| cujs8padqok5l4z7509.dermfeed.com/zzr/5173508/YW5oQHNsdXJwbWFpbC5uZXQ= |  188.114.96.1 | 200 OK | 0 B |
URL User Request GET cujs8padqok5l4z7509.dermfeed.com/zzr/5173508/YW5oQHNsdXJwbWFpbC5uZXQ= IP188.114.96.1:443
CertificateIssuerGoogle Trust Services Subjectdermfeed.com Fingerprint3B:35:F7:AC:C7:D7:75:21:CE:91:DA:43:F5:F3:6A:49:0D:46:6F:CB ValidityWed, 19 Mar 2025 09:08:50 GMT - Tue, 17 Jun 2025 10:06:07 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zzr/5173508/YW5oQHNsdXJwbWFpbC5uZXQ= HTTP/1.1
Host: cujs8padqok5l4z7509.dermfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 01 May 2025 08:47:01 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.28
refresh: 0;url= https://login-user-verifi-tax-doc.d3lexicon.com/zim/#anh@slurpmail.net
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3bK%2Bbd5Nt5I2d40AuVRzXFeA8B5Hpm6TPjnKIfXzyHrOVVbcfPRkY1Vjs%2FCxUGFsUg2HMl1cdN%2FvZE42hwYqfQjDHll7xdyNnKk%2Bl0Pst4LqHNPAVPjp24hoOaTij1WelMsL%2FWQL3vqhYC65PrSIqcYQbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 938e0301a899b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5598&min_rtt=447&rtt_var=10310&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3273&recv_bytes=1312&delivery_rate=7425641&cwnd=254&unsent_bytes=0&cid=134eb30aec560f76&ts=393&x=0"
X-Firefox-Spdy: h2
|
| cujs8padqok5l4z7509.dermfeed.com/favicon.ico | 0.0.0.0 | | 0 B |
URL GET cujs8padqok5l4z7509.dermfeed.com/favicon.ico IP0.0.0.0:0
Requested byhttps://cujs8padqok5l4z7509.dermfeed.com/zzr/5173508/YW5oQHNsdXJwbWFpbC5uZXQ= CertificateIssuerGoogle Trust Services Subjectdermfeed.com Fingerprint3B:35:F7:AC:C7:D7:75:21:CE:91:DA:43:F5:F3:6A:49:0D:46:6F:CB ValidityWed, 19 Mar 2025 09:08:50 GMT - Tue, 17 Jun 2025 10:06:07 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: cujs8padqok5l4z7509.dermfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cujs8padqok5l4z7509.dermfeed.com/zzr/5173508/YW5oQHNsdXJwbWFpbC5uZXQ=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
|
| login-user-verifi-tax-doc.d3lexicon.com/zim/#anh@slurpmail.net | 104.21.80.1 | 200 OK | 44 kB |
URL User Request GET login-user-verifi-tax-doc.d3lexicon.com/zim/#anh@slurpmail.net IP104.21.80.1:443
CertificateIssuerCLOUDFLARE, INC. Subjectd3lexicon.com Fingerprint25:FD:28:8D:91:8A:5D:18:34:56:A9:9E:3D:9D:9D:A3:59:73:3B:A8 ValidityThu, 20 Mar 2025 03:45:35 GMT - Wed, 18 Jun 2025 03:53:05 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (35326) Hash7e5ac088603a044061b399e367f3beb8 b231603dc76499dcd496a6a1f8aa228cb27a2074 bf661c717c5bde94c8af9fbffb41962495ca40cab403d3e88e3b9ab141dfa505
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Zimbra Web Client |
GET /zim/ HTTP/1.1
Host: login-user-verifi-tax-doc.d3lexicon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 01 May 2025 08:47:02 GMT
content-type: text/html
last-modified: Thu, 24 Apr 2025 11:25:58 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bgaTLkshbzHdjBJIkWdM3swzKE0487S6oPo9WRY%2FcrsZFEz6Aj%2Bz4hIlKjO3w%2BQVglpeZ0agB63TAariW%2FMdgPrNO06hJZgwHeaDCDcOsQLWpYQb9udzctbThoYrHo2KNz9DU2KnxF9ExjNbPzsrqHdE46V74Kf0pk8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 938e03057b4f1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5994&min_rtt=470&rtt_var=11037&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3477&recv_bytes=1145&delivery_rate=7771019&cwnd=254&unsent_bytes=0&cid=be5b778c4308cacb&ts=378&x=0"
X-Firefox-Spdy: h2
|
| ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js |  142.250.178.106 | 200 OK | 88 kB |
URL GET ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP142.250.178.106:443
Requested byhttps://login-user-verifi-tax-doc.d3lexicon.com/zim/#anh@slurpmail.net CertificateIssuerGoogle Trust Services Subjectupload.video.google.com Fingerprint7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00 ValidityMon, 31 Mar 2025 08:55:43 GMT - Mon, 23 Jun 2025 08:55:42 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hash220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login-user-verifi-tax-doc.d3lexicon.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Apr 2025 03:39:16 GMT
expires: Thu, 30 Apr 2026 03:39:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 104866
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|