebdde3529494d5cb3d8403702893db10258bedd3f9b8002f20

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/open_sans.min.css HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.kswiss-uae.com/
Cookie: webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; roundcube_cookies=enabled
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:54 GMT
Server: Apache
Content-Type: text/css
Last-Modified: Wed, 30 Mar 2022 03:16:35 GMT
Cache-Control: max-age=5184000, public
Expires: Mon, 24 Jun 2024 21:25:54 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 522
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

webmail.kswiss-uae.com/cPanel_magic_revision_1680718859/unprotected/cpanel/style_v2_optimized.css

196.247.30.111

200 OK

33 kB

URL GET HTTP/1.1
webmail.kswiss-uae.com/cPanel_magic_revision_1680718859/unprotected/cpanel/style_v2_optimized.css
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Requested by
https://webmail.kswiss-uae.com/
Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
ASCII text, with very long lines (35968)
Size
33 kB (33186 bytes)
Hash
0ae593ee6acfe4f48ac90b99655d6ab4
d623b10eeb4f8a8168fc330aaae9e8ecb2d83b58
4354eb0d2754b304c9328b5c0d310ab8057fa28bab8d5bd791d484c71deabbdb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cPanel_magic_revision_1680718859/unprotected/cpanel/style_v2_optimized.css HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.kswiss-uae.com/
Cookie: webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; roundcube_cookies=enabled
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:54 GMT
Server: Apache
Content-Type: text/css
Last-Modified: Wed, 05 Apr 2023 18:20:59 GMT
Cache-Control: max-age=5184000, public
Expires: Mon, 24 Jun 2024 21:25:54 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 33186
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/webmail-logo.svg

196.247.30.111

200 OK

2.4 kB

URL GET HTTP/1.1
webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/webmail-logo.svg
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Requested by
https://webmail.kswiss-uae.com/
Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
SVG Scalable Vector Graphics image
Size
2.4 kB (2399 bytes)
Hash
bc0c956653325b9e694d4dd1dfb78020
e1196e4db68ed573355ade966152a084581b40ec
998cd48cdc0414f694d0a3a299dd2beb1134769d5666c7e5567e7d20b4174ef8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cPanel_magic_revision_1680711171/unprotected/cpanel/images/webmail-logo.svg HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.kswiss-uae.com/
Cookie: webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; roundcube_cookies=enabled
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:55 GMT
Server: Apache
Content-Type: image/svg+xml
Last-Modified: Wed, 05 Apr 2023 16:12:51 GMT
Cache-Control: max-age=5184000, public
Expires: Mon, 24 Jun 2024 21:25:55 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 2399
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/notice-error.png

196.247.30.111

200 OK

1.0 kB

URL GET HTTP/1.1
webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/notice-error.png
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Requested by
https://webmail.kswiss-uae.com/
Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
Size
1.0 kB (1026 bytes)
Hash
a3265cc598ae28633c060889e790f80c
57530d6996c8f36711ef05681474b8f63d4184b3
bcaf01928e5c7246ab0bb7e83f609b485a67a5e442d3dd94539a883c11fb70cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cPanel_magic_revision_1680711171/unprotected/cpanel/images/notice-error.png HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.kswiss-uae.com/cPanel_magic_revision_1680718859/unprotected/cpanel/style_v2_optimized.css
Cookie: webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; roundcube_cookies=enabled
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:55 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Wed, 05 Apr 2023 16:12:51 GMT
Cache-Control: max-age=5184000, public
Expires: Mon, 24 Jun 2024 21:25:55 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 1026
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/icon-username.png

196.247.30.111

200 OK

320 B

URL GET HTTP/1.1
webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/icon-username.png
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Requested by
https://webmail.kswiss-uae.com/
Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Size
320 B (320 bytes)
Hash
07ff84f8c855e5fe9d510ff5c9a4b1e4
11c262053e2b9be57d1dba7cb3d916ef041a0e50
05ce0f813e6236158fa1d115faba62cd2041aab1878cac0960a0f45575cece1e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cPanel_magic_revision_1680711171/unprotected/cpanel/images/icon-username.png HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.kswiss-uae.com/cPanel_magic_revision_1680718859/unprotected/cpanel/style_v2_optimized.css
Cookie: webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; roundcube_cookies=enabled
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:55 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Wed, 05 Apr 2023 16:12:51 GMT
Cache-Control: max-age=5184000, public
Expires: Mon, 24 Jun 2024 21:25:55 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 320
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

webmail.kswiss-uae.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff

196.247.30.111

200 OK

23 kB

URL GET HTTP/1.1
webmail.kswiss-uae.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Requested by
https://webmail.kswiss-uae.com/
Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
Web Open Font Format, TrueType, length 22908, version 1.0
Size
23 kB (22908 bytes)
Hash
697574b47bcfdd2c45e3e63c7380dd67
4590722b795938e0b6ff1b99701d1abe37aeabef
26b216fadb2ffcd542ca56c2d84f9918f62e40de89bf88b4211fffacd2a4ad83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://webmail.kswiss-uae.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/open_sans.min.css
Cookie: webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; roundcube_cookies=enabled
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:55 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Wed, 30 Mar 2022 03:16:35 GMT
Cache-Control: max-age=5184000, public
Expires: Mon, 24 Jun 2024 21:25:55 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 22908
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

webmail.kswiss-uae.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff

196.247.30.111

200 OK

23 kB

URL GET HTTP/1.1
webmail.kswiss-uae.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Requested by
https://webmail.kswiss-uae.com/
Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
Web Open Font Format, TrueType, length 22660, version 1.0
Size
23 kB (22660 bytes)
Hash
79515ad0788973c533405f7012dfeccd
5092881fad2caffdc6bf71bdab1ea547b73d3564
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://webmail.kswiss-uae.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/open_sans.min.css
Cookie: webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; roundcube_cookies=enabled
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:55 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Wed, 30 Mar 2022 03:16:35 GMT
Cache-Control: max-age=5184000, public
Expires: Mon, 24 Jun 2024 21:25:55 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 22660
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive

webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/warning.png

196.247.30.111

200 OK

1.1 kB

URL GET HTTP/1.1
webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/warning.png
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Requested by
https://webmail.kswiss-uae.com/
Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1060 bytes)
Hash
a64b8c7407bf94cc4448cb210bb882e7
a526cf52b2c5b6c2d0409b886de4aa968000fcd8
7ecb82019606d891c5197d2f8ba24ec323d9b10a089facc82d089ff1ec3d399b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cPanel_magic_revision_1680711171/unprotected/cpanel/images/warning.png HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.kswiss-uae.com/cPanel_magic_revision_1680718859/unprotected/cpanel/style_v2_optimized.css
Cookie: webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; roundcube_cookies=enabled; timezone=Etc/UTC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:55 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Wed, 05 Apr 2023 16:12:51 GMT
Cache-Control: max-age=5184000, public
Expires: Mon, 24 Jun 2024 21:25:55 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 1060
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive

webmail.kswiss-uae.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff

196.247.30.111

200 OK

22 kB

URL GET HTTP/1.1
webmail.kswiss-uae.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Requested by
https://webmail.kswiss-uae.com/
Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
Web Open Font Format, TrueType, length 22432, version 1.0
Size
22 kB (22432 bytes)
Hash
2e90d5152ce92858b62ba053c7b9d2cb
8cf65f42a2a8c349ccd6ab63b6cbd17c96fd665c
a0357cb694b5284870c77c0dbcaf33f238004800419288afde313317b0dbd0b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://webmail.kswiss-uae.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/open_sans.min.css
Cookie: webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; roundcube_cookies=enabled
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:55 GMT
Server: Apache
Content-Type: application/font-woff
Last-Modified: Wed, 30 Mar 2022 03:16:35 GMT
Cache-Control: max-age=5184000, public
Expires: Mon, 24 Jun 2024 21:25:55 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 22432
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/icon-password.png

196.247.30.111

200 OK

450 B

URL GET HTTP/1.1
webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/icon-password.png
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Requested by
https://webmail.kswiss-uae.com/
Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Size
450 B (450 bytes)
Hash
7ac1cefcb7eab93c6d6981ecde6c1635
1523f8cb80ab19108549d0b7db31a58b71c05d39
a02998df88a6efb0baa526796b2b682ce9fdd6471ceb19170b326320f22f7053

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cPanel_magic_revision_1680711171/unprotected/cpanel/images/icon-password.png HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.kswiss-uae.com/cPanel_magic_revision_1680718859/unprotected/cpanel/style_v2_optimized.css
Cookie: webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; roundcube_cookies=enabled
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:55 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Wed, 05 Apr 2023 16:12:51 GMT
Cache-Control: max-age=5184000, public
Expires: Mon, 24 Jun 2024 21:25:55 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 450
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/notice-success.png

196.247.30.111

200 OK

962 B

URL GET HTTP/1.1
webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/notice-success.png
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Requested by
https://webmail.kswiss-uae.com/
Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
Size
962 B (962 bytes)
Hash
0a0ec2a6468d4d1aa3fc2baa70271ac8
a31fb01790aca8dc1976450e4234cb6ccc328956
cafbe3036533fe094931f5745f8cb9962a34409522e93d63ac8427acb9a02c79

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cPanel_magic_revision_1680711171/unprotected/cpanel/images/notice-success.png HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.kswiss-uae.com/cPanel_magic_revision_1680718859/unprotected/cpanel/style_v2_optimized.css
Cookie: webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; roundcube_cookies=enabled; timezone=Etc/UTC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:55 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Wed, 05 Apr 2023 16:12:51 GMT
Cache-Control: max-age=5184000, public
Expires: Mon, 24 Jun 2024 21:25:55 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 962
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/notice-info.png

196.247.30.111

200 OK

976 B

URL GET HTTP/1.1
webmail.kswiss-uae.com/cPanel_magic_revision_1680711171/unprotected/cpanel/images/notice-info.png
IP
196.247.30.111:443
ASN
#41564 Orion Network Limited

Requested by
https://webmail.kswiss-uae.com/
Certificate
IssuerLet's Encrypt
Subjectcpcalendars.kswiss-uae.com
FingerprintC5:3A:98:D9:72:1C:D1:C9:26:A4:0D:21:48:4A:2A:F8:E7:C3:AE:1B
ValidityWed, 24 Apr 2024 20:35:57 GMT - Tue, 23 Jul 2024 20:35:56 GMT

File type
PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced
Size
976 B (976 bytes)
Hash
14146cf832470d9beca95a708a1d6f8d
d4b506f92876baea69409f3a78c4718757a53b33
95f8a142dd96c310afeb75329ef504f162ab3102a81fc07f20b268361990f526

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cPanel_magic_revision_1680711171/unprotected/cpanel/images/notice-info.png HTTP/1.1
Host: webmail.kswiss-uae.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.kswiss-uae.com/cPanel_magic_revision_1680718859/unprotected/cpanel/style_v2_optimized.css
Cookie: webmailsession=%3aPUfDP3nFIRKxD8sH%2c3e42151cedd4771fc8610625aebe1e24; roundcube_cookies=enabled; timezone=Etc/UTC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 21:25:55 GMT
Server: Apache
Content-Type: image/png
Last-Modified: Wed, 05 Apr 2023 16:12:51 GMT
Cache-Control: max-age=5184000, public
Expires: Mon, 24 Jun 2024 21:25:55 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Length: 976
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers