firefox.settings.services.mozilla.com/v1/
54.230.111.7200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1aac651ec250c598683dd17ca2002c07
11595ac82e017f95190c2a36dc77323a3fedcbfc
93fa640d042452ae8455d026e30e3b4594c13d4be65f3552a4b5edae027c02f9
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Content-Length, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 08 Oct 2022 19:38:24 GMT
Expires: Sat, 08 Oct 2022 20:23:37 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JKLKYMMRXr3xrjD1uZuCpMM-kwKA-uHCOqxI12pXEQgUIATsd22qEA==
Age: 1746
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1273d41c84b2b39f78a8033130d00282
556757697b70e019ed502585fcc888e2403f3229
ee3c03cc0a659fbc43d34feaa79a8ad6627b9c525d675956cdb434c1590db89e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EE3C03CC0A659FBC43D34FEAA79A8AD6627B9C525D675956CDB434C1590DB89E"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2747
Expires: Sat, 08 Oct 2022 20:53:17 GMT
Date: Sat, 08 Oct 2022 20:07:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2176
Expires: Sat, 08 Oct 2022 20:43:46 GMT
Date: Sat, 08 Oct 2022 20:07:30 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: eNzEHvWSPYX7pOEmxpU8SpS6ZuBZj89a6MgFPMVRj49XvQnoQOCW13tkLOcOs70CJJIAEQpXWCg=
x-amz-request-id: 5Y14RSN0RFFB3XHG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 08 Oct 2022 19:59:44 GMT
age: 466
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:30 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.7200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.7:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sat, 08 Oct 2022 19:29:41 GMT
Cache-Control: max-age=3600
Expires: Sat, 08 Oct 2022 20:23:31 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: lSOkQviG8Wn21nYDX7OjpddvFKOR7acqPE9z1yue0Bitad_GmhRkpQ==
Age: 2269
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5479444ef227af03029fbb9d154f0107
0563678ec07ab3707b716ca4c638ece4c8ad7de4
4850d49786a140003b90ae108104ffbfe80a6e0d9f584656a09f0fff11dc9d0d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6358
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 20:07:30 GMT
Last-Modified: Sat, 08 Oct 2022 18:21:32 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
mura.com.my/membership-renewal
103.130.153.118301 Moved Permanently 890 B URL HTTP/1.1 mura.com.my/membership-renewal
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
File type HTML document, ASCII text, with very long lines (890), with no line terminators
Hash 10f206440d96baba21e4e6879a8d72cc
37f8e988b703fb0cb1d085d361a38f638a543c42
2e91f5fd8e18fafb7b6919bca3f747e800ad55f6846a0063507b867f225da625
Analyzer Verdict Alert fortinet Malware
GET /membership-renewal HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40
X-Redirect-By: WordPress
Location: http://mura.com.my/membership-renewal/
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
X-Nginx-Upstream-Cache-Status: MISS
push.services.mozilla.com/
54.148.190.4101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.190.4:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aDzj46zZhuqXUjeDERWxOg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 82RyJcy3HWQSOJd6Y7YwLeGGY7E=
mura.com.my/membership-renewal/
103.130.153.118200 OK 19 kB URL HTTP/1.1 mura.com.my/membership-renewal/
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (20680), with CRLF, LF line terminators
Hash 1c8d2fd1505bd879e0d538e7481b0723
983824204758965bdc67653ff3e75d6b1868e7fc
8340a42e009704b1089aab8ed0d6da32e46843cf8ad7f08c47c8531d9c9a61b2
Analyzer Verdict Alert fortinet Malware
GET /membership-renewal/ HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
Link: <http://mura.com.my/wp-json/>; rel="https://api.w.org/", <http://mura.com.my/wp-json/wp/v2/pages/1430>; rel="alternate"; type="application/json", <https://wp.me/P9rr6g-n4>; rel=shortlink
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
X-Nginx-Upstream-Cache-Status: UPDATING
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ee96d771e1664e3afe56cf32bfe45eee
3ab9109d6f7a952cf2f7071ecb5ee186f9eebf6a
