Report - mura.com.my/membership-renewal

Report Overview

Submitted URL
mura.com.my/membership-renewal
IP
103.130.153.118
ASN
#138359 DataKL Solutions Sdn Bhd
Submitted
2022-10-08 20:07:40
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
mura.com.my	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.0 kB	68 kB	103.130.153.118
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405 B	1.2 kB	142.250.74.164
stats.wp.com	2711	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	342 B	5.4 kB	192.0.76.3
away.bettershitecolumn.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	1.4 kB	91.211.91.104
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	8.9 kB	23.36.77.32
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.148.190.4
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	583 B	746 B	142.250.74.10
browork3er.cc	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	796 B	728 B	212.129.16.248
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.8 kB	142.250.74.3
www.jotform.com	28957	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	285 B	358 B	104.23.133.11
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	46 kB	34.120.237.76
groundflares.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	979 B	54 kB	185.177.94.152
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	54.230.111.7
0.groundflares.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	19 kB	185.177.94.152
cdn.weatherplllatform.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	377 B	91.211.91.114

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-08	medium	mura.com.my/membership-renewal	Malware
2022-10-08	medium	mura.com.my/membership-renewal/	Malware
2022-10-08	medium	mura.com.my/wp-content/plugins/sydney-toolbox/css/styles.min.css?ver=20220107	Malware
2022-10-08	medium	mura.com.my/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.5	Malware
2022-10-08	medium	mura.com.my/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9	Malware
2022-10-08	medium	mura.com.my/wp-content/plugins/column-shortcodes//assets/css/shortcodes.css?ver=1.0.1	Malware
2022-10-08	medium	mura.com.my/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6.1	Malware
2022-10-08	medium	mura.com.my/wp-content/plugins/page-views-count/assets/css/style.min.css?ver=2.5.5	Malware
2022-10-08	medium	mura.com.my/wp-content/themes/sydney-child/style.css?ver=20220307	Malware
2022-10-08	medium	mura.com.my/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.6.5	Malware
2022-10-08	medium	mura.com.my/wp-content/plugins/tablepress/css/default.min.css?ver=1.14	Malware
2022-10-08	medium	mura.com.my/wp-content/themes/sydney/fonts/font-awesome.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9	Malware
2022-10-08	medium	mura.com.my/wp-content/themes/sydney/style.css?ver=53af60b4b0777ca62591a0f3f16cdca9	Malware
2022-10-08	medium	groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7	Phishing
2022-10-08	medium	0.groundflares.com/b81698fd2.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	mura.com.my/membership-renewal/	4.0 kB	2023-03-08	2023-03-08
Pretty URL mura.com.my/membership-renewal/ IP 103.130.153.118 ASN #138359 DataKL Solutions Sdn Bhd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:38:07 Last Seen2023-03-08 09:38:07 Times Seen1 Hash e3a916d65f53f1a0aa9de47f72650532 9b8c74c8eba644d6f0cd920891dce1dfa1c81528 842903fd38ca8f6dd0937fd735fb4aaba555cc4dc3461bb4fc960d593429a03a Loading...

	stats.wp.com/e-202240.js	9.0 kB	2023-03-07	2024-01-05
Pretty URL stats.wp.com/e-202240.js IP 192.0.76.3 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:19 Last Seen2024-01-05 09:08:33 Times Seen3233 Hash 9152c169155daa333287728cb8e4ae93 1e45a9ea1464acf983f022567cb9f669f4c77f65 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302 Loading...

	groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7	203 B	2023-03-07	2024-01-03
Pretty URL groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2024-01-03 10:59:23 Times Seen188 Hash c4824c2a16d2c8bb70469ed7b8508f34 783dcaa37fcdd311197de60f0c55ab5367be4fe2 f97308b8745f77dc6b279dafa3f98d4e64de2f494681e452a477afaa13b4d1fb Loading...

	groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7	29 kB	2023-03-07	2024-01-03
Pretty URL groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2024-01-03 10:59:23 Times Seen188 Hash ae7f0f1874bd3e9a6a0e9736f3307398 f9ea5e0bc3f3f8039b7d2835e9d8aa775621b9d3 cf8229ead2362ab9f5b9f608b9eb668414a21aca7c9bcc0c90b138415abf72cf Loading...

	groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7	3.1 kB	2023-03-07	2024-01-03
Pretty URL groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2024-01-03 10:59:23 Times Seen191 Hash 68e280edf3cadafe4af8ccdc8782024d 7467ad11f5f3a21a3a4e0ab8556912db67311d90 3d8d725c431734a47f6dbbce8a3546d9490407d342cfbb48eba2eeddede260aa Loading...

	0.groundflares.com/index.php?p=gmytgnrvg45dcmbyg4yq&sub2=lowerpp7	8.2 kB	2023-03-08	2023-03-08
Pretty URL 0.groundflares.com/index.php?p=gmytgnrvg45dcmbyg4yq&sub2=lowerpp7 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:38:07 Last Seen2023-03-08 09:38:07 Times Seen1 Hash 19251e44a6b23a20b18d7253a8831c77 bae4784475f145ab2ea792fd81ba4abe4633783b 500d1cc0b851f2f8b960cd5c059f7c2fc7f5112626b5d82496b5074253bcc34d Loading...

	mura.com.my/membership-renewal/	674 B	2023-03-07	2023-07-01
Pretty URL mura.com.my/membership-renewal/ IP 103.130.153.118 ASN #138359 DataKL Solutions Sdn Bhd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:07:32 Last Seen2023-07-01 17:41:25 Times Seen4 Hash f6111c393ab979e5f74b8c06e092f6ba cabae7bb0169af4f0d4b12dc5a239cdfe31c0b31 940d0dadae03f80e0685803cd9b25b7ecff8948cc296c0e314cab15403b06f51 Loading...

	cdn.weatherplllatform.com/event.js?v=7.77	2.3 kB	2023-03-08	2023-03-11
Pretty URL cdn.weatherplllatform.com/event.js?v=7.77 IP 91.211.91.114 ASN #206638 PE Brezhnev Daniil Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:48:13 Last Seen2023-03-11 23:14:24 Times Seen1 Hash e129bf2c4a9adb540f3f6f438feeb2a3 37a3d3f83d33311cea4eea6506326a4c93e4b7b5 f0af99595f5240b6c86b70a17902c4bf72bd4f356303dd8b732ade94ecb38d69 Loading...

	cdn.weatherplllatform.com/result.js?v=000	6.2 kB	2023-03-08	2023-03-10
Pretty URL cdn.weatherplllatform.com/result.js?v=000 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:28:57 Last Seen2023-03-10 10:58:12 Times Seen1 Hash 4161c11612d0a349df27f691b3057a5e 21c4eeeee2b97c1961d8f06b4f32497895f330e1 4b1238a1b9202c3d215ed7b3f05a6cf12fb71d520d2066f25bbda095603dc9dd Loading...

	away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29	202 B	2023-03-08	2023-03-08
Pretty URL away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29 IP 91.211.91.104 ASN #206638 PE Brezhnev Daniil Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:38:07 Last Seen2023-03-08 09:38:07 Times Seen1 Hash de55c05b2b4954662ff5614b33da0928 3917a01cd1a8ddf9bb694825faa4cecb40e67f4a f4a84b5f16a1a88dae85f2183bed12ed9a49a9321866f6c9b0a8487e4e280c89 Loading...

	groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7	705 B	2023-03-07	2023-04-05
Pretty URL groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2023-04-05 02:03:39 Times Seen49 Hash dd81871bef578a008b6d389ca0d1a234 31f4851126c5708430334e0b3b5674d7b22f1c2d f4805b1fa2c14f4bfb52cbfcdbd03a7ff3ace4aac7dc2466f0501d5cdfd19954 Loading...

	groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7	8.1 kB	2023-03-08	2023-03-08
Pretty URL groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 09:38:07 Last Seen2023-03-08 09:38:07 Times Seen1 Hash 620be601d8f7abe71382f88ee6f465f8 a1f8e085a9a3a7f612c504ba5b43c7459d36e56e 2f8d5ce29157c13a18a9a723aa3c9d284442d08f4f200049ba695cedd85dfed4 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 7823aa3311c7e10bfb308d2f92afef0e	7.9 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 09:38:07 Last Seen2023-03-08 09:38:07 Times Seen1 Hash 7823aa3311c7e10bfb308d2f92afef0e 5b97c132c3aaa55df17406656ca3267e28bdb651 ca9fac2df10975fb14120203cdefc2bbdc2c57f385c1600d936b30763e9e8d2a Loading...

	#2 Eval - 4fdeb9bce08fc1262460319ff3c98ead	669 B	2023-03-08	2023-03-11
Pretty Observations First Seen2023-03-08 01:48:13 Last Seen2023-03-11 23:14:24 Times Seen1 Hash 4fdeb9bce08fc1262460319ff3c98ead ff358afd9d250d209f28fa2594884ed2e1063ff5 2853a4833f813e7cc64c902ca1738bbe62edc7dfb62be6be46d1e0dd2514f9e7 Loading...

	#3 Eval - 8272d3d3d1ac1206e19cfe346c992676	8.1 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 09:38:07 Last Seen2023-03-08 09:38:07 Times Seen1 Hash 8272d3d3d1ac1206e19cfe346c992676 88c9db2349efe396a6813c991dbea52c8476f78f 30db4d3fbfb879b6210d55fc6331cf6988b5dc4929c9dfe3bbcc024faf02add7 Loading...

HTTP Transactions (54)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

54.230.111.7

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
54.230.111.7:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
1aac651ec250c598683dd17ca2002c07
11595ac82e017f95190c2a36dc77323a3fedcbfc
93fa640d042452ae8455d026e30e3b4594c13d4be65f3552a4b5edae027c02f9

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Content-Length, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 08 Oct 2022 19:38:24 GMT
Expires: Sat, 08 Oct 2022 20:23:37 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JKLKYMMRXr3xrjD1uZuCpMM-kwKA-uHCOqxI12pXEQgUIATsd22qEA==
Age: 1746

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1273d41c84b2b39f78a8033130d00282
556757697b70e019ed502585fcc888e2403f3229
ee3c03cc0a659fbc43d34feaa79a8ad6627b9c525d675956cdb434c1590db89e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EE3C03CC0A659FBC43D34FEAA79A8AD6627B9C525D675956CDB434C1590DB89E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2747
Expires: Sat, 08 Oct 2022 20:53:17 GMT
Date: Sat, 08 Oct 2022 20:07:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2176
Expires: Sat, 08 Oct 2022 20:43:46 GMT
Date: Sat, 08 Oct 2022 20:07:30 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: eNzEHvWSPYX7pOEmxpU8SpS6ZuBZj89a6MgFPMVRj49XvQnoQOCW13tkLOcOs70CJJIAEQpXWCg=
x-amz-request-id: 5Y14RSN0RFFB3XHG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 08 Oct 2022 19:59:44 GMT
age: 466
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:30 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

54.230.111.7

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
54.230.111.7:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sat, 08 Oct 2022 19:29:41 GMT
Cache-Control: max-age=3600
Expires: Sat, 08 Oct 2022 20:23:31 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lSOkQviG8Wn21nYDX7OjpddvFKOR7acqPE9z1yue0Bitad_GmhRkpQ==
Age: 2269

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
5479444ef227af03029fbb9d154f0107
0563678ec07ab3707b716ca4c638ece4c8ad7de4
4850d49786a140003b90ae108104ffbfe80a6e0d9f584656a09f0fff11dc9d0d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6358
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 20:07:30 GMT
Last-Modified: Sat, 08 Oct 2022 18:21:32 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

mura.com.my/membership-renewal

103.130.153.118

301 Moved Permanently

890 B

URL HTTP/1.1
mura.com.my/membership-renewal
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
HTML document, ASCII text, with very long lines (890), with no line terminators
Size
890 B (890 bytes)
Hash
10f206440d96baba21e4e6879a8d72cc
37f8e988b703fb0cb1d085d361a38f638a543c42
2e91f5fd8e18fafb7b6919bca3f747e800ad55f6846a0063507b867f225da625

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /membership-renewal HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
X-Redirect-By: WordPress
Location: http://mura.com.my/membership-renewal/
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
X-Nginx-Upstream-Cache-Status: MISS

push.services.mozilla.com/

54.148.190.4

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.190.4:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aDzj46zZhuqXUjeDERWxOg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 82RyJcy3HWQSOJd6Y7YwLeGGY7E=

mura.com.my/membership-renewal/

103.130.153.118

200 OK

19 kB

URL HTTP/1.1
mura.com.my/membership-renewal/
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (20680), with CRLF, LF line terminators
Size
19 kB (18676 bytes)
Hash
1c8d2fd1505bd879e0d538e7481b0723
983824204758965bdc67653ff3e75d6b1868e7fc
8340a42e009704b1089aab8ed0d6da32e46843cf8ad7f08c47c8531d9c9a61b2

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /membership-renewal/ HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
Link: <http://mura.com.my/wp-json/>; rel="https://api.w.org/", <http://mura.com.my/wp-json/wp/v2/pages/1430>; rel="alternate"; type="application/json", <https://wp.me/P9rr6g-n4>; rel=shortlink
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
X-Nginx-Upstream-Cache-Status: UPDATING
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ee96d771e1664e3afe56cf32bfe45eee
3ab9109d6f7a952cf2f7071ecb5ee186f9eebf6a
df7a23267a1a0bddc477d2b3f4c870b6a6ab7b4dca5fc38164d814ccae2b2fdd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 20:07:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.jotform.com/jsform/70311151531439?redirect=1

104.23.133.11

301 Moved Permanently

0 B

URL HTTP/1.1
www.jotform.com/jsform/70311151531439?redirect=1
IP
104.23.133.11:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /jsform/70311151531439?redirect=1 HTTP/1.1
Host: www.jotform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/

