Report - ulula.lupr.co.za/wp-admin/22158710895

Report Overview

Visited public
2023-12-05 09:18:48
Tags
nedbank financial phishing
URL
ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Finishing URL
ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
IP / ASN
41.185.8.79
#36943 ZA-1-Grid
Title
ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Phishing - Nedbank

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ulula.lupr.co.za	unknown	2018-07-10	2019-06-16 07:11:01	2023-12-02 18:15:19	12 kB	619 kB	41.185.8.79

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-02	medium	ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm	NedBank Limited

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	ulula.lupr.co.za/wp-admin/metaela/jquery.min.js	ScriptElement	97 kB	2023-03-07	2025-05-11
Pretty URL ulula.lupr.co.za/wp-admin/metaela/jquery.min.js IP 41.185.8.79 ASN #36943 ZA-1-Grid Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 11:03 Times Seen29040 Hash 4f252523d4af0b478c810c2547a63e19 5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Loading...

	ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm	ScriptElement	1.6 kB	2023-08-17	2024-08-21
Pretty URL ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm IP 41.185.8.79 ASN #36943 ZA-1-Grid Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-17 00:43 Last Seen2024-08-21 08:33 Times Seen10 Hash e2687a76568a6724e552e1abf05e2227 b484391b802aed367942adaad22944bcf6f8ba1e fbdf527c23d46e490cda2fc314642f530edd7dcbe47cd89b74c5b7976d7d51a8 Loading...

	unknown	EventHandler	58 B	2023-04-25	2025-04-04
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-25 06:51 Last Seen2025-04-04 11:58 Times Seen25 Hash 1df760a30e695f51a411a7b59539e7ea 7256e04c71c3a02c702f6ab6b2659b677247bba5 fe57e4809c68af387be92df11e269736a8fed7c434d47bafababab450d221317 Loading...

HTTP Transactions (23)

URL IP Response Size

ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm

41.185.8.79

200 OK

12 kB

URL User Request GET HTTP/2
ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
12 kB (12262 bytes)
Hash
28de16a79b927d0893cd32df20e4bd2d
22573f8de31a47e0efafc2d83e95875f2a324cef
08e48d2f824bb033adeaffc9dd491517e8e4542061741d14ab6c955eeed4ef8b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank
OpenPhish	phishing	NedBank Limited

HTTP Headers

GET /wp-admin/22158710895_2Nov2023143618.htm HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:30 GMT
content-type: text/html
content-length: 12262
cache-control: public, max-age=0
expires: Tue, 05 Dec 2023 09:18:30 GMT
last-modified: Thu, 02 Nov 2023 09:11:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/metaela/jquery.min.js

41.185.8.79

200 OK

33 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/metaela/jquery.min.js
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32077)
Size
33 kB (32851 bytes)
Hash
4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/metaela/jquery.min.js HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: application/javascript
content-length: 32851
cache-control: max-age=31536000, public
expires: Wed, 04 Dec 2024 09:18:31 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent,Accept-Encoding,Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/metaela/styles.css

41.185.8.79

200 OK

29 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/metaela/styles.css
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (51801)
Size
29 kB (28667 bytes)
Hash
4806d0340f18231c3e440b2ef31ba0d3
cfc2e4800a0e2bcc21d85a04206a370179419cbc
8887a3e0dea10c649e723d160fcac04d7432910580a8c0f2726c0c27ef8ee9cc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/metaela/styles.css HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: text/css
content-length: 28667
cache-control: max-age=31536000, public
expires: Wed, 04 Dec 2024 09:18:31 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent,Accept-Encoding,Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/difoto/KenaKahare.png

41.185.8.79

200 OK

75 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/difoto/KenaKahare.png
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
PNG image data, 1886 x 1843, 8-bit colormap, non-interlaced\012- data
Size
75 kB (74758 bytes)
Hash
fafe079d24657360aeb75ecb858f7a0f
7a4ab86f928fa43e42ba241ebb8858cf85fea99b
98abae8830ada4659fe72d966fbf8e96c3607a71283e45f0904214004c520f41

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/difoto/KenaKahare.png HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: image/png
content-length: 74758
cache-control: max-age=31536000, public
expires: Wed, 04 Dec 2024 09:18:31 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
vary: User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/difoto/entrust_site_seal_ssl.png

41.185.8.79

200 OK

19 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/difoto/entrust_site_seal_ssl.png
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
PNG image data, 350 x 350, 8-bit colormap, non-interlaced\012- data
Size
19 kB (18758 bytes)
Hash
e47461fd49a0426768698ade98b259e2
501132059c531265f3898e5b6d8646ac3886cfbb
203680b7945ca5c9f3697881f9af9c8ed160354675055d22fc34545910cd4d54

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/difoto/entrust_site_seal_ssl.png HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: image/png
content-length: 18758
cache-control: max-age=31536000, public
expires: Wed, 04 Dec 2024 09:18:31 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
vary: User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/difonto/login-easy.svg

41.185.8.79

200 OK

1.6 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/difonto/login-easy.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2053)
Size
1.6 kB (1568 bytes)
Hash
d578c909c4378e67ebdb0ed5c702257a
3484ae3f3a0e7d9f84ad4b6dd0a2324c8f61aa7f
ee214fda63de4a1786bb0b14585f02af8c09b1a6b2b45fd697fa80aa6a26cace

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/difonto/login-easy.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: image/svg+xml
content-length: 1568
cache-control: public, max-age=31536000
expires: Wed, 04 Dec 2024 09:18:31 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/difonto/login-secure.svg

41.185.8.79

200 OK

1.7 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/difonto/login-secure.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2575)
Size
1.7 kB (1676 bytes)
Hash
6ebc242253bc3dbf04fdf276f21c7ae4
a1ffb4effb03a41ce850227dd78af5817d636aeb
b35a2d5904979dbbff2a7b2455ce7b3bc048a3d51bda638c3af9b4d19bd31ba0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/difonto/login-secure.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: image/svg+xml
content-length: 1676
cache-control: public, max-age=31536000
expires: Wed, 04 Dec 2024 09:18:31 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/difonto/login-fast.svg

41.185.8.79

200 OK

2.2 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/difonto/login-fast.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2974)
Size
2.2 kB (2181 bytes)
Hash
0dde3b8066bb5443fab1c4a7d08effea
5f15ea404109ee3d033a249b9e2a408526fb435e
54e78d62919fc3c90ac4cb592eb5d9c419b377094d563fad66729afc97f356fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/difonto/login-fast.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: image/svg+xml
content-length: 2181
cache-control: public, max-age=31536000
expires: Wed, 04 Dec 2024 09:18:31 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/difonto/AppStoreBadge.svg

41.185.8.79

200 OK

4.4 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/difonto/AppStoreBadge.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
4.4 kB (4402 bytes)
Hash
1cfd5dba4a9210bcf77f5dbe48ec2e66
b18020f162dece51251489be269db7629a223fcd
4cfabcfdbec9a5cd903190f150028743f38c3533b53ea21c6e4dd35a52a80383

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/difonto/AppStoreBadge.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: image/svg+xml
content-length: 4402
cache-control: public, max-age=31536000
expires: Wed, 04 Dec 2024 09:18:31 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/difonto/GooglePlay.svg

41.185.8.79

200 OK

4.5 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/difonto/GooglePlay.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with very long lines (2954)
Size
4.5 kB (4522 bytes)
Hash
56b446863643039c5c386e785054f8f8
8509aa1bbc637474b87bb386d4d23f2a73283cd9
00ff1bb43d0a271618cd1f626e0530c4e9efb344058b85744e569306c93ecc42

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/difonto/GooglePlay.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: image/svg+xml
content-length: 4522
cache-control: public, max-age=31536000
expires: Wed, 04 Dec 2024 09:18:31 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/Icon.ef111dcaf7b1952d120f.svg

41.185.8.79

404 Not Found

24 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/Icon.ef111dcaf7b1952d120f.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9462), with CRLF, LF line terminators
Size
24 kB (23947 bytes)
Hash
5c31129dec7efd9dc09f1c5195f4863f
d37f76ac0cfac19c1c9740819cf51eac27efeab1
92526e042b576b86882825b1a4cdc3631991681243bc1eddad006e663f215eb0

HTTP Headers

GET /wp-admin/Icon.ef111dcaf7b1952d120f.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: text/html; charset=UTF-8
content-length: 23947
x-powered-by: PHP/8.1.25
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://ulula.lupr.co.za/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/location-blank-green.4b8e66bca4aac4a2aad6.svg

41.185.8.79

404 Not Found

24 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/location-blank-green.4b8e66bca4aac4a2aad6.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9462), with CRLF, LF line terminators
Size
24 kB (23962 bytes)
Hash
edcb7bee7e7a6cf0b2927e9a08c67f80
64457c54b8b347afa082ff5170b5949fc6d66e6d
972c3c39ec7f3f5b2bbe345501c9852379e055c996f0e590cf431a201187e5c9

HTTP Headers

GET /wp-admin/location-blank-green.4b8e66bca4aac4a2aad6.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: text/html; charset=UTF-8
content-length: 23962
x-powered-by: PHP/8.1.25
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://ulula.lupr.co.za/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/contact-blank-green.a180fba4b897921edd0b.svg

