Report - netease-secure.mail-files-open-preview.com/sco/sco.php/

Report Overview

Visited public
2024-06-22 14:17:19
Tags
zimbra phishing
URL
netease-secure.mail-files-open-preview.com/sco/sco.php/
Finishing URL
l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
IP / ASN
65.21.85.206
#24940 Hetzner Online GmbH
Title
Zimbra Web Client Sign In
Phishing - Zimbra Web Client

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-21 18:12:54	2.6 kB	7.1 kB	23.36.76.226
netease-secure.mail-files-open-preview.com	unknown	unknown	No data	No data	509 B	269 B	65.21.85.206
l0gin-sess1on-exp1red-sco-pk.netlify.app	unknown	unknown	No data	No data	3.1 kB	729 kB	18.192.231.252
sco.gov.pk	634714	unknown	2014-02-19 22:58:31	2024-01-19 17:21:33	477 B	2.8 kB	118.107.140.9

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-06-22	medium	l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=	Generic/Spear Phishing

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
l0gin-sess1on-exp1red-sco-pk.netlify.app/Minutes%20of%20Meeting%20.pdf
IP
18.192.231.252
ASN
#16509 AMAZON-02

File type
PDF document, version 1.5
Size
350 kB (349594 bytes)
Hash
74d33ace19fb2cf1892c8f7b1c01d0e5
ba9960ea7aba67a912cd61d4db19f26325f5e312
459c348fb4d70321730734e58d9f75fe322ca55ed5c82b3ed653ff8b0aca8fce

URL
l0gin-sess1on-exp1red-sco-pk.netlify.app/Minutes%20of%20Meeting%20.pdf
IP
18.192.231.252
ASN
#16509 AMAZON-02

File type
PDF document, version 1.5
Size
359 kB (359190 bytes)
Hash
74d33ace19fb2cf1892c8f7b1c01d0e5
ba9960ea7aba67a912cd61d4db19f26325f5e312
459c348fb4d70321730734e58d9f75fe322ca55ed5c82b3ed653ff8b0aca8fce

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=	ScriptElement	0 B	0001-01-01	2025-05-10
Pretty URL l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser= IP 18.192.231.252 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-10 03:28 Times Seen4640692 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Write - 3050ae2abb1cd3f35953b5103fa3954a	136 B	2023-03-07 01:34	2025-05-06 14:20
Pretty Observations First Seen2023-03-07 01:34 Last Seen2025-05-06 14:20 Times Seen468 Hash 3050ae2abb1cd3f35953b5103fa3954a 1ed99d798e4fccce033962261830aa361a8e0c74 5f5bd55e3dc0ffc7f8c75f07f64be080f6513b37ab2628d0420f3668a9899412 Loading...

HTTP Transactions (16)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6d997a3e4c838d12e34de2dd2d4208c3
386abb53e2df86f291b6a86765d9a6feb88ba30b
32e00abd54407308b80a14e2916a119d95d90b1e7842f8cf0e87df306287869c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "32E00ABD54407308B80A14E2916A119D95D90B1E7842F8CF0E87DF306287869C"
Last-Modified: Thu, 20 Jun 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13793
Expires: Sat, 22 Jun 2024 18:06:46 GMT
Date: Sat, 22 Jun 2024 14:16:53 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c0fde0756f59aaa5fa85a62f5f528e74
3c2d990e14054ee3b407cc37d77e255533d91ed6
ca44d6619deb0e020993a84c6bfbf1993bf096b13863b706dc8a826499348276

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CA44D6619DEB0E020993A84C6BFBF1993BF096B13863B706DC8A826499348276"
Last-Modified: Wed, 19 Jun 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8311
Expires: Sat, 22 Jun 2024 16:35:24 GMT
Date: Sat, 22 Jun 2024 14:16:53 GMT
Connection: keep-alive

netease-secure.mail-files-open-preview.com/sco/sco.php/

65.21.85.206

302 Found

0 B

URL User Request GET HTTP/1.1
netease-secure.mail-files-open-preview.com/sco/sco.php/
IP
65.21.85.206:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectwww.netease-secure.mail-files-open-preview.com
FingerprintE6:B7:9A:8E:AD:C2:6A:37:5D:67:83:25:8A:A3:F1:5D:2B:92:7D:6A
ValidityThu, 20 Jun 2024 05:31:08 GMT - Wed, 18 Sep 2024 05:31:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sco/sco.php/ HTTP/1.1
Host: netease-secure.mail-files-open-preview.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sat, 22 Jun 2024 14:16:54 GMT
Server: Apache
location: https://l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5921b10ddbe0b24f0a8edead6ec181b2
6691a5ac00a00feed5de61cd277ca741b2c29862
3c107c0a5dd06bc96ff917c92843ab276923fd751ecd5e48eefafc661b914ae2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3C107C0A5DD06BC96FF917C92843AB276923FD751ECD5E48EEFAFC661B914AE2"
Last-Modified: Sat, 22 Jun 2024 04:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3115
Expires: Sat, 22 Jun 2024 15:08:49 GMT
Date: Sat, 22 Jun 2024 14:16:54 GMT
Connection: keep-alive

l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=

18.192.231.252

200 OK

2.7 kB

URL User Request GET HTTP/2
l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
IP
18.192.231.252:443
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subject*.netlify.app
FingerprintB0:8E:E9:A5:C3:D9:B5:C1:FF:B6:51:7A:DF:98:CF:2D:28:18:41:9B
ValidityMon, 15 Jan 2024 00:00:00 GMT - Fri, 14 Feb 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1761)
Size
2.7 kB (2668 bytes)
Hash
bb451c71a08e054dbb37396aa7121b2d
ed4a562abb1d8e25269f696bf7935b6d7497c219
db5f03586138ff32e1a9e55a1da056a463f43d0ea693b1d7d4e14d919074cdf5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /index2.html?scouser= HTTP/1.1
Host: l0gin-sess1on-exp1red-sco-pk.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 6437
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 22 Jun 2024 14:16:54 GMT
etag: "6073b1cc2aaa47e2d88ed50f228eacaf-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01J104X96YB2TA5B019YB6K4EW
content-length: 2668
X-Firefox-Spdy: h2

l0gin-sess1on-exp1red-sco-pk.netlify.app/index_files/common,login,zhtml,skin.css

18.192.231.252

200 OK

12 kB

URL GET HTTP/2
l0gin-sess1on-exp1red-sco-pk.netlify.app/index_files/common,login,zhtml,skin.css
IP
18.192.231.252:443
ASN
#16509 AMAZON-02

Requested by
https://l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
Certificate
IssuerDigiCert Inc
Subject*.netlify.app
FingerprintB0:8E:E9:A5:C3:D9:B5:C1:FF:B6:51:7A:DF:98:CF:2D:28:18:41:9B
ValidityMon, 15 Jan 2024 00:00:00 GMT - Fri, 14 Feb 2025 23:59:59 GMT

File type
ASCII text, with very long lines (751)
Size
12 kB (11500 bytes)
Hash
8fb929635199dc649d4f91594aebee65
3e8687528920cb49533befb3f39b9dd0d8d99010
68d4025cfe8278bd2cddb3f1d5c9d344d9edd0e0c901dc66943293955d65d9b5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /index_files/common,login,zhtml,skin.css HTTP/1.1
Host: l0gin-sess1on-exp1red-sco-pk.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
age: 6437
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-encoding: br
content-type: text/css; charset=UTF-8
date: Sat, 22 Jun 2024 14:16:54 GMT
etag: "54c94ff8f77f684794475d14a7d1e3df-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01J104X9M6JRN6ENVS1BPREWA4
content-length: 11500
X-Firefox-Spdy: h2

l0gin-sess1on-exp1red-sco-pk.netlify.app/index_files/ImgCritical_32.png

18.192.231.252

200 OK

1.8 kB

URL GET HTTP/2
l0gin-sess1on-exp1red-sco-pk.netlify.app/index_files/ImgCritical_32.png
IP
18.192.231.252:443
ASN
#16509 AMAZON-02