HTTP/1.1 301 Moved Permanently
Date: Sat, 08 Oct 2022 20:07:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 08 Oct 2022 21:07:31 GMT
Location: https://www.jotform.com/jsform/70311151531439?redirect=1
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 757180d73c381c0e-OSL
alt-svc: h2=":443"; ma=60

mura.com.my/wp-content/plugins/sydney-toolbox/css/styles.min.css?ver=20220107

103.130.153.118

200 OK

2.4 kB

URL HTTP/1.1
mura.com.my/wp-content/plugins/sydney-toolbox/css/styles.min.css?ver=20220107
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
ASCII text, with very long lines (14631), with no line terminators
Size
2.4 kB (2384 bytes)
Hash
20f4021af010bee795272b5230ea106b
621e3c68a4c842265e85680b262efe2a4010b58d
c40c177282315c409359f78cf99bd0d4fd5bed29f0a5d9bef4dd6ba2105a6d7a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/sydney-toolbox/css/styles.min.css?ver=20220107 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 22 Mar 2022 10:21:34 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip

mura.com.my/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.5

103.130.153.118

200 OK

2.6 kB

URL HTTP/1.1
mura.com.my/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.5
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
ASCII text, with very long lines (10019)
Size
2.6 kB (2631 bytes)
Hash
c42d43078a3ff558042b6ec80c66a086
fd8951772644a8b4c30111eb74f33fff40d4e095
050daa68d90726ceafd44b1eb12565fea6845bb17cce63464effd28199a0df61

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.5 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 25 May 2022 06:32:18 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
579e733097a7260db68f6ab5fc4ab3c9
bcee618650f7eb1595974812db6995d7ee0e9764
c025aa32afae5edb4c793bcc3076c86ae945438c7d2e96f7847054aeb1ed690b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 20:07:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

mura.com.my/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9

103.130.153.118

200 OK

1.2 kB

URL HTTP/1.1
mura.com.my/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
ASCII text, with very long lines (4186), with no line terminators
Size
1.2 kB (1161 bytes)
Hash
12abf54137d4fe7125009945facd733d
4c7d795c2b7857a8e8733f667d61a7a88565818e
48856e8c9f3fd260906105995e727f97d909869a362ecbc183fe10af73d4e479

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 25 May 2022 06:56:58 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip

mura.com.my/wp-content/plugins/column-shortcodes//assets/css/shortcodes.css?ver=1.0.1

103.130.153.118

200 OK

698 B

URL HTTP/1.1
mura.com.my/wp-content/plugins/column-shortcodes//assets/css/shortcodes.css?ver=1.0.1
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
ASCII text, with CRLF line terminators
Size
698 B (698 bytes)
Hash
0f45c0fad3884a189b3209a670cabea5
0192096f120abe8a639b77d24604b5e50659fc9c
d98cc3751b7d5eaf375e63e8517dedb8b975a5660ea3977f0f1453fa2b99c710

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/column-shortcodes//assets/css/shortcodes.css?ver=1.0.1 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 22 Mar 2022 10:14:43 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip

mura.com.my/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6.1

103.130.153.118

200 OK

974 B

URL HTTP/1.1
mura.com.my/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6.1
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
ASCII text
Size
974 B (974 bytes)
Hash
d7804d649234ee1928e28576be1dc211
a4084bf3222ebb744fe921f1716f7d6d45aeebe6
36e72ef65d6c9091a71d963f37139c48f0eea6a393429a32e5fedced15be5bfe

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6.1 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 25 May 2022 06:29:53 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip

mura.com.my/wp-content/plugins/page-views-count/assets/css/style.min.css?ver=2.5.5

103.130.153.118

200 OK

203 B

URL HTTP/1.1
mura.com.my/wp-content/plugins/page-views-count/assets/css/style.min.css?ver=2.5.5
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
ASCII text, with very long lines (398), with no line terminators
Size
203 B (203 bytes)
Hash
957cd599f005c408604710b359f66994
67b63c482c020e262aa455c234c064e5f76a9893
61c7c1d14f7845b668078a8799de819566dcf81ae04814531c06d64a296fbedc

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/page-views-count/assets/css/style.min.css?ver=2.5.5 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 25 May 2022 06:33:26 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ee96d771e1664e3afe56cf32bfe45eee
3ab9109d6f7a952cf2f7071ecb5ee186f9eebf6a
df7a23267a1a0bddc477d2b3f4c870b6a6ab7b4dca5fc38164d814ccae2b2fdd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 20:07:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api.js?render=6LeqgoUUAAAAAPCDTwYnFL3mN99NPUswsUZ1VK9Z&ver=3.0