41.185.8.79

404 Not Found

24 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/contact-blank-green.a180fba4b897921edd0b.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9462), with CRLF, LF line terminators
Size
24 kB (23952 bytes)
Hash
ef61902f114cbad6249a2ac57f007409
db001edadb4633ff7ab5c302dad8d54dc9a7db45
f696fc8beccda22ec69bee5d472405bb9bab3674ba46bde935d8e94a1d19fa71

HTTP Headers

GET /wp-admin/contact-blank-green.a180fba4b897921edd0b.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: text/html; charset=UTF-8
content-length: 23952
x-powered-by: PHP/8.1.25
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://ulula.lupr.co.za/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/location-blank.e36d304f8628a21886d3.svg

41.185.8.79

404 Not Found

24 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/location-blank.e36d304f8628a21886d3.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9462), with CRLF, LF line terminators
Size
24 kB (23980 bytes)
Hash
3b7a047cde01cc1f37a405f0595842b8
26b3930dc072af8e2bda88dff770aa2f03e899cb
f7ba75fe2a94bdfd3889f585695901cace0da0de22ff1ff870cce23a075b731a

HTTP Headers

GET /wp-admin/location-blank.e36d304f8628a21886d3.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: text/html; charset=UTF-8
content-length: 23980
x-powered-by: PHP/8.1.25
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://ulula.lupr.co.za/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/PPP.cee7674f38c105ee0fb4.svg

41.185.8.79

404 Not Found

24 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/PPP.cee7674f38c105ee0fb4.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9462), with CRLF, LF line terminators
Size
24 kB (23937 bytes)
Hash
e6c251b00d68c266586fb341eceafbc1
e9e0897a6b69e30ef7ec810d661b5aa608debbeb
b5b1fdcb880531c2b60037c338231fbf5a81d8c66c752e1d928f7161827c09ba

HTTP Headers

GET /wp-admin/PPP.cee7674f38c105ee0fb4.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: text/html; charset=UTF-8
content-length: 23937
x-powered-by: PHP/8.1.25
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://ulula.lupr.co.za/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/metaela/Eye-Show.e1de9570f043be4db21c.svg

41.185.8.79

404 Not Found

24 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/metaela/Eye-Show.e1de9570f043be4db21c.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9462), with CRLF, LF line terminators
Size
24 kB (23963 bytes)
Hash
47e35300a0c782de85746c1fa4b104a9
1c72cc10a4e86ff704f47751ad0c07bc06d10428
74bd0bef2b64b6a025a999d9a9d39924e148793af338b0bfd7cf39485d1ab3bf

HTTP Headers

GET /wp-admin/metaela/Eye-Show.e1de9570f043be4db21c.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/metaela/styles.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: text/html; charset=UTF-8
content-length: 23963
x-powered-by: PHP/8.1.25
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://ulula.lupr.co.za/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/contact-footer.ff0deb4d99b5c501e332.svg

41.185.8.79

404 Not Found

24 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/contact-footer.ff0deb4d99b5c501e332.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9462), with CRLF, LF line terminators
Size
24 kB (23975 bytes)
Hash
cd7eba2d4ab0ca20cf25ddaa3e88ef7f
591cab96f17bba31f6b572ca5e99ab04c9d92baf
8916161b48738965d1ce5d550b88ffac707425f6fb37649c51ce2268ce7b8eb1

HTTP Headers

GET /wp-admin/contact-footer.ff0deb4d99b5c501e332.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: text/html; charset=UTF-8
content-length: 23975
x-powered-by: PHP/8.1.25
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://ulula.lupr.co.za/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/tncs.04b64534a4bbcb7c2676.svg

41.185.8.79

404 Not Found

24 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/tncs.04b64534a4bbcb7c2676.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9462), with CRLF, LF line terminators
Size
24 kB (23948 bytes)
Hash
563010be6d303623b522e61a7f4b9f55
40302e50d2518f0d2e88e9372ee47e3f20554777
38a606ca409a37f26e8326e5ba24caf808eb03c73affff97d3fe93cbc09dd256

HTTP Headers

GET /wp-admin/tncs.04b64534a4bbcb7c2676.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: text/html; charset=UTF-8
content-length: 23948
x-powered-by: PHP/8.1.25
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://ulula.lupr.co.za/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/phoneicon.d20aa97e94487e70b840.svg

41.185.8.79

404 Not Found

24 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/phoneicon.d20aa97e94487e70b840.svg
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9462), with CRLF, LF line terminators
Size
24 kB (23937 bytes)
Hash
aed82d3d337297e3c9aba3883078a553
e3773fa45ca2f8a9973abeeb9878e36e75ae3b67
3330658c841de60bca4855460ba342fceef8ab9d3a50b3b5e86a25785601e700