Requested by
https://l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
Certificate
IssuerDigiCert Inc
Subject*.netlify.app
FingerprintB0:8E:E9:A5:C3:D9:B5:C1:FF:B6:51:7A:DF:98:CF:2D:28:18:41:9B
ValidityMon, 15 Jan 2024 00:00:00 GMT - Fri, 14 Feb 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1786 bytes)
Hash
d603a4564e6eaed3aa0d3968e370d3b2
539b8ec9f251b28e1bd0cff9d8992309ad61f442
dbe2ddb68a1551e50afee8edce02b19f9f86a0f43643fac32f66616bd10e30cb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /index_files/ImgCritical_32.png HTTP/1.1
Host: l0gin-sess1on-exp1red-sco-pk.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
age: 6437
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-type: image/png
date: Sat, 22 Jun 2024 14:16:54 GMT
etag: "147e472039238381488c5a4bec1d4378-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01J104X9M75E0VS365PSVGRQDT
content-length: 1786
X-Firefox-Spdy: h2

l0gin-sess1on-exp1red-sco-pk.netlify.app/index_files/favicon.ico

18.192.231.252

200 OK

1.2 kB

URL GET HTTP/2
l0gin-sess1on-exp1red-sco-pk.netlify.app/index_files/favicon.ico
IP
18.192.231.252:443
ASN
#16509 AMAZON-02

Requested by
https://l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
Certificate
IssuerDigiCert Inc
Subject*.netlify.app
FingerprintB0:8E:E9:A5:C3:D9:B5:C1:FF:B6:51:7A:DF:98:CF:2D:28:18:41:9B
ValidityMon, 15 Jan 2024 00:00:00 GMT - Fri, 14 Feb 2025 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
8c7d1c14e4b9c42f07bd6b800d93b806
87e49826ffb3bc1ddac38feebb6bb98eaef568b2
1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /index_files/favicon.ico HTTP/1.1
Host: l0gin-sess1on-exp1red-sco-pk.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
age: 1
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-type: image/vnd.microsoft.icon
date: Sat, 22 Jun 2024 14:16:55 GMT
etag: "17d1ca92ef309dad17784a399c6385f5-ssl"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01J104X9VKZGJDX22011TTPFFV
content-length: 1150
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12081
Expires: Sat, 22 Jun 2024 17:38:17 GMT
Date: Sat, 22 Jun 2024 14:16:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12081
Expires: Sat, 22 Jun 2024 17:38:17 GMT
Date: Sat, 22 Jun 2024 14:16:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12081
Expires: Sat, 22 Jun 2024 17:38:17 GMT
Date: Sat, 22 Jun 2024 14:16:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12081
Expires: Sat, 22 Jun 2024 17:38:17 GMT
Date: Sat, 22 Jun 2024 14:16:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6720792332fb717894b4e5221fdc3d86
f79b1d3611fb53cea950acb15000473ae7174149
67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965"
Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12081
Expires: Sat, 22 Jun 2024 17:38:17 GMT
Date: Sat, 22 Jun 2024 14:16:56 GMT
Connection: keep-alive

sco.gov.pk/wp-content/uploads/2019/01/SCO-Logo-300x54.png

118.107.140.9

200 OK

1.4 kB

URL GET HTTP/1.1
sco.gov.pk/wp-content/uploads/2019/01/SCO-Logo-300x54.png
IP
118.107.140.9:443
ASN
#18053 Special Communication Organization

Requested by
https://l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
Certificate
IssuerGoDaddy.com, Inc.
Subject*.sco.gov.pk
FingerprintCF:AF:4E:7E:B0:7C:32:6D:39:66:E5:66:67:CD:12:FF:5F:A4:D2:46
ValidityFri, 08 Dec 2023 07:13:29 GMT - Wed, 08 Jan 2025 06:14:19 GMT

File type
HTML document, ASCII text, with very long lines (1417), with no line terminators
Size
1.4 kB (1417 bytes)
Hash
dd9480f6360a85b0d858e4cf24f5a398
b1be4b2b342c9387b550067e746550e6dff481d6
a863e71621a1de6f2e8c7dcf62c8cf8bf3829e3fb4aa58cb8f9239074d950a01

