Report - webmail.polri.go.id/

Report Overview

Visited public
2023-12-02 12:02:10
Tags
zimbra phishing
URL
webmail.polri.go.id/
Finishing URL
webmail.polri.go.id/
IP / ASN
120.29.231.91
#38764 MARKAS BESAR KEPOLISIAN REPUBLIK INDONESIA
Title
Zimbra Web Client Sign In
Phishing - Zimbra Web Client

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
webmail.polri.go.id	unknown	2000-05-10	2015-04-22 14:14:41	2023-09-26 12:32:19	2.2 kB	61 kB	120.29.231.91

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	unknown	EventHandler	9 B	2023-04-11	2025-05-12
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-11 04:37 Last Seen2025-05-12 02:41 Times Seen2461 Hash 8330d67045d053b17fa969ef2bdb5e54 041174325b27a7b4d2d1b1a0e353fa82d1cb6431 ceecf99c8bd1f6e5f89a26d3b40e009d48860d674231297254ff75d817b9a883 Loading...

	webmail.polri.go.id/	ScriptElement	207 B	2023-04-18	2025-05-06
Pretty URL webmail.polri.go.id/ IP 120.29.231.91 ASN #38764 MARKAS BESAR KEPOLISIAN REPUBLIK INDONESIA Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-18 02:03 Last Seen2025-05-06 14:20 Times Seen155 Hash 700e887e90c4dd4028b8dc075599ebab a21a02ee24d2126e077886f8dfee7e8c2332467a ef77018d199c2b7456cd2cffc70518b1d320c96a0300180aa2a6da9dddfc06d7 Loading...

	webmail.polri.go.id/	ScriptElement	6.6 kB	2024-08-20	2024-08-20
Pretty URL webmail.polri.go.id/ IP 120.29.231.91 ASN #38764 MARKAS BESAR KEPOLISIAN REPUBLIK INDONESIA Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:04 Last Seen2024-08-20 17:04 Times Seen1 Hash 67db8c558514de7ac360b31d146e0aaa 8985475cebf25505d3c3321b5d31382dd06ef0c3 65a5adab16cebce1423e7df416f26ca30998542fc830c0391fac16101417626c Loading...

		Size	First Seen	Last Seen
	#1 Write - 3050ae2abb1cd3f35953b5103fa3954a	136 B	2023-03-07 01:34	2025-05-12 02:41
Pretty Observations First Seen2023-03-07 01:34 Last Seen2025-05-12 02:41 Times Seen470 Hash 3050ae2abb1cd3f35953b5103fa3954a 1ed99d798e4fccce033962261830aa361a8e0c74 5f5bd55e3dc0ffc7f8c75f07f64be080f6513b37ab2628d0420f3668a9899412 Loading...

HTTP Transactions (4)

URL IP Response Size

webmail.polri.go.id/css/common,login,zhtml,skin.css?skin=harmony&v=211112023641

120.29.231.91

200 OK

29 kB

URL GET HTTP/2
webmail.polri.go.id/css/common,login,zhtml,skin.css?skin=harmony&v=211112023641
IP
120.29.231.91:443
ASN
#38764 MARKAS BESAR KEPOLISIAN REPUBLIK INDONESIA

Requested by
https://webmail.polri.go.id/
Certificate
IssuerDigiCert Inc
Subject*.polri.go.id
Fingerprint40:C0:0E:A0:68:D9:C1:1F:9C:87:80:AB:67:39:E8:CF:4E:E9:0D:12
ValidityFri, 13 Jan 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Size
29 kB (28622 bytes)
Hash
91ed4456e35f1326f0a554eab0c0e018
cd1e974561a6f2d7ce0d50fb5c650a7f563c1d68
59f2ffbe87a22ecb7983c2f82614cafc31a5a115b6f749d56691d072964226f0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /css/common,login,zhtml,skin.css?skin=harmony&v=211112023641 HTTP/1.1
Host: webmail.polri.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.polri.go.id/
Cookie: ZM_TEST=true; ZM_LOGIN_CSRF=47bcdffc-ad0a-4e88-a64e-7b342683470d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 12:01:54 GMT
content-type: text/css
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-robots-tag: noindex
x-frame-options: SAMEORIGIN
expires: Mon, 1 Jan 2024 13:01:54 GMT
cache-control: public, max-age=2595600
vary: User-Agent, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

webmail.polri.go.id/img/logo/favicon.ico

120.29.231.91

200 OK

1.2 kB

URL GET HTTP/2
webmail.polri.go.id/img/logo/favicon.ico
IP
120.29.231.91:443
ASN
#38764 MARKAS BESAR KEPOLISIAN REPUBLIK INDONESIA

Requested by
https://webmail.polri.go.id/
Certificate
IssuerDigiCert Inc
Subject*.polri.go.id
Fingerprint40:C0:0E:A0:68:D9:C1:1F:9C:87:80:AB:67:39:E8:CF:4E:E9:0D:12
ValidityFri, 13 Jan 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
8c7d1c14e4b9c42f07bd6b800d93b806
87e49826ffb3bc1ddac38feebb6bb98eaef568b2
1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /img/logo/favicon.ico HTTP/1.1
Host: webmail.polri.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.polri.go.id/
Cookie: ZM_TEST=true; ZM_LOGIN_CSRF=47bcdffc-ad0a-4e88-a64e-7b342683470d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 12:01:54 GMT
content-type: image/x-icon
content-length: 1150
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-robots-tag: noindex
x-frame-options: SAMEORIGIN
expires: Mon, 1 Jan 2024 13:01:54 GMT
cache-control: public, max-age=2595600
last-modified: Tue, 28 Feb 2017 20:13:10 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

webmail.polri.go.id/logos/login-banner.png

120.29.231.91

200 OK

17 kB

URL GET HTTP/2
webmail.polri.go.id/logos/login-banner.png
IP
120.29.231.91:443
ASN
#38764 MARKAS BESAR KEPOLISIAN REPUBLIK INDONESIA

Requested by
https://webmail.polri.go.id/
Certificate
IssuerDigiCert Inc
Subject*.polri.go.id
Fingerprint40:C0:0E:A0:68:D9:C1:1F:9C:87:80:AB:67:39:E8:CF:4E:E9:0D:12
ValidityFri, 13 Jan 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type
PNG image data, 440 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (16713 bytes)
Hash
38c1bc99779878f7fed2d3ea8a3dbb7b
94eaecebb9a0ce6dd5b77be71e551f296fd62091
3951612ed278c0dd78fec9f6754d9d21638a690c0bd882b3a194865e31e3fc87

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /logos/login-banner.png HTTP/1.1
Host: webmail.polri.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.polri.go.id/css/common,login,zhtml,skin.css?skin=harmony&v=211112023641
Cookie: ZM_TEST=true; ZM_LOGIN_CSRF=47bcdffc-ad0a-4e88-a64e-7b342683470d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 12:01:54 GMT
content-type: image/png
content-length: 16713
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-robots-tag: noindex
x-frame-options: SAMEORIGIN
expires: Mon, 1 Jan 2024 13:01:54 GMT
cache-control: public, max-age=2595600
last-modified: Mon, 01 Mar 2021 04:22:44 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

webmail.polri.go.id/

120.29.231.91

200 OK

13 kB

URL User Request GET HTTP/2
webmail.polri.go.id/
IP
120.29.231.91:443
ASN
#38764 MARKAS BESAR KEPOLISIAN REPUBLIK INDONESIA

Certificate
IssuerDigiCert Inc
Subject*.polri.go.id
Fingerprint40:C0:0E:A0:68:D9:C1:1F:9C:87:80:AB:67:39:E8:CF:4E:E9:0D:12
ValidityFri, 13 Jan 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type

Size
13 kB (13043 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET / HTTP/1.1
Host: webmail.polri.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 02 Dec 2023 12:01:53 GMT
content-type: text/html;charset=utf-8
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-robots-tag: noindex
x-frame-options: SAMEORIGIN
expires: -1
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
content-language: en-US
set-cookie: ZM_TEST=true
ZM_LOGIN_CSRF=47bcdffc-ad0a-4e88-a64e-7b342683470d;HttpOnly
x-ua-compatible: IE=edge
vary: User-Agent, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (4)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers