Report - historianmail.ga/

Report Overview

URL

historianmail.ga/
IP

89.38.96.112

ASN

#49981 WorldStream B.V.
Submitted

2023-02-23T22:06:22Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

2
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-14T05:09:37Z	333	391	34.117.237.239
api-v2.firstmail.ltd (1)	unknown	2023-02-14T10:08:58Z	2023-03-01T11:14:38Z	490	517	89.38.96.112
r3.o.lencr.org (7)	344	2020-12-02T09:52:13Z	2023-03-14T05:09:04Z	2366	6202	23.33.119.10
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-14T05:09:37Z	413	5882	34.160.144.191
ocsp.pki.goog (2)	175	2018-07-01T08:43:07Z	2023-03-13T18:12:07Z	686	1398	216.58.211.3
region1.google-analytics.com (1)	unknown	2022-03-17T12:26:33Z	2023-03-14T05:10:26Z	810	444	216.239.32.36
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3246	51456	34.120.237.76
historianmail.ga (1)	unknown	2023-01-01T13:43:48Z	2023-01-31T13:50:13Z	348	699	89.38.96.112
firstmail.ltd (32)	unknown	2022-07-26T14:53:10Z	2023-03-01T11:14:50Z	14177	1310030	89.38.96.112
ocsp.globalsign.com (1)	2075	2012-07-20T19:46:16Z	2023-03-13T18:28:26Z	359	1413	104.18.21.226
fonts.gstatic.com (4)	unknown	2014-09-09T02:40:21Z	2023-03-14T08:49:03Z	1996	69171	142.250.74.35
mc.yandex.ru (3)	2672	2012-05-21T11:38:30Z	2023-03-14T07:41:14Z	2188	78011	93.158.134.119
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-13T18:13:28Z	782	2373	35.241.9.150
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-14T05:09:38Z	606	127	35.165.41.15

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-23T22:06:33Z	low	Client IP	Internal IP	ET INFO DNS Query for Suspicious .ga Domain
2023-02-23T22:06:34Z	medium	Client IP	89.38.96.112	ET INFO HTTP Request to a *.ga domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (63)

URL IP Response Size

r3.o.lencr.org/

23.33.119.10

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.10:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

6f313739c4c44174fc9a97ac63621b46

319da68d06694330ad9f7901bcde1ca0a6eeac0d

321236ee07769c741890815bc56fd2700ff1974b0534368b9ff2e96320ae4fee

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "321236EE07769C741890815BC56FD2700FF1974B0534368B9FF2E96320AE4FEE"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7883
Expires: Fri, 24 Feb 2023 00:17:32 GMT
Date: Thu, 23 Feb 2023 22:06:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.10

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.10:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

67fc460ed2f69dde3c410ec607ef3510

ba9f582ec321351e5c06c9b2c381f06b685ef274

85df74fac7d59d76840b6359bac24648fede201c0048f2a8382af6468225ffb8

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85DF74FAC7D59D76840B6359BAC24648FEDE201C0048F2A8382AF6468225FFB8"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5505
Expires: Thu, 23 Feb 2023 23:37:54 GMT
Date: Thu, 23 Feb 2023 22:06:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.10

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.10:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

7fb59e5d3cdf08b94e5f41fdeb9aec6c

ff644039db3b9f74d7e2fab10f93581bea10614a

861573a00d75364e15783c5e448c4f8b4da48b38d9beba3ebd33a87f993489a5

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "861573A00D75364E15783C5E448C4F8B4DA48B38D9BEBA3EBD33A87F993489A5"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6380
Expires: Thu, 23 Feb 2023 23:52:29 GMT
Date: Thu, 23 Feb 2023 22:06:09 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

7f03faaba3392caae6dae54467bfdf6d

57ea1f14e8bfbcca8190c706d708c9fda12442c1

02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Feb 2023 21:53:57 GMT
content-type: application/json
age: 732
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

b5ba6334e73496995e3e3a9ecd0eb323

ad80d3b7718c28364e8c2004fb38a13a1747e462

aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: vq2O38KS0NnN5eUXC4XApbTQoX0pzANllHPeV/6Yz8aO4fA8j0IHE7Bq6ZbO1XDKu7HCGiFrzhQ=
x-amz-request-id: TT272W6FRK1J9MWZ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Feb 2023 21:49:14 GMT
age: 1015
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

historianmail.ga/

89.38.96.112

301 Moved Permanently

162

URL HTTP/1.1

historianmail.ga/
IP

89.38.96.112:0
ASN

#49981 WorldStream B.V.

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

162
Hash

4f8e702cc244ec5d4de32740c0ecbd97

3adb1f02d5b6054de0046e367c1d687b6cdf7aff

9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.ga domain

HTTP Headers

                                        GET / HTTP/1.1
Host: historianmail.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 23 Feb 2023 22:06:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://firstmail.ltd/webmail
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 22:06:09 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Cache-Control, Backoff, Pragma, Expires, Last-Modified, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Feb 2023 21:20:35 GMT
age: 2735
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

56cd85a02d031d2f7b794f1f2cfda4eb

878162e77393da15f0a1c8bf8a83a777a6caf317

15bc2ef238d6cf940adc4a29a31bd3fa0ee1712529d89c1a2fd74fb32d5ffe5e

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 22:06:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.33.119.10

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.10:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5fa728a339ca32e616d483e61d0aebcd

6a63966de94d16390c8f1e47e5b67fe5bb67f7cd

7e83729d554404e59f1f1ff809ac776d3596487e2b062a1e38af8e29f33c0686

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E83729D554404E59F1F1FF809AC776D3596487E2B062A1E38AF8E29F33C0686"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9169
Expires: Fri, 24 Feb 2023 00:38:59 GMT
Date: Thu, 23 Feb 2023 22:06:10 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

56cd85a02d031d2f7b794f1f2cfda4eb

878162e77393da15f0a1c8bf8a83a777a6caf317

15bc2ef238d6cf940adc4a29a31bd3fa0ee1712529d89c1a2fd74fb32d5ffe5e

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 22:06:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

35.165.41.15

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

35.165.41.15:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VQmGSW8yGP8zIdsymVxIdA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: j6COdOgGZIF95+VB8/s57lFEyio=

ocsp.globalsign.com/gseccovsslca2018

104.18.21.226

200 OK

940

URL HTTP/1.1

ocsp.globalsign.com/gseccovsslca2018
IP

104.18.21.226:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

940
Hash

ae9173802977642c7a8d149b50c3f2d7

d457bb137cdbf4faf0392101e5cf2cb88b8c3c26

4c6679a8397dea0cd89cf4ded2c1f993b1ceb7865d5cae9397f41efbfe458314

HTTP Headers

                                        POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 23 Feb 2023 22:06:11 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Mon, 27 Feb 2023 19:47:42 GMT
ETag: "d457bb137cdbf4faf0392101e5cf2cb88b8c3c26"
Last-Modified: Thu, 23 Feb 2023 19:47:43 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2757
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79e344689881b521-OSL

firstmail.ltd/assets/vendor/libs/tagify/tagify.js

89.38.96.112

200 OK

46335

URL HTTP/2

firstmail.ltd/assets/vendor/libs/tagify/tagify.js
IP

89.38.96.112:0
ASN

#49981 WorldStream B.V.

Magic

data

Size

46335
Hash

5de2f4a3bf2f7b38dc2e6a1fada71420

a658b17115abb56005d4671a2cc2e75dd3de9885

0fe82b8158f4991d1ffd9fdf64948d7cb8ee2dc25fedde2e8eb4bab50a7a8134

HTTP Headers

                                        GET /assets/vendor/libs/tagify/tagify.js HTTP/1.1
Host: firstmail.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://firstmail.ltd/webmail
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 23 Feb 2023 22:06:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Tue, 04 Oct 2022 18:41:12 GMT
etag: W/"22632-183a44d49a7"
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline'  'script-src' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; http://beta.firstmail.ru
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ibmplexsans/v14/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2

142.250.74.35

200 OK

18000

URL HTTP/2

fonts.gstatic.com/s/ibmplexsans/v14/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 18000, version 1.0\012- data

Size

18000
Hash

560995d7cd4dc2b997fe8a9ef9601982

d688e6d4db3d5ded8039208ec478049e971f4075

fcecb97c12786d7a9387a81e74e4179790fd84425c9c75be1aec3aed645bf6e2

HTTP Headers

                                        GET /s/ibmplexsans/v14/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://firstmail.ltd
Connection: keep-alive
Referer: https://firstmail.ltd/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 02:06:23 GMT
expires: Sat, 17 Feb 2024 02:06:23 GMT
cache-control: public, max-age=31536000
age: 590388
last-modified: Tue, 26 Apr 2022 15:46:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

firstmail.ltd/assets/vendor/libs/jquery/jquery.js

89.38.96.112

200 OK

231068

URL HTTP/2

firstmail.ltd/assets/vendor/libs/jquery/jquery.js
IP

89.38.96.112:0
ASN

#49981 WorldStream B.V.

Magic

data

Size

231068
Hash

91ca6a6ede4a7a50d8fd909d40045f74

a7a5f37e870da07a3d36144ac0eb6adedb882518

37de6a49db0539915616962cd701ec6a1b7ee98d55794c578ec8323abce56132

HTTP Headers

                                        GET /assets/vendor/libs/jquery/jquery.js HTTP/1.1
Host: firstmail.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://firstmail.ltd/webmail
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 23 Feb 2023 22:06:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Tue, 04 Oct 2022 18:41:12 GMT
etag: W/"cb5da-183a44d4963"
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline'  'script-src' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; http://beta.firstmail.ru
X-Firefox-Spdy: h2

mc.yandex.ru/metrika/tag.js

93.158.134.119

200 OK

73790

URL HTTP/2

mc.yandex.ru/metrika/tag.js
IP

93.158.134.119:0
ASN

#13238 YANDEX LLC

Magic

Unicode text, UTF-8 (with BOM) text, with very long lines (659)

Size

73790
Hash

6a599c9bd605553d6e8ea26b240017e5

ce6de2eaa815569841f1b16de3de7aa841ac7e88

8ee4a7bf51b198d826a7320c21965e73d95fd1642d9071a1a840e566ee9303de

HTTP Headers

                                        GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://firstmail.ltd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-length: 73790
date: Thu, 23 Feb 2023 22:06:11 GMT
access-control-allow-origin: *
etag: "63f47caa-1203e"
expires: Thu, 23 Feb 2023 23:06:11 GMT
last-modified: Tue, 21 Feb 2023 11:11:22 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: application/javascript
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

firstmail.ltd/assets/img/flags/en.png

89.38.96.112

200 OK

19575

URL HTTP/2

firstmail.ltd/assets/img/flags/en.png
IP

89.38.96.112:0
ASN

#49981 WorldStream B.V.

Magic

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data

Size

19575
Hash

aac0dfefc080856931658ea9c760534e

6495d0a202721472461a53b11c79aea953184a7c

16d2af8dfe6bff63fd76dc7434e09f1c98de85b1aa8d35ab98b473bae3c1f97d

HTTP Headers

                                        GET /assets/img/flags/en.png HTTP/1.1
Host: firstmail.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://firstmail.ltd/webmail
Cookie: i18n_redirected=en; _ga_D17MT12KF4=GS1.1.1677189995.1.0.1677189996.0.0.0; _ga=GA1.1.1253268134.1677189996
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 23 Feb 2023 22:06:11 GMT
content-type: image/png
content-length: 19575
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Tue, 04 Oct 2022 18:41:11 GMT
etag: W/"4c77-183a44d47c7"
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline'  'script-src' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; http://beta.firstmail.ru
X-Firefox-Spdy: h2

firstmail.ltd/assets/vendor/libs/hammer/hammer.js

89.38.96.112

200 OK

64484

URL HTTP/2

firstmail.ltd/assets/vendor/libs/hammer/hammer.js
IP

89.38.96.112:0
ASN

#49981 WorldStream B.V.

Magic

data

Size

64484
Hash

1a1e08a5b628dfcf955c424b24e487cd

86c51a2231c426f17436102b213748a9c23c9a75

e00629844a22f27815ce59535d482191d1ed3791f51364b552d92e699d644f7a

HTTP Headers

                                        GET /assets/vendor/libs/hammer/hammer.js HTTP/1.1
Host: firstmail.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://firstmail.ltd/webmail
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 23 Feb 2023 22:06:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Tue, 04 Oct 2022 18:41:12 GMT
etag: W/"31b67-183a44d4957"
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline'  'script-src' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; http://beta.firstmail.ru
X-Firefox-Spdy: h2

firstmail.ltd/assets/vendor/libs/apex-charts/apexcharts.js

89.38.96.112

200 OK

367266

URL HTTP/2

firstmail.ltd/assets/vendor/libs/apex-charts/apexcharts.js
IP

89.38.96.112:0
ASN

#49981 WorldStream B.V.

Magic

data

Size

367266
Hash

ab5c81967c3e8b515a23d3768cfd5d80

06f7ce101ceac9f541a9db2b7bd79767ba3a4454

529cfc48912015799b3decc40ab0542c3653e64bfe90fb5a11737d0f9b0efc0f

HTTP Headers

                                        GET /assets/vendor/libs/apex-charts/apexcharts.js HTTP/1.1
Host: firstmail.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://firstmail.ltd/webmail
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 23 Feb 2023 22:06:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Tue, 04 Oct 2022 18:41:11 GMT
etag: W/"1318c3-183a44d492b"
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline'  'script-src' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; http://beta.firstmail.ru
X-Firefox-Spdy: h2

firstmail.ltd/_nuxt/a46a8b9.js

89.38.96.112

200 OK

44984

URL HTTP/2

firstmail.ltd/_nuxt/a46a8b9.js
IP

89.38.96.112:0
ASN

#49981 WorldStream B.V.

Magic

data

Size

44984
Hash

b54cec1b982b44d51af2a9123c53d4a2

2b6ee41aa85de81b62972433fb8d46d3ebcea981

1618d3ab436f97c7c707e4b4e64747d4a44ee06615feeebb07a71f9e28135853

HTTP Headers

                                        GET /_nuxt/a46a8b9.js HTTP/1.1
Host: firstmail.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://firstmail.ltd/webmail
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 23 Feb 2023 22:06:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=31536000
last-modified: Fri, 10 Feb 2023 15:55:55 GMT
etag: W/"1a008-1863c0a5431"
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline'  'script-src' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; http://beta.firstmail.ru
X-Firefox-Spdy: h2

firstmail.ltd/assets/vendor/libs/bootstrap-select/bootstrap-select.js

89.38.96.112

200 OK

93642

URL HTTP/2

firstmail.ltd/assets/vendor/libs/bootstrap-select/bootstrap-select.js
IP

89.38.96.112:0
ASN

#49981 WorldStream B.V.

Magic

data

Size

93642
Hash

ceb41a0e30a752f8cc81a7919816cc5b

04d92a891e90fc041e0005727c422fd0d96d1b3e

30b8a891d4da96e7353593539c8fa0949f7cbf6f52f96c01ac5155a51b881829

HTTP Headers

                                        GET /assets/vendor/libs/bootstrap-select/bootstrap-select.js HTTP/1.1
Host: firstmail.ltd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://firstmail.ltd/webmail
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
date: Thu, 23 Feb 2023 22:06:10 GMT
content-type: application/javascript; charset=UTF-8
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Tue, 04 Oct 2022 18:41:11 GMT
etag: W/"4d80e-183a44d4933"
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline'  'script-src' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; http://beta.firstmail.ru
X-Firefox-Spdy: h2

firstmail.ltd/assets/vendor/js/menu.js

89.38.96.112

200 OK

59272

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (127)

#1 JS:Script (size: 143)

#2 JS:Script (size: 128116)

#3 JS:Script (size: 3592)

#4 JS:Script (size: 5157)

#5 JS:Script (size: 2160)

#6 JS:Script (size: 140850)

#7 JS:Script (size: 832986)

#8 JS:Script (size: 13003)

#9 JS:Script (size: 25512)

#10 JS:Script (size: 1251523)

#11 JS:Script (size: 136)

#12 JS:Script (size: 203623)

#13 JS:Script (size: 0)

#14 JS:Script (size: 221364)

#15 JS:Script (size: 260420)

#16 JS:Script (size: 259130)

#17 JS:Script (size: 106504)

#18 JS:Script (size: 57847)

#19 JS:Script (size: 317454)

#20 JS:Script (size: 842829)

#21 JS:Script (size: 94)

#22 JS:Script (size: 51725)

#23 JS:Script (size: 135217)

#24 JS:Script (size: 482)

#25 JS:Script (size: 215858)

#26 JS:Script (size: 37920)

#1 JS:Eval (size: 2477)

#2 JS:Eval (size: 1042)

#3 JS:Eval (size: 5386)

#4 JS:Eval (size: 6312)

#5 JS:Eval (size: 849)

#6 JS:Eval (size: 7964)

#7 JS:Eval (size: 1080)

#8 JS:Eval (size: 1306)

#9 JS:Eval (size: 1043)

#10 JS:Eval (size: 8139)

#11 JS:Eval (size: 3695)

#12 JS:Eval (size: 208981)

#13 JS:Eval (size: 13100)

#14 JS:Eval (size: 30020)

#15 JS:Eval (size: 1320)

#16 JS:Eval (size: 15732)

#17 JS:Eval (size: 2849)

#18 JS:Eval (size: 2220)

#19 JS:Eval (size: 1311)

#20 JS:Eval (size: 1189)

#21 JS:Eval (size: 950)

#22 JS:Eval (size: 4496)

#23 JS:Eval (size: 5553)

#24 JS:Eval (size: 871)

#25 JS:Eval (size: 1251)

#26 JS:Eval (size: 2335)

#27 JS:Eval (size: 1369)

#28 JS:Eval (size: 4988)

#29 JS:Eval (size: 1110)

#30 JS:Eval (size: 500583)