HTTP Headers

GET /wp-admin/phoneicon.d20aa97e94487e70b840.svg HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 05 Dec 2023 09:18:31 GMT
content-type: text/html; charset=UTF-8
content-length: 23937
x-powered-by: PHP/8.1.25
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://ulula.lupr.co.za/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/difonto/FontFont%20-%20MarkPro.12d6724a254d3be629fc.otf

41.185.8.79

200 OK

65 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/difonto/FontFont%20-%20MarkPro.12d6724a254d3be629fc.otf
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
OpenType font data\012- data
Size
65 kB (65135 bytes)
Hash
12d6724a254d3be629fc6b2871ae5a6a
d3a93c9ed090be9366b9513e5515e8e19ff48459
eaa561f9f8ef5b69bd39e15e332dc3700decacebf48e08b0640ad3a5d8711f65

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/difonto/FontFont%20-%20MarkPro.12d6724a254d3be629fc.otf HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:32 GMT
content-type: font/otf
content-length: 65135
cache-control: public, max-age=2592000
expires: Thu, 04 Jan 2024 09:18:31 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/difonto/FontFont%20-%20MarkPro-Bold.476d44b0f6c8939bb885.otf

41.185.8.79

200 OK

67 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/difonto/FontFont%20-%20MarkPro-Bold.476d44b0f6c8939bb885.otf
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
OpenType font data\012- data
Size
67 kB (66844 bytes)
Hash
476d44b0f6c8939bb8859c9ce7598310
cd8fb565970c2750a12b3b47b1869578f7a041fb
979af22174e46123e6fb3c96d96360ba0ea7a5dbd00ae97ab1ebefae9c284d37

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/difonto/FontFont%20-%20MarkPro-Bold.476d44b0f6c8939bb885.otf HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:32 GMT
content-type: font/otf
content-length: 66844
cache-control: public, max-age=2592000
expires: Thu, 04 Jan 2024 09:18:32 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/difonto/FontFont%20-%20MarkPro-Medium.8531ae94f5ad973be8b7.otf

41.185.8.79

200 OK

63 kB

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/difonto/FontFont%20-%20MarkPro-Medium.8531ae94f5ad973be8b7.otf
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
OpenType font data\012- data
Size
63 kB (63092 bytes)
Hash
8531ae94f5ad973be8b718f88e9660ed
a6d5635dcebab54c459a725da9a892017627a994
ad51841bf5cf5eb27ead0ae50f936f678eeb2d4e1be6035e83fce13b0e3b83bb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/difonto/FontFont%20-%20MarkPro-Medium.8531ae94f5ad973be8b7.otf HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:32 GMT
content-type: font/otf
content-length: 63092
cache-control: public, max-age=2592000
expires: Thu, 04 Jan 2024 09:18:32 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ulula.lupr.co.za/wp-admin/difoto/tuntings.ico

41.185.8.79

200 OK

635 B

URL GET HTTP/2
ulula.lupr.co.za/wp-admin/difoto/tuntings.ico
IP
41.185.8.79:443
ASN
#36943 ZA-1-Grid

Requested by
https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
Certificate
IssuercPanel, Inc.
Subjectulula.lupr.co.za
Fingerprint18:38:89:63:11:54:E4:40:DB:AE:AE:18:F0:9C:63:C7:1E:4B:20:13
ValidityThu, 26 Oct 2023 00:00:00 GMT - Wed, 24 Jan 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 18x18, 32 bits/pixel\012- data
Size
635 B (635 bytes)
Hash
68773d46f68cd092f7aac1b70d211e01
bbe705f043f03d491232a63d29e5b8b6befb031e
4fbd7df4e4d5012b82c14234382d58275c3fe42c98162c05bbb4bc98c79ef9f5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Nedbank

HTTP Headers

GET /wp-admin/difoto/tuntings.ico HTTP/1.1
Host: ulula.lupr.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ulula.lupr.co.za/wp-admin/22158710895_2Nov2023143618.htm
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 05 Dec 2023 09:18:32 GMT
content-type: image/x-icon
content-length: 635
cache-control: max-age=31536000, public
expires: Tue, 12 Dec 2023 09:18:32 GMT
last-modified: Fri, 21 Apr 2023 02:50:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent,User-Agent
referrer-policy: strict-origin-when-cross-origin
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
expect-ct: enforce, max-age=21600
content-security-policy: upgrade-insecure-requests
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: Content-Type, Authorization
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (23)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections