Report - nikafurniture.ru/cd/aHVtYXNrYUBrZXJldGEtYXBpLmNvLmlk

Report Overview

Visited public
2024-06-12 06:48:20
Tags
zimbra phishing
URL
nikafurniture.ru/cd/aHVtYXNrYUBrZXJldGEtYXBpLmNvLmlk
Finishing URL
pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/zimbra.html#humaska@kereta-api.co.id
IP / ASN
178.49.144.143
#31200 Novotelecom Ltd
Title
Zimbra Web Client Sign In
Phishing - Zimbra Web Client

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev	unknown	unknown	No data	No data	1.1 kB	181 kB	104.18.3.35
wafsd.com	unknown	2023-09-07	2023-11-29 16:10:01	2024-04-17 23:18:22	1.9 kB	19 kB	195.35.33.215

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/zimbra.html#humaska@kereta-api.co.id	ScriptElement	90 kB	2024-05-28	2024-08-19
Pretty URL pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/zimbra.html#humaska@kereta-api.co.id IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-28 13:03 Last Seen2024-08-19 21:30 Times Seen14 Hash 0f52663be7a6b7b713d2a6b18aa26203 e9cade1d9dff1a6582d72942d3e29bba722f7f55 f3bfbfda8f280eb848e0c360321d0b488c1adaa2de2311220baf15249ede268f Loading...

	unknown	ScriptElement	534 B	2023-12-20	2024-09-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-20 19:08 Last Seen2024-09-28 07:37 Times Seen233 Hash fdd64089b599623fef4e10c087041bcc 87d480062f938a83d979f5d14280e42a3d60c58c 6cf52fa82cf14fb235b41b4ddfd666316084c30745e9914e575237fca442750a Loading...

	unknown	ScriptElement	3.7 kB	2024-04-15	2024-09-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-15 10:59 Last Seen2024-09-28 07:37 Times Seen204 Hash ef720b27c08846167e9caf5e69fc03f2 e6cac9b9a8a01cd3f43214842b41bb35d63d108e 4f38c71567fefde8b9fcf098c8c14c075821aae7c305402a237d88524095f383 Loading...

		Size	First Seen	Last Seen
	#1 Write - ef31bd8ad111f26750848947f70bd653	11 kB	2024-04-15 10:59	2024-09-28 07:37
Pretty Observations First Seen2024-04-15 10:59 Last Seen2024-09-28 07:37 Times Seen204 Hash ef31bd8ad111f26750848947f70bd653 7933731f127aad2f9b3b6fc723cd1b6f90f4675a f9d3de9342807fdde4963e8ae215ed7756fbc434b8ebff8b623343986561659c Loading...

HTTP Transactions (6)

URL IP Response Size

pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/zimbra.html

104.18.3.35

90 kB

URL
pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/zimbra.html
IP
104.18.3.35:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (65500)
Size
90 kB (90103 bytes)
Hash
8cf3298f276de4c8a460b46962295b27
f8fc0f4eac53c199e8410274b1455a78bfa0536a
ea57bfd6c66f4126e1abc04321c30954d489cbdd2d5ae91709fbafb8ff53d3d0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /zimbra.html HTTP/1.1
Host: pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nikafurniture.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 12 Jun 2024 06:47:56 GMT
Content-Type: text/html
Content-Length: 90103
Connection: keep-alive
Accept-Ranges: bytes
ETag: "8cf3298f276de4c8a460b46962295b27"
Last-Modified: Tue, 11 Jun 2024 20:31:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8927e4705c7f92a0-CPH

wafsd.com/app/zimbr/media/styles.css

195.35.33.215

200 OK

12 kB

URL GET HTTP/2
wafsd.com/app/zimbr/media/styles.css
IP
195.35.33.215:443
ASN
#47583 Hostinger International Limited

Requested by
https://pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/zimbra.html#humaska@kereta-api.co.id
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintD2:E2:37:69:AA:4E:F6:FB:6E:30:88:A9:90:9C:C7:B6:EB:E1:F7:C8
ValidityWed, 17 Apr 2024 20:16:33 GMT - Tue, 16 Jul 2024 20:16:32 GMT

File type
ASCII text
Size
12 kB (11747 bytes)
Hash
7e1450058910ad15aefc024fb6d754fe
436b7fe594a671decaaa869a6aa10df5da083d61
917a8961aebb812d1f697925bdffb7364988a248fb4a1b62f18ebf8ad4a5e98c

HTTP Headers

GET /app/zimbr/media/styles.css HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 19 Jun 2024 06:47:56 GMT
content-type: text/css
last-modified: Thu, 30 Nov 2023 01:10:23 GMT
etag: "10f1f-6567e0ff-564f574ba31d81a;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11747
date: Wed, 12 Jun 2024 06:47:56 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

wafsd.com/app/zimbr/media/ImgCritical_32.png

195.35.33.215

200 OK

1.8 kB

URL GET HTTP/2
wafsd.com/app/zimbr/media/ImgCritical_32.png
IP
195.35.33.215:443
ASN
#47583 Hostinger International Limited

Requested by
https://pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/zimbra.html#humaska@kereta-api.co.id
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintD2:E2:37:69:AA:4E:F6:FB:6E:30:88:A9:90:9C:C7:B6:EB:E1:F7:C8
ValidityWed, 17 Apr 2024 20:16:33 GMT - Tue, 16 Jul 2024 20:16:32 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1786 bytes)
Hash
d603a4564e6eaed3aa0d3968e370d3b2
539b8ec9f251b28e1bd0cff9d8992309ad61f442
dbe2ddb68a1551e50afee8edce02b19f9f86a0f43643fac32f66616bd10e30cb

HTTP Headers

GET /app/zimbr/media/ImgCritical_32.png HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 19 Jun 2024 06:47:56 GMT
content-type: image/png
last-modified: Thu, 30 Nov 2023 01:10:23 GMT
etag: "6fa-6567e0ff-6ce1f8c460996416;;;"
accept-ranges: bytes
content-length: 1786
date: Wed, 12 Jun 2024 06:47:56 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

wafsd.com/app/zimbr/media/zimbra.ico

195.35.33.215

403 Forbidden

787 B

URL GET HTTP/2
wafsd.com/app/zimbr/media/zimbra.ico
IP
195.35.33.215:443
ASN
#47583 Hostinger International Limited

Requested by
https://pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/zimbra.html#humaska@kereta-api.co.id
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintD2:E2:37:69:AA:4E:F6:FB:6E:30:88:A9:90:9C:C7:B6:EB:E1:F7:C8
ValidityWed, 17 Apr 2024 20:16:33 GMT - Tue, 16 Jul 2024 20:16:32 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
787 B (787 bytes)
Hash
ff715af41f83fb38cd35c4e91c77c46d
11e71530661013137721d635f95630722eaa6afd
036bacf3bd34365006eac2a78e4520a953a6250e9550dcf9c9d4b0678c225b4c

HTTP Headers

GET /app/zimbr/media/zimbra.ico HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 787
date: Wed, 12 Jun 2024 06:47:56 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

wafsd.com/app/zimbr/media/LoginBanner_white.png

195.35.33.215

200 OK

3.3 kB

URL GET HTTP/2
wafsd.com/app/zimbr/media/LoginBanner_white.png
IP
195.35.33.215:443
ASN
#47583 Hostinger International Limited

Requested by
https://pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/zimbra.html#humaska@kereta-api.co.id
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintD2:E2:37:69:AA:4E:F6:FB:6E:30:88:A9:90:9C:C7:B6:EB:E1:F7:C8
ValidityWed, 17 Apr 2024 20:16:33 GMT - Tue, 16 Jul 2024 20:16:32 GMT

File type
PNG image data, 163 x 36, 8-bit/color RGBA, non-interlaced
Size
3.3 kB (3299 bytes)
Hash
e04d149f1a5dec8a4b31e20e1f1413fb
44e9355e76474683c0f9ebd8c8150fffd30f9e9b
8db258b55ceabeb5c9c8bf41f59a2743c579cfcee58c34cacc945ad9c01d6ef1

HTTP Headers

GET /app/zimbr/media/LoginBanner_white.png HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wafsd.com/app/zimbr/media/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 19 Jun 2024 06:47:57 GMT
content-type: image/png
last-modified: Thu, 30 Nov 2023 01:10:23 GMT
etag: "ce3-6567e0ff-f186d7682c765f64;;;"
accept-ranges: bytes
content-length: 3299
date: Wed, 12 Jun 2024 06:47:57 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/zimbra.html

104.18.3.35

200 OK

90 kB

URL User Request GET HTTP/1.1
pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev/zimbra.html
IP
104.18.3.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint00:AA:40:3F:3E:AE:B0:85:C2:A1:9B:9E:8B:A4:F4:21:D4:DE:DD:AC
ValidityMon, 03 Jun 2024 14:44:39 GMT - Sun, 01 Sep 2024 14:44:38 GMT

File type
HTML document, ASCII text, with very long lines (65500)
Size
90 kB (90103 bytes)
Hash
8cf3298f276de4c8a460b46962295b27
f8fc0f4eac53c199e8410274b1455a78bfa0536a
ea57bfd6c66f4126e1abc04321c30954d489cbdd2d5ae91709fbafb8ff53d3d0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /zimbra.html HTTP/1.1
Host: pub-5610d7d902a54eb7b9bb1d9122a6c3c5.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nikafurniture.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 12 Jun 2024 06:47:56 GMT
Content-Type: text/html
Content-Length: 90103
Connection: keep-alive
Accept-Ranges: bytes
ETag: "8cf3298f276de4c8a460b46962295b27"
Last-Modified: Tue, 11 Jun 2024 20:31:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8927e4705c7f92a0-CPH

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (6)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type