df7a23267a1a0bddc477d2b3f4c870b6a6ab7b4dca5fc38164d814ccae2b2fdd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 20:07:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.jotform.com/jsform/70311151531439?redirect=1
104.23.133.11301 Moved Permanently 0 B URL HTTP/1.1 www.jotform.com/jsform/70311151531439?redirect=1
IP 104.23.133.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /jsform/70311151531439?redirect=1 HTTP/1.1
Host: www.jotform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/
HTTP/1.1 301 Moved Permanently
Date: Sat, 08 Oct 2022 20:07:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 08 Oct 2022 21:07:31 GMT
Location: https://www.jotform.com/jsform/70311151531439?redirect=1
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 757180d73c381c0e-OSL
alt-svc: h2=":443"; ma=60
mura.com.my/wp-content/plugins/sydney-toolbox/css/styles.min.css?ver=20220107
103.130.153.118200 OK 2.4 kB URL HTTP/1.1 mura.com.my/wp-content/plugins/sydney-toolbox/css/styles.min.css?ver=20220107
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
File type ASCII text, with very long lines (14631), with no line terminators
Hash 20f4021af010bee795272b5230ea106b
621e3c68a4c842265e85680b262efe2a4010b58d
c40c177282315c409359f78cf99bd0d4fd5bed29f0a5d9bef4dd6ba2105a6d7a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/sydney-toolbox/css/styles.min.css?ver=20220107 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 22 Mar 2022 10:21:34 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip
mura.com.my/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.5
103.130.153.118200 OK 2.6 kB URL HTTP/1.1 mura.com.my/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.5
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
File type ASCII text, with very long lines (10019)
Hash c42d43078a3ff558042b6ec80c66a086
fd8951772644a8b4c30111eb74f33fff40d4e095
050daa68d90726ceafd44b1eb12565fea6845bb17cce63464effd28199a0df61
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.5 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 25 May 2022 06:32:18 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 579e733097a7260db68f6ab5fc4ab3c9
bcee618650f7eb1595974812db6995d7ee0e9764
c025aa32afae5edb4c793bcc3076c86ae945438c7d2e96f7847054aeb1ed690b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 20:07:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mura.com.my/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9
103.130.153.118200 OK 1.2 kB URL HTTP/1.1 mura.com.my/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
File type ASCII text, with very long lines (4186), with no line terminators
Hash 12abf54137d4fe7125009945facd733d
4c7d795c2b7857a8e8733f667d61a7a88565818e
48856e8c9f3fd260906105995e727f97d909869a362ecbc183fe10af73d4e479
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 25 May 2022 06:56:58 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip
mura.com.my/wp-content/plugins/column-shortcodes//assets/css/shortcodes.css?ver=1.0.1
103.130.153.118200 OK 698 B URL HTTP/1.1 mura.com.my/wp-content/plugins/column-shortcodes//assets/css/shortcodes.css?ver=1.0.1
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
File type ASCII text, with CRLF line terminators
Hash 0f45c0fad3884a189b3209a670cabea5
0192096f120abe8a639b77d24604b5e50659fc9c
d98cc3751b7d5eaf375e63e8517dedb8b975a5660ea3977f0f1453fa2b99c710
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/column-shortcodes//assets/css/shortcodes.css?ver=1.0.1 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 22 Mar 2022 10:14:43 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip
mura.com.my/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6.1
103.130.153.118200 OK 974 B URL HTTP/1.1 mura.com.my/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6.1
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
Hash d7804d649234ee1928e28576be1dc211
a4084bf3222ebb744fe921f1716f7d6d45aeebe6
36e72ef65d6c9091a71d963f37139c48f0eea6a393429a32e5fedced15be5bfe
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6.1 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 25 May 2022 06:29:53 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip
mura.com.my/wp-content/plugins/page-views-count/assets/css/style.min.css?ver=2.5.5
103.130.153.118200 OK 203 B URL HTTP/1.1 mura.com.my/wp-content/plugins/page-views-count/assets/css/style.min.css?ver=2.5.5
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
File type ASCII text, with very long lines (398), with no line terminators
Hash 957cd599f005c408604710b359f66994
67b63c482c020e262aa455c234c064e5f76a9893
61c7c1d14f7845b668078a8799de819566dcf81ae04814531c06d64a296fbedc
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/page-views-count/assets/css/style.min.css?ver=2.5.5 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 25 May 2022 06:33:26 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ee96d771e1664e3afe56cf32bfe45eee
3ab9109d6f7a952cf2f7071ecb5ee186f9eebf6a
df7a23267a1a0bddc477d2b3f4c870b6a6ab7b4dca5fc38164d814ccae2b2fdd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 20:07:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6LeqgoUUAAAAAPCDTwYnFL3mN99NPUswsUZ1VK9Z&ver=3.0
142.250.74.164200 OK 584 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LeqgoUUAAAAAPCDTwYnFL3mN99NPUswsUZ1VK9Z&ver=3.0
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 751bd2205d789d2eaa4233d8ef3f77de
b617bef93b014a64e0ba419c3918b75387fb28f8
6a0310f1c091d3d6ed55d6098418214a58dbc61d1d56250545b507e60167b442
GET /recaptcha/api.js?render=6LeqgoUUAAAAAPCDTwYnFL3mN99NPUswsUZ1VK9Z&ver=3.0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mura.com.my/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 08 Oct 2022 20:07:32 GMT
date: Sat, 08 Oct 2022 20:07:32 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 584
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a5bb2ca079b8c15c921933d39c57ae47
7ae6e38c3e12ef05164b04df7f2a65be3a3ec440
336607c0f56b4a97511339d2437520aa8c9d6cb07b5b5ddf535efe65561d2890
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Oct 2022 20:07:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mura.com.my/wp-content/themes/sydney-child/style.css?ver=20220307
103.130.153.118200 OK 191 B URL HTTP/1.1 mura.com.my/wp-content/themes/sydney-child/style.css?ver=20220307
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
Hash b062ace305099e85cae73827a735e91d
6e3631c10cfa8ab3ff07553fcebda145d3437690
426458bf2bafbedaf6ed04f79e347352050904466aa429b0ae883f06244a7955
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/sydney-child/style.css?ver=20220307 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sun, 06 Sep 2015 13:05:00 GMT
Expires: Mon, 07 Nov 2022 20:07:32 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip
mura.com.my/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
103.130.153.118200 OK 4.0 kB URL HTTP/1.1 mura.com.my/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
File type ASCII text, with very long lines (19082)
Hash 5a6fb5508bd29cad5bc261a32a6d4f97
850c01e6540218f9da3f93db6b84a3e2345f57a9
e74fe6ea2f56386c8674e3e97a71ddf00d40025e560bb8e7c929ecaa0985701b
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 25 May 2022 06:32:12 GMT
Expires: Mon, 07 Nov 2022 20:07:32 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip
mura.com.my/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.6.5
103.130.153.118200 OK 912 B URL HTTP/1.1 mura.com.my/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.6.5
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
File type ASCII text, with very long lines (13766)
Hash 1b68f537a3157b7b4a4b9bcd869a32a1
a39486c87a5d26152ad49af5230994a979937d77
6dd4837ea7a3a87c9d8370503205b24baf7728737ee01667bc02cc7209eecbf8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.6.5 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 25 May 2022 06:31:59 GMT
Expires: Mon, 07 Nov 2022 20:07:32 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip
mura.com.my/wp-content/plugins/tablepress/css/default.min.css?ver=1.14
103.130.153.118200 OK 2.2 kB URL HTTP/1.1 mura.com.my/wp-content/plugins/tablepress/css/default.min.css?ver=1.14
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
File type ASCII text, with very long lines (5092), with no line terminators
Hash bdcef3095766bc15c4c8ee16d482b024
31bc447ac97af9796dc15bde8e1abd7301f457cd