142.250.74.164

200 OK

584 B

URL HTTP/2
www.google.com/recaptcha/api.js?render=6LeqgoUUAAAAAPCDTwYnFL3mN99NPUswsUZ1VK9Z&ver=3.0
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (884), with no line terminators
Size
584 B (584 bytes)
Hash
751bd2205d789d2eaa4233d8ef3f77de
b617bef93b014a64e0ba419c3918b75387fb28f8
6a0310f1c091d3d6ed55d6098418214a58dbc61d1d56250545b507e60167b442

HTTP Headers

GET /recaptcha/api.js?render=6LeqgoUUAAAAAPCDTwYnFL3mN99NPUswsUZ1VK9Z&ver=3.0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mura.com.my/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Sat, 08 Oct 2022 20:07:32 GMT
date: Sat, 08 Oct 2022 20:07:32 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 584
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a5bb2ca079b8c15c921933d39c57ae47
7ae6e38c3e12ef05164b04df7f2a65be3a3ec440
336607c0f56b4a97511339d2437520aa8c9d6cb07b5b5ddf535efe65561d2890

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 20:07:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

mura.com.my/wp-content/themes/sydney-child/style.css?ver=20220307

103.130.153.118

200 OK

191 B

URL HTTP/1.1
mura.com.my/wp-content/themes/sydney-child/style.css?ver=20220307
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
ASCII text
Size
191 B (191 bytes)
Hash
b062ace305099e85cae73827a735e91d
6e3631c10cfa8ab3ff07553fcebda145d3437690
426458bf2bafbedaf6ed04f79e347352050904466aa429b0ae883f06244a7955

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/sydney-child/style.css?ver=20220307 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sun, 06 Sep 2015 13:05:00 GMT
Expires: Mon, 07 Nov 2022 20:07:32 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip

mura.com.my/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0

103.130.153.118

200 OK

4.0 kB

URL HTTP/1.1
mura.com.my/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
ASCII text, with very long lines (19082)
Size
4.0 kB (3950 bytes)
Hash
5a6fb5508bd29cad5bc261a32a6d4f97
850c01e6540218f9da3f93db6b84a3e2345f57a9
e74fe6ea2f56386c8674e3e97a71ddf00d40025e560bb8e7c929ecaa0985701b

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 25 May 2022 06:32:12 GMT
Expires: Mon, 07 Nov 2022 20:07:32 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip

mura.com.my/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.6.5

103.130.153.118

200 OK

912 B

URL HTTP/1.1
mura.com.my/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.6.5
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
ASCII text, with very long lines (13766)
Size
912 B (912 bytes)
Hash
1b68f537a3157b7b4a4b9bcd869a32a1
a39486c87a5d26152ad49af5230994a979937d77
6dd4837ea7a3a87c9d8370503205b24baf7728737ee01667bc02cc7209eecbf8

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.6.5 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 25 May 2022 06:31:59 GMT
Expires: Mon, 07 Nov 2022 20:07:32 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip

mura.com.my/wp-content/plugins/tablepress/css/default.min.css?ver=1.14

103.130.153.118

200 OK

2.2 kB

URL HTTP/1.1
mura.com.my/wp-content/plugins/tablepress/css/default.min.css?ver=1.14
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
ASCII text, with very long lines (5092), with no line terminators
Size
2.2 kB (2245 bytes)
Hash
bdcef3095766bc15c4c8ee16d482b024
31bc447ac97af9796dc15bde8e1abd7301f457cd
f429962884a07801bbd0ffd41892cc38165157e34cbee946e2af3aa5d85fec02

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/tablepress/css/default.min.css?ver=1.14 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 22 Mar 2022 10:21:48 GMT
Expires: Mon, 07 Nov 2022 20:07:32 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip

mura.com.my/wp-content/themes/sydney/fonts/font-awesome.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9

103.130.153.118

200 OK

7.1 kB

URL HTTP/1.1
mura.com.my/wp-content/themes/sydney/fonts/font-awesome.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
ASCII text, with very long lines (30837)
Size
7.1 kB (7102 bytes)
Hash
f529ce613d8baf3f3cccfd46f03a084d
84ef851e9885ccc24911e5c03f1cc0d094959cd3
ad0cc939bf160d744317828d29614b37cde0ba0ef08365d8f8b919fe89df3caf

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/sydney/fonts/font-awesome.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 27 May 2022 10:48:07 GMT
Expires: Mon, 07 Nov 2022 20:07:32 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip

mura.com.my/wp-content/themes/sydney/style.css?ver=53af60b4b0777ca62591a0f3f16cdca9

103.130.153.118

200 OK

20 kB

URL HTTP/1.1
mura.com.my/wp-content/themes/sydney/style.css?ver=53af60b4b0777ca62591a0f3f16cdca9
IP
103.130.153.118:0
ASN
#138359 DataKL Solutions Sdn Bhd