HTTP Headers

GET /wp-content/uploads/2019/01/SCO-Logo-300x54.png HTTP/1.1
Host: sco.gov.pk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l0gin-sess1on-exp1red-sco-pk.netlify.app/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Jun 2024 14:16:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Last-Modified: Saturday, 22-Jun-2024 14:16:59 Pakistan Standard Time
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: application/javascript;application/pdf;application/xhtml+xml;application/json;application/xml;application/zip;application/x-www-form-urlencoded;audio/mpeg;audio/x-ms-wma;audio/vnd.rn-realaudio;audio/x-wav;image/gif;image/jpeg;image/png;image/tiff;image/vnd.microsoft.icon;image/x-icon;image/vnd.djvu;image/svg+xml;multipart/mixed;multipart/form-data;text/css;text/csv;text/html;text/javascript;text/plain;    charset=UTF-8; image/jpeg; image/jpg;text/css;text/javascript;text/plain;text/xml;multipart/form-data;image/gif; image/jpeg;image/png;image/tiff;image/x-icon;image/svg+xml;image/gif;application/javascript;application/pdf;application/xhtml+xml
Referrer-Policy: strict-origin
Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()

l0gin-sess1on-exp1red-sco-pk.netlify.app/Minutes%20of%20Meeting%20.pdf

18.192.231.252

350 kB

URL
l0gin-sess1on-exp1red-sco-pk.netlify.app/Minutes%20of%20Meeting%20.pdf
IP
18.192.231.252:0
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subject*.netlify.app
FingerprintB0:8E:E9:A5:C3:D9:B5:C1:FF:B6:51:7A:DF:98:CF:2D:28:18:41:9B
ValidityMon, 15 Jan 2024 00:00:00 GMT - Fri, 14 Feb 2025 23:59:59 GMT

File type
PDF document, version 1.5
Size
350 kB (349594 bytes)
Hash
74d33ace19fb2cf1892c8f7b1c01d0e5
ba9960ea7aba67a912cd61d4db19f26325f5e312
459c348fb4d70321730734e58d9f75fe322ca55ed5c82b3ed653ff8b0aca8fce

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /Minutes%20of%20Meeting%20.pdf HTTP/1.1
Host: l0gin-sess1on-exp1red-sco-pk.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
Sec-Fetch-Dest: object
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: br
content-type: application/pdf
date: Sat, 22 Jun 2024 14:16:54 GMT
etag: "93c7ce9357588fae07f83e9280aa8e46-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01J104X9Q72M3M6RYVQAKRX24S
X-Firefox-Spdy: h2

l0gin-sess1on-exp1red-sco-pk.netlify.app/Minutes%20of%20Meeting%20.pdf

18.192.231.252

200 OK

359 kB

URL GET HTTP/2
l0gin-sess1on-exp1red-sco-pk.netlify.app/Minutes%20of%20Meeting%20.pdf
IP
18.192.231.252:443
ASN
#16509 AMAZON-02

Requested by
https://l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
Certificate
IssuerDigiCert Inc
Subject*.netlify.app
FingerprintB0:8E:E9:A5:C3:D9:B5:C1:FF:B6:51:7A:DF:98:CF:2D:28:18:41:9B
ValidityMon, 15 Jan 2024 00:00:00 GMT - Fri, 14 Feb 2025 23:59:59 GMT

File type
PDF document, version 1.5
Size
359 kB (359190 bytes)
Hash
74d33ace19fb2cf1892c8f7b1c01d0e5
ba9960ea7aba67a912cd61d4db19f26325f5e312
459c348fb4d70321730734e58d9f75fe322ca55ed5c82b3ed653ff8b0aca8fce

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client

HTTP Headers

GET /Minutes%20of%20Meeting%20.pdf HTTP/1.1
Host: l0gin-sess1on-exp1red-sco-pk.netlify.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://l0gin-sess1on-exp1red-sco-pk.netlify.app/index2.html?scouser=
Sec-Fetch-Dest: object
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: br
content-type: application/pdf
date: Sat, 22 Jun 2024 14:16:54 GMT
etag: "93c7ce9357588fae07f83e9280aa8e46-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01J104X9Q72M3M6RYVQAKRX24S
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

URL

IP

ASN

File type

Size

Hash

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (16)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type