f429962884a07801bbd0ffd41892cc38165157e34cbee946e2af3aa5d85fec02
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/tablepress/css/default.min.css?ver=1.14 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 22 Mar 2022 10:21:48 GMT
Expires: Mon, 07 Nov 2022 20:07:32 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip
mura.com.my/wp-content/themes/sydney/fonts/font-awesome.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9
103.130.153.118200 OK 7.1 kB URL HTTP/1.1 mura.com.my/wp-content/themes/sydney/fonts/font-awesome.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
File type ASCII text, with very long lines (30837)
Hash f529ce613d8baf3f3cccfd46f03a084d
84ef851e9885ccc24911e5c03f1cc0d094959cd3
ad0cc939bf160d744317828d29614b37cde0ba0ef08365d8f8b919fe89df3caf
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/sydney/fonts/font-awesome.min.css?ver=53af60b4b0777ca62591a0f3f16cdca9 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 27 May 2022 10:48:07 GMT
Expires: Mon, 07 Nov 2022 20:07:32 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip
mura.com.my/wp-content/themes/sydney/style.css?ver=53af60b4b0777ca62591a0f3f16cdca9
103.130.153.118200 OK 20 kB URL HTTP/1.1 mura.com.my/wp-content/themes/sydney/style.css?ver=53af60b4b0777ca62591a0f3f16cdca9
IP 103.130.153.118:0
ASN #138359 DataKL Solutions Sdn Bhd
File type Nim source code, ASCII text, with very long lines (950)
Hash 3071c7c85a65e00fbbf448b1a73157e7
066d05ae77cb3078820dde985c50c2499a6c0a13
9202def0b335615175b5b1ece346b27d64fe6cceb9da6c17a69086b6e257eb3f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/sydney/style.css?ver=53af60b4b0777ca62591a0f3f16cdca9 HTTP/1.1
Host: mura.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mura.com.my/membership-renewal/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 08 Oct 2022 20:07:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 27 May 2022 10:48:15 GMT
Expires: Mon, 07 Nov 2022 20:07:31 GMT
Cache-Control: max-age=2592000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *, *
X-Nginx-Upstream-Cache-Status: STALE
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2737
Expires: Sat, 08 Oct 2022 20:53:09 GMT
Date: Sat, 08 Oct 2022 20:07:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2737
Expires: Sat, 08 Oct 2022 20:53:09 GMT
Date: Sat, 08 Oct 2022 20:07:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2737
Expires: Sat, 08 Oct 2022 20:53:09 GMT
Date: Sat, 08 Oct 2022 20:07:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2737
Expires: Sat, 08 Oct 2022 20:53:09 GMT
Date: Sat, 08 Oct 2022 20:07:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 31e440ccd993c4ee793f50511c2ac7c4
4380327d50b7001d158aee05a57c6078e57c94e4
65d8a97f6df1e110333a01d1f6dcb4982db7bb4b1c5f3f1498fafa716e250c0f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65D8A97F6DF1E110333A01D1F6DCB4982DB7BB4B1C5F3F1498FAFA716E250C0F"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2737
Expires: Sat, 08 Oct 2022 20:53:09 GMT
Date: Sat, 08 Oct 2022 20:07:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5c4757ceb6dce32d0f9d26d5b3df038
d8209d82f61c7a09e00756e5dd32c99bc61af4a8
6aa007279ba4cdea3f772e0601e4082d40ee947ef8cc1201ce0009fb42ca9885
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56d7dd70-3706-4d51-94da-88fa19a58ad8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3c3ff89f-8a8c-44ae-981a-0e9adaf7d959
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zj_dSEs8IAMFqFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633e45ee-6c97b82d137c2f1951270b82;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 03:05:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6wWlD3C6HI9oxa0VAYA6N5afAcUDTQXdO8X31eZUglfdC6jSQo_gew==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 08 Oct 2022 03:29:14 GMT
age: 59898
etag: "d8209d82f61c7a09e00756e5dd32c99bc61af4a8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcff4d93b-bc27-41dd-ad6a-5d295cfb6472.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcff4d93b-bc27-41dd-ad6a-5d295cfb6472.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7dcf23b32642f7a82a0a7d734a631bca
9dc8bd1a00dcb896fade6d3112ef53439ecb8fe7
add9aab4427819610f8d693758a752910cf314346e974b7636a82381ab9daa4d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcff4d93b-bc27-41dd-ad6a-5d295cfb6472.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4252
x-amzn-requestid: 8d6a225c-6389-4f20-9b90-494841f47c99
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1R4GjCIAMFX-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409c0b-4076dc933185d9fd6b68e802;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:37:15 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Wb1JAlWtR9sSEi_KuYZivvMivSxZjo92LGpWgFppol5zgapK6eQ-dg==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:37:16 GMT
etag: "9dc8bd1a00dcb896fade6d3112ef53439ecb8fe7"
content-type: image/jpeg
age: 81016
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57a0ead-deef-46c2-985b-fb7ba539285b.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57a0ead-deef-46c2-985b-fb7ba539285b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9bc50d1380ae8fc980ae1cc38f2371c7
be79aecfd7eefa89c409ed743402a292ff0ce6c0
43e015802ba453d4cd79984b53efa8a529ece62760f6693f9daeb2388179201f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57a0ead-deef-46c2-985b-fb7ba539285b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6366
x-amzn-requestid: ddcd915d-2606-4243-969e-19fb02b5b6d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp1EJGoSIAMFcSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409bb3-1c7bd17a2dcdd25e4da6d346;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Cm4uaStVKEsemoOHrc04J9qNysQJoMB7-R8LEzmlRXt47mpXi2NRPA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:50:12 GMT
age: 80240
etag: "be79aecfd7eefa89c409ed743402a292ff0ce6c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e30ca5022768294665070cafc9d489c
c6ebf53c21206cfcf8e70279d3ae43f0170ade3a
6b834cdae692318a114c0d82ebff4fa8f4e65526983758e08ffb130d4d86020f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0135ba0-9033-445f-8155-a6c093862ccb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9046
x-amzn-requestid: d560c8ba-6e81-46f7-a451-30c40fbfce6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zmhi_F7qIAMFkQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f4946-012e65d675558ec8544a1f30;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 21:31:50 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Y_VpleudG3M2sQd7mFGVhPvfULiNQl3YY8xuhiTnTE5VIC64O8vqMA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 583992e175976bd59a21b4416890271e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:44:19 GMT
age: 80593
etag: "c6ebf53c21206cfcf8e70279d3ae43f0170ade3a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e9e3511-179a-47a1-a41a-7b5f6ecbf14f.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e9e3511-179a-47a1-a41a-7b5f6ecbf14f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a6207431ae268d805fb92237925c8fc0
075b576b0d47e0f6cbbb9dc85f87e8ca4e8eca87
bb8966bd5b80f1ba6c974925df0610e0a219759ab92df062e135baae02fa0071
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e9e3511-179a-47a1-a41a-7b5f6ecbf14f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5440
x-amzn-requestid: c9408e3c-29f6-4a53-b09d-0c3f49e99287
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp3AzFQ3oAMF_Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409ed1-1da6e8c500879b080c66fdfe;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:49:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: bpAfspjZlm1y-CxYtXbhfwPHzcNxLJGVh_j685Z-TvTV-kdRttBjhg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 22:11:50 GMT
etag: "075b576b0d47e0f6cbbb9dc85f87e8ca4e8eca87"
content-type: image/jpeg
age: 78942
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8d22189-9354-45d8-a562-99fb9adeda28.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8d22189-9354-45d8-a562-99fb9adeda28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d67e1b7a9224fb617581c14af1e369ac
941b8fdd8736691d796738233681f12900af92c4
ed88575e76e6919ab4702bb29db5c48c5bd250ad2a89047d4d8a31cf3c77f12e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8d22189-9354-45d8-a562-99fb9adeda28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9112
x-amzn-requestid: 94c5c303-a221-4b00-9d01-95607233fbc4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zp2PxHXuoAMFZzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63409d97-5080b3765b6cd57c64e36e80;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 21:43:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: caUfhYpcvVq0JjR0INv3aPuCZDq50dJg9p7Wjlz6TcJaX7kU3OIHDA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 07 Oct 2022 21:50:09 GMT
age: 80243
etag: "941b8fdd8736691d796738233681f12900af92c4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
stats.wp.com/e-202240.js
192.0.76.3200 OK 5.1 kB IP 192.0.76.3:0
File type ASCII text, with very long lines (2690)
Hash c25e71738fc7ff27ee9a0879e417322e
aca120ab2abc4d0247882739f80e26c8695924d9
0eaa9988412362a893e0ece3c153eafa1761aabc9a7df967b615c8ed0210fb12
GET /e-202240.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mura.com.my/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:31 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Mon, 25 Sep 2023 06:12:14 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29
91.211.91.104302 Found 0 B URL HTTP/2 away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track.php?nid=54889&yid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mura.com.my/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 08 Oct 2022 20:07:34 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
91.211.91.104200 OK 800 B URL HTTP/2 away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 860909eed80ebd9f4507a56f3c0a8a58
9840e51adf237d4befeba1555d1c2258f2a7e0bc
9f98eef57caf80e6db345f50222f4ff3c4934084c4ac97208f90c521ff7ab37c
GET /track.php?tid=54889&lid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mura.com.my/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:34 GMT
content-type: text/html; charset=UTF-8
content-length: 800
vary: Accept-Encoding
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 87232cbbadf11d4f29f54cdbaf1e20a6
609e0dcecd976be7918c0f7f29f161d6e4502095
e1ab7a032269fbfea5a407d9cb0b593ec7308ad3e471510b9b2788762b4a527c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E1AB7A032269FBFEA5A407D9CB0B593EC7308AD3E471510B9B2788762B4A527C"
Last-Modified: Fri, 07 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16142
Expires: Sun, 09 Oct 2022 00:36:37 GMT
Date: Sat, 08 Oct 2022 20:07:35 GMT
Connection: keep-alive
groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7
185.177.94.152200 OK 53 kB URL HTTP/2 groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (29334)
Hash 91b7eba66b066578b5a045441b9f8daf
408d460ae9108e2a57e701e7572e65ad99afdfd4
90f250f89846fdbde94c4277a836b47c81c25ac7d2f82df72832bc5620316ca3
Analyzer Verdict Alert fortinet Phishing
GET /go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7 HTTP/1.1
Host: groundflares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.bettershitecolumn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:35 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6e518ca5-818b-441e-85f7-a621cec5cf79; expires=Mon, 07-Nov-2022 20:07:35 GMT; Max-Age=2592000; path=/; domain=groundflares.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
groundflares.com/favicon.ico
185.177.94.152204 No Content 0 B URL HTTP/2 groundflares.com/favicon.ico
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: groundflares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groundflares.com/go/gmytgnrvg45dcmbyg4yq?sub2=lowerpp7
Cookie: uuid=6e518ca5-818b-441e-85f7-a621cec5cf79
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 08 Oct 2022 20:07:35 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bf85c6bde1e3a934d54fe3bfda3ee8cd
f98ab751f46df53933afb364be808e2cfc6e0b61
d62c1f60657dadd73d22178b47b4c33825c29e2609f7148b1401f84cd8fa4384
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D62C1F60657DADD73D22178B47B4C33825C29E2609F7148B1401F84CD8FA4384"
Last-Modified: Fri, 07 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7530
Expires: Sat, 08 Oct 2022 22:13:05 GMT
Date: Sat, 08 Oct 2022 20:07:35 GMT
Connection: keep-alive
0.groundflares.com/b81698fd2.js
185.177.94.152200 OK 54 B URL HTTP/2 0.groundflares.com/b81698fd2.js
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 30c1fd0f847f40d79960103f317ec07d
a0d13efcd4192c63adc1eabfb05717ad1cebd931
556ec061bb60ac3e9a1769e325fa43e4e6c1351216161560bdd37356956dbd1f
Analyzer Verdict Alert fortinet Phishing
GET /b81698fd2.js HTTP/1.1
Host: 0.groundflares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=6e518ca5-818b-441e-85f7-a621cec5cf79; uuid=6e518ca5-818b-441e-85f7-a621cec5cf79
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 54
last-modified: Sat, 02 Jul 2022 04:59:02 GMT
etag: "62bfd096-36"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
0.groundflares.com/favicon.ico
185.177.94.152204 No Content 0 B URL HTTP/2 0.groundflares.com/favicon.ico
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 0.groundflares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.groundflares.com/index.php?p=gmytgnrvg45dcmbyg4yq&sub2=lowerpp7
Cookie: uuid=6e518ca5-818b-441e-85f7-a621cec5cf79; uuid=6e518ca5-818b-441e-85f7-a621cec5cf79
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 08 Oct 2022 20:07:36 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0529de4e5ce72bc81096e9fd63f53a87
86be51e45e32c3358c3b9412a77f5a8c4e116253
338f908157165b0f87e8774e8626be9916a4e37672d7e07e448d5f7e4b1814d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "338F908157165B0F87E8774E8626BE9916A4E37672D7E07E448D5F7E4B1814D9"
Last-Modified: Thu, 06 Oct 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1616
Expires: Sat, 08 Oct 2022 20:34:32 GMT
Date: Sat, 08 Oct 2022 20:07:36 GMT
Connection: keep-alive
0.groundflares.com/index.php?p=gmytgnrvg45dcmbyg4yq&sub2=lowerpp7
185.177.94.152200 OK 18 kB URL HTTP/2 0.groundflares.com/index.php?p=gmytgnrvg45dcmbyg4yq&sub2=lowerpp7
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7732)
Hash 5b405de5bd2a92696b3b74be7c4f2ce1
f039888543c846847a464add6a9cb78c4f5b121c
219705e457da4bfee29b21c219793bf3a5b579134a16a2b59345174a39598289
GET /index.php?p=gmytgnrvg45dcmbyg4yq&sub2=lowerpp7 HTTP/1.1
Host: 0.groundflares.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groundflares.com/
Cookie: uuid=6e518ca5-818b-441e-85f7-a621cec5cf79
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:35 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=6e518ca5-818b-441e-85f7-a621cec5cf79; expires=Mon, 07-Nov-2022 20:07:35 GMT; Max-Age=2592000; path=/; domain=0.groundflares.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=53af60b4b0777ca62591a0f3f16cdca9
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=53af60b4b0777ca62591a0f3f16cdca9
IP 142.250.74.10:0
GET /css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=53af60b4b0777ca62591a0f3f16cdca9 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mura.com.my/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 08 Oct 2022 20:07:31 GMT
date: Sat, 08 Oct 2022 20:07:31 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
browork3er.cc/sw/bro.js
212.129.16.248200 OK 0 B IP 212.129.16.248:0
GET /sw/bro.js HTTP/1.1
Host: browork3er.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groundflares.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 08 Oct 2023 20:07:35 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
cdn.weatherplllatform.com/event.js?v=7.77
91.211.91.114200 OK 0 B URL HTTP/2 cdn.weatherplllatform.com/event.js?v=7.77
IP 91.211.91.114:0
ASN #206638 PE Brezhnev Daniil
GET /event.js?v=7.77 HTTP/1.1
Host: cdn.weatherplllatform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mura.com.my/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 26 Sep 2022 14:49:43 GMT
vary: Accept-Encoding
etag: W/"6331bc07-920"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2
browork3er.cc/sw/bro.js
212.129.16.248200 OK 0 B IP 212.129.16.248:0
GET /sw/bro.js HTTP/1.1
Host: browork3er.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.groundflares.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Oct 2022 20:07:36 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 08 Oct 2023 20:07:36 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2