File type
Nim source code, ASCII text, with very long lines (950)
Size
20 kB (19505 bytes)
Hash
3071c7c85a65e00fbbf448b1a73157e7
066d05ae77cb3078820dde985c50c2499a6c0a13
9202def0b335615175b5b1ece346b27d64fe6cceb9da6c17a69086b6e257eb3f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/sydney/style.css?ver=53af60b4b0777ca62591a0f3f16cdca9 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 27 May 2022 10:48:15 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2737
Expires: Sat, 08 Oct 2022 20:53:09 GMT
Date: Sat, 08 Oct 2022 20:07:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2737
Expires: Sat, 08 Oct 2022 20:53:09 GMT
Date: Sat, 08 Oct 2022 20:07:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2737
Expires: Sat, 08 Oct 2022 20:53:09 GMT
Date: Sat, 08 Oct 2022 20:07:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2737
Expires: Sat, 08 Oct 2022 20:53:09 GMT
Date: Sat, 08 Oct 2022 20:07:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2737
Expires: Sat, 08 Oct 2022 20:53:09 GMT
Date: Sat, 08 Oct 2022 20:07:32 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5185 bytes)
Hash
e5c4757ceb6dce32d0f9d26d5b3df038
d8209d82f61c7a09e00756e5dd32c99bc61af4a8
6aa007279ba4cdea3f772e0601e4082d40ee947ef8cc1201ce0009fb42ca9885

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3c3ff89f-8a8c-44ae-981a-0e9adaf7d959
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zj_dSEs8IAMFqFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633e45ee-6c97b82d137c2f1951270b82;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 03:05:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6wWlD3C6HI9oxa0VAYA6N5afAcUDTQXdO8X31eZUglfdC6jSQo_gew==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 08 Oct 2022 03:29:14 GMT
age: 59898
etag: "d8209d82f61c7a09e00756e5dd32c99bc61af4a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcff4d93b-bc27-41dd-ad6a-5d295cfb6472.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4252 bytes)
Hash
7dcf23b32642f7a82a0a7d734a631bca
9dc8bd1a00dcb896fade6d3112ef53439ecb8fe7
add9aab4427819610f8d693758a752910cf314346e974b7636a82381ab9daa4d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcff4d93b-bc27-41dd-ad6a-5d295cfb6472.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4252
x-amzn-requestid: 8d6a225c-6389-4f20-9b90-494841f47c99
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1R4GjCIAMFX-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409c0b-4076dc933185d9fd6b68e802;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:37:15 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Wb1JAlWtR9sSEi_KuYZivvMivSxZjo92LGpWgFppol5zgapK6eQ-dg==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:37:16 GMT
etag: "9dc8bd1a00dcb896fade6d3112ef53439ecb8fe7"
content-type: image/jpeg
age: 81016
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57a0ead-deef-46c2-985b-fb7ba539285b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6366 bytes)
Hash
9bc50d1380ae8fc980ae1cc38f2371c7
be79aecfd7eefa89c409ed743402a292ff0ce6c0
43e015802ba453d4cd79984b53efa8a529ece62760f6693f9daeb2388179201f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57a0ead-deef-46c2-985b-fb7ba539285b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6366
x-amzn-requestid: ddcd915d-2606-4243-969e-19fb02b5b6d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1EJGoSIAMFcSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409bb3-1c7bd17a2dcdd25e4da6d346;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Cm4uaStVKEsemoOHrc04J9qNysQJoMB7-R8LEzmlRXt47mpXi2NRPA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:50:12 GMT
age: 80240
etag: "be79aecfd7eefa89c409ed743402a292ff0ce6c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9046 bytes)
Hash
7e30ca5022768294665070cafc9d489c
c6ebf53c21206cfcf8e70279d3ae43f0170ade3a
6b834cdae692318a114c0d82ebff4fa8f4e65526983758e08ffb130d4d86020f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9046
x-amzn-requestid: d560c8ba-6e81-46f7-a451-30c40fbfce6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_F7qIAMFkQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-012e65d675558ec8544a1f30;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Y_VpleudG3M2sQd7mFGVhPvfULiNQl3YY8xuhiTnTE5VIC64O8vqMA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 583992e175976bd59a21b4416890271e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:44:19 GMT
age: 80593
etag: "c6ebf53c21206cfcf8e70279d3ae43f0170ade3a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e9e3511-179a-47a1-a41a-7b5f6ecbf14f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5440 bytes)
Hash
a6207431ae268d805fb92237925c8fc0
075b576b0d47e0f6cbbb9dc85f87e8ca4e8eca87
bb8966bd5b80f1ba6c974925df0610e0a219759ab92df062e135baae02fa0071

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e9e3511-179a-47a1-a41a-7b5f6ecbf14f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5440
x-amzn-requestid: c9408e3c-29f6-4a53-b09d-0c3f49e99287
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp3AzFQ3oAMF_Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409ed1-1da6e8c500879b080c66fdfe;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:49:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: bpAfspjZlm1y-CxYtXbhfwPHzcNxLJGVh_j685Z-TvTV-kdRttBjhg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 22:11:50 GMT
etag: "075b576b0d47e0f6cbbb9dc85f87e8ca4e8eca87"
content-type: image/jpeg
age: 78942
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8d22189-9354-45d8-a562-99fb9adeda28.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9112 bytes)
Hash
d67e1b7a9224fb617581c14af1e369ac
941b8fdd8736691d796738233681f12900af92c4
ed88575e76e6919ab4702bb29db5c48c5bd250ad2a89047d4d8a31cf3c77f12e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8d22189-9354-45d8-a562-99fb9adeda28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9112
x-amzn-requestid: 94c5c303-a221-4b00-9d01-95607233fbc4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp2PxHXuoAMFZzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409d97-5080b3765b6cd57c64e36e80;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:43:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: caUfhYpcvVq0JjR0INv3aPuCZDq50dJg9p7Wjlz6TcJaX7kU3OIHDA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:50:09 GMT
age: 80243
etag: "941b8fdd8736691d796738233681f12900af92c4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

stats.wp.com/e-202240.js

192.0.76.3

200 OK

5.1 kB

URL HTTP/2
stats.wp.com/e-202240.js
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (2690)
Size
5.1 kB (5069 bytes)
Hash
c25e71738fc7ff27ee9a0879e417322e
aca120ab2abc4d0247882739f80e26c8695924d9
0eaa9988412362a893e0ece3c153eafa1761aabc9a7df967b615c8ed0210fb12

HTTP Headers

GET /e-202240.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mura.com.my/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:31 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Mon, 25 Sep 2023 06:12:14 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2

away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29

91.211.91.104

302 Found

0 B

URL HTTP/2
away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29
IP
91.211.91.104:0
ASN
#206638 PE Brezhnev Daniil

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /track.php?nid=54889&yid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mura.com.my/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
server: nginx
date: Sat, 08 Oct 2022 20:07:34 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29

91.211.91.104

200 OK

800 B

URL HTTP/2
away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
IP
91.211.91.104:0
ASN
#206638 PE Brezhnev Daniil

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
800 B (800 bytes)
Hash
860909eed80ebd9f4507a56f3c0a8a58
9840e51adf237d4befeba1555d1c2258f2a7e0bc
9f98eef57caf80e6db345f50222f4ff3c4934084c4ac97208f90c521ff7ab37c

HTTP Headers

GET /track.php?tid=54889&lid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mura.com.my/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:34 GMT
content-type: text/html; charset=UTF-8
content-length: 800
vary: Accept-Encoding
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
87232cbbadf11d4f29f54cdbaf1e20a6
609e0dcecd976be7918c0f7f29f161d6e4502095
e1ab7a032269fbfea5a407d9cb0b593ec7308ad3e471510b9b2788762b4a527c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E1AB7A032269FBFEA5A407D9CB0B593EC7308AD3E471510B9B2788762B4A527C"
Last-Modified: Fri, 07 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16142
Expires: Sun, 09 Oct 2022 00:36:37 GMT
Date: Sat, 08 Oct 2022 20:07:35 GMT
Connection: keep-alive

groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7

185.177.94.152

200 OK

53 kB

URL HTTP/2
groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (29334)
Size
53 kB (53176 bytes)
Hash
91b7eba66b066578b5a045441b9f8daf
408d460ae9108e2a57e701e7572e65ad99afdfd4
90f250f89846fdbde94c4277a836b47c81c25ac7d2f82df72832bc5620316ca3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7 HTTP/1.1
Host: groundflares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.bettershitecolumn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:35 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6e518ca5-818b-441e-85f7-a621cec5cf79; expires=Mon, 07-Nov-2022 20:07:35 GMT; Max-Age=2592000; path=/; domain=groundflares.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

groundflares.com/favicon.ico

185.177.94.152

204 No Content

0 B

URL HTTP/2
groundflares.com/favicon.ico
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: groundflares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7
Cookie: uuid=6e518ca5-818b-441e-85f7-a621cec5cf79
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 08 Oct 2022 20:07:35 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bf85c6bde1e3a934d54fe3bfda3ee8cd
f98ab751f46df53933afb364be808e2cfc6e0b61
d62c1f60657dadd73d22178b47b4c33825c29e2609f7148b1401f84cd8fa4384

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D62C1F60657DADD73D22178B47B4C33825C29E2609F7148B1401F84CD8FA4384"
Last-Modified: Fri, 07 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7530
Expires: Sat, 08 Oct 2022 22:13:05 GMT
Date: Sat, 08 Oct 2022 20:07:35 GMT
Connection: keep-alive

0.groundflares.com/b81698fd2.js

185.177.94.152

200 OK

54 B

URL HTTP/2
0.groundflares.com/b81698fd2.js
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
54 B (54 bytes)
Hash
30c1fd0f847f40d79960103f317ec07d
a0d13efcd4192c63adc1eabfb05717ad1cebd931
556ec061bb60ac3e9a1769e325fa43e4e6c1351216161560bdd37356956dbd1f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b81698fd2.js HTTP/1.1
Host: 0.groundflares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=6e518ca5-818b-441e-85f7-a621cec5cf79; uuid=6e518ca5-818b-441e-85f7-a621cec5cf79
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 54
last-modified: Sat, 02 Jul 2022 04:59:02 GMT
etag: "62bfd096-36"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

0.groundflares.com/favicon.ico

185.177.94.152

204 No Content

0 B

URL HTTP/2
0.groundflares.com/favicon.ico
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 0.groundflares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.groundflares.com/index.php?p=gmytgnrvg45dcmbyg4yq&sub2=lowerpp7
Cookie: uuid=6e518ca5-818b-441e-85f7-a621cec5cf79; uuid=6e518ca5-818b-441e-85f7-a621cec5cf79
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 08 Oct 2022 20:07:36 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0529de4e5ce72bc81096e9fd63f53a87
86be51e45e32c3358c3b9412a77f5a8c4e116253
338f908157165b0f87e8774e8626be9916a4e37672d7e07e448d5f7e4b1814d9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "338F908157165B0F87E8774E8626BE9916A4E37672D7E07E448D5F7E4B1814D9"
Last-Modified: Thu, 06 Oct 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1616
Expires: Sat, 08 Oct 2022 20:34:32 GMT
Date: Sat, 08 Oct 2022 20:07:36 GMT
Connection: keep-alive

0.groundflares.com/index.php?p=gmytgnrvg45dcmbyg4yq&sub2=lowerpp7

185.177.94.152

200 OK

18 kB

URL HTTP/2
0.groundflares.com/index.php?p=gmytgnrvg45dcmbyg4yq&sub2=lowerpp7
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7732)
Size
18 kB (18179 bytes)
Hash
5b405de5bd2a92696b3b74be7c4f2ce1
f039888543c846847a464add6a9cb78c4f5b121c
219705e457da4bfee29b21c219793bf3a5b579134a16a2b59345174a39598289

HTTP Headers

GET /index.php?p=gmytgnrvg45dcmbyg4yq&sub2=lowerpp7 HTTP/1.1
Host: 0.groundflares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groundflares.com/
Cookie: uuid=6e518ca5-818b-441e-85f7-a621cec5cf79
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:35 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6e518ca5-818b-441e-85f7-a621cec5cf79; expires=Mon, 07-Nov-2022 20:07:35 GMT; Max-Age=2592000; path=/; domain=0.groundflares.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=53af60b4b0777ca62591a0f3f16cdca9

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=53af60b4b0777ca62591a0f3f16cdca9
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=53af60b4b0777ca62591a0f3f16cdca9 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mura.com.my/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 08 Oct 2022 20:07:31 GMT
date: Sat, 08 Oct 2022 20:07:31 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

browork3er.cc/sw/bro.js

212.129.16.248

200 OK

0 B

URL HTTP/2
browork3er.cc/sw/bro.js
IP
212.129.16.248:0
ASN
#12876 Online S.a.s.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw/bro.js HTTP/1.1
Host: browork3er.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groundflares.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 08 Oct 2023 20:07:35 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

cdn.weatherplllatform.com/event.js?v=7.77

91.211.91.114

200 OK

0 B

URL HTTP/2
cdn.weatherplllatform.com/event.js?v=7.77
IP
91.211.91.114:0
ASN
#206638 PE Brezhnev Daniil

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /event.js?v=7.77 HTTP/1.1
Host: cdn.weatherplllatform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mura.com.my/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 26 Sep 2022 14:49:43 GMT
vary: Accept-Encoding
etag: W/"6331bc07-920"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2

browork3er.cc/sw/bro.js

212.129.16.248

200 OK

0 B

URL HTTP/2
browork3er.cc/sw/bro.js
IP
212.129.16.248:0
ASN
#12876 Online S.a.s.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw/bro.js HTTP/1.1
Host: browork3er.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.groundflares.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:36 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 08 Oct 2023 20:07:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations