Report - manager.principlerec.com/

Report Overview

Submitted URL
manager.principlerec.com/
IP
51.79.11.195
ASN
#16276 OVH SAS
Submitted
2022-09-09 19:02:03
Access
public
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-17T05:09:02Z	1.3 kB	3.5 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-17T05:09:04Z	758 B	2.7 kB	143.204.55.115
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-17T05:10:36Z	401 B	5.8 kB	143.204.55.35
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-17T05:10:35Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-17T08:37:51Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-17T05:10:36Z	594 B	127 B	54.149.101.24
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-17T05:09:15Z	2.1 kB	28 kB	34.120.237.76
manager.principlerec.com	unknown	2019-05-26T11:12:29Z	2023-01-10T19:03:44Z	18 kB	210 kB	51.79.11.195

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-09	medium	manager.principlerec.com/	Malware
2022-09-09	medium	manager.principlerec.com/	Malware
2022-09-09	medium	manager.principlerec.com/authentication/login	Malware
2022-09-09	medium	manager.principlerec.com/assets/css/reset.min.css?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/plugins/roboto/roboto.css?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/plugins/roboto/fonts/Regular/Roboto-Regular.woff2?v=1.1.0	Malware
2022-09-09	medium	manager.principlerec.com/assets/plugins/lightbox/js/lightbox.min.js?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/plugins/datetimepicker/jquery.datetimepicker.min.css?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/themes/perfex/css/style.min.css?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/plugins/datatables/datatables.min.css?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/plugins/Chart.js/Chart.min.js?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/plugins/bootstrap/js/bootstrap.min.js?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/css/bs-overides.min.css?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/plugins/datetimepicker/jquery.datetimepicker.full.min.js?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/builds/common.js?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/plugins/bootstrap-colorpicker/js/bootstrap-colorpicker.min.js?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/plugins/bootstrap-select/css/bootstrap-select.min.css?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3	Malware
2022-09-09	medium	manager.principlerec.com/assets/plugins/jquery/jquery.min.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	manager.principlerec.com/authentication/login	1.5 kB	2023-03-17	2023-03-17
Pretty URL manager.principlerec.com/authentication/login IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-17 11:30:36 Last Seen2023-03-17 11:30:36 Times Seen1 Hash 4631f2e9d929b5d43a4fe10d01fe2fb1 0c0ed2ea45d6a39b5332f232ddddbfd938cfef66 27b281988f53edb85c3c8d9e80a2106b9004625ada8cfea9d5e584e7cdc279ad Loading...

	manager.principlerec.com/assets/themes/perfex/js/global.min.js?v=2.9.3	2.0 kB	2023-03-07	2023-03-17
Pretty URL manager.principlerec.com/assets/themes/perfex/js/global.min.js?v=2.9.3 IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:23 Last Seen2023-03-17 11:41:01 Times Seen1 Hash 6b94e8076e3da10f3f1d3a56243ef8ab 52bbc61d9760a509008c4b88db12d04cb28969f7 2862e291e72f2d1fd906856278f7e91007ac24b3d0d8eff0aebd042397139321 Loading...

	manager.principlerec.com/assets/plugins/jquery/jquery.min.js	87 kB	2023-03-07	2024-04-24
Pretty URL manager.principlerec.com/assets/plugins/jquery/jquery.min.js IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-24 16:46:10 Times Seen263419 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	manager.principlerec.com/assets/plugins/Chart.js/Chart.min.js?v=2.9.3	149 kB	2023-03-07	2024-04-17
Pretty URL manager.principlerec.com/assets/plugins/Chart.js/Chart.min.js?v=2.9.3 IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:23 Last Seen2024-04-17 17:05:14 Times Seen118 Hash 3614a310ec3347334e61c4af9b8bddfb eaf2da3a6d6219d47f6b774376b76403a48c75fb 694c9d05ddc3de9dfee6d5495c4465a8cb6809e8fea78b5d0fe76426079158d5 Loading...

	manager.principlerec.com/assets/builds/common.js?v=2.9.3	28 kB	2023-03-07	2023-03-17
Pretty URL manager.principlerec.com/assets/builds/common.js?v=2.9.3 IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:23 Last Seen2023-03-17 11:41:01 Times Seen1 Hash cd79724ac9779573dbc0b3d6a305c61c d68cc0d42729d698c7e2688084d44a1a8e1446c2 8dd43e1a73175d149f580a49c830f733f670478cef10188e6423805d2e074261 Loading...

	manager.principlerec.com/authentication/login	3.2 kB	2023-03-07	2023-03-17
Pretty URL manager.principlerec.com/authentication/login IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:23 Last Seen2023-03-17 11:41:01 Times Seen1 Hash 655788d035ec9706648530b20dc066ae 6e389d5d46af2e0a80bb2ccafa568bce3d1e6986 7d214f75b6d9e8954ca052387aa0f6cd3dac09b4385cffbaaae4c3c764e6280b Loading...

	manager.principlerec.com/authentication/login	3.5 kB	2023-03-07	2023-03-17
Pretty URL manager.principlerec.com/authentication/login IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:23 Last Seen2023-03-17 11:41:01 Times Seen1 Hash 047799146c5d654b262b129b12cb0b39 611ace7988b53ff41e880bb085d0035718a321c8 3b66a6de16a06baf7d3dc358617a68bb0e70fb825e442dda9045c36a0f449b53 Loading...

	manager.principlerec.com/assets/plugins/jquery-validation/jquery.validate.min.js?v=2.9.3	23 kB	2023-03-07	2024-04-24
Pretty URL manager.principlerec.com/assets/plugins/jquery-validation/jquery.validate.min.js?v=2.9.3 IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:52 Last Seen2024-04-24 12:41:30 Times Seen987 Hash 93c1dd8416ac2af1850652d5b620a142 6a76e4c7db479053350580469aa010febfdcacd0 17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50 Loading...

	manager.principlerec.com/assets/plugins/bootstrap/js/bootstrap.min.js?v=2.9.3	38 kB	2023-03-07	2024-04-15
Pretty URL manager.principlerec.com/assets/plugins/bootstrap/js/bootstrap.min.js?v=2.9.3 IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-15 11:29:20 Times Seen1105 Hash 3d8308804264c5b751f6e54734c46897 369a832ef7f8a57e9b59b84b181fdb4fc9125050 909ae563eb34f7e4285a3a643ab5d7c21c5e6a80f3f455b949ac45f08d0389b4 Loading...

	manager.principlerec.com/assets/plugins/datetimepicker/jquery.datetimepicker.full.min.js?v=2.9.3	61 kB	2023-03-07	2024-03-31
Pretty URL manager.principlerec.com/assets/plugins/datetimepicker/jquery.datetimepicker.full.min.js?v=2.9.3 IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:23 Last Seen2024-03-31 01:57:51 Times Seen232 Hash 35c314918a35718241a34aa5c961221b b26498dac329ac6de813715282d5e9a45dd99be1 955c8982377903ef0b6e9f19e36caaf3d1a1d4170511f473c5fa0bf6b2e72461 Loading...

	manager.principlerec.com/assets/plugins/lightbox/js/lightbox.min.js?v=2.9.3	9.4 kB	2023-03-07	2024-04-16
Pretty URL manager.principlerec.com/assets/plugins/lightbox/js/lightbox.min.js?v=2.9.3 IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:23 Last Seen2024-04-16 01:21:14 Times Seen186 Hash d1b2d54f5f160c52d406faf162c46d94 f6c3bcf2b59da9a9d162b92feb954bca4cdb4348 f6bec31e895f7b96a81fe6d48f8144a9106adad99a21707139851915a9428d21 Loading...

	manager.principlerec.com/assets/builds/bootstrap-select.min.js?v=2.9.3	66 kB	2023-03-07	2024-03-29
Pretty URL manager.principlerec.com/assets/builds/bootstrap-select.min.js?v=2.9.3 IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:23 Last Seen2024-03-29 13:37:23 Times Seen20 Hash 5362c56962da8a823faaabb008325a46 0d47b0f14ad603c387d79bbc2cac985a20a7d65a db04ed49b4f98fc89b6d97b3e95aa626bffb2ef1527e8fc68cd9625644bc5d08 Loading...

	manager.principlerec.com/authentication/login	2.8 kB	2023-03-07	2023-03-17
Pretty URL manager.principlerec.com/authentication/login IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:23 Last Seen2023-03-17 11:41:01 Times Seen1 Hash b37a1740e82fc614d38cac2ff75087aa cc85915a24219b9f091c20290d7f95f0db047e80 2ec6d9f3f9187388f7b6e13cb021fce0fe66cd34132e9254ee05e27e70b1676e Loading...

	manager.principlerec.com/assets/plugins/bootstrap-colorpicker/js/bootstrap-colorpicker.min.js?v=2.9.3	19 kB	2023-03-07	2024-03-29
Pretty URL manager.principlerec.com/assets/plugins/bootstrap-colorpicker/js/bootstrap-colorpicker.min.js?v=2.9.3 IP 51.79.11.195 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:23 Last Seen2024-03-29 13:37:23 Times Seen50 Hash 98cee23efc1cb30afb09bd1cb0b109ed a050053dd27cc11bc71c2b73133166cd1900386d 5ae0c7a3cb8e68fdb0d6e917100a913d24f24fc388dc1b27ef94972c71155762 Loading...

HTTP Transactions (47)

URL IP Response Size

manager.principlerec.com/

51.79.11.195

301 Moved Permanently

162 B

URL HTTP/1.1
manager.principlerec.com/
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 09 Sep 2022 19:01:52 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://manager.principlerec.com/

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f55e483f32b3fd50b1a2414aaada9b61
9d6b22edb98866e002e3b1ace44dfb0f8d00935f
4b09e1d2b887ded061e4ec5f82ec70ce699eeed428acc6b4fd3ef10ed9233c89

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B09E1D2B887DED061E4EC5F82EC70CE699EEED428ACC6B4FD3EF10ED9233C89"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5461
Expires: Fri, 09 Sep 2022 20:32:53 GMT
Date: Fri, 09 Sep 2022 19:01:52 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 09 Sep 2022 18:05:55 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: OgGBVb3AOEEFF5VPgM1NBWd3q887FnR2_N1z8aZPTFMBMg67HWz-sA==
Age: 3357

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1zhFMHMQ0I1o3HaRGj1sjCK1ssnfSv0HznztXhNxZPd1rLPQCjOhdQ==
age: 54918
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 09 Sep 2022 18:56:07 GMT
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 19:45:29 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tJpeHVW_LPzkaBH5Q4EI8UDtX5A3g-JnrLXWV_p4-evsWQDNOq5Q3g==
Age: 346

manager.principlerec.com/

51.79.11.195

302 Found

0 B

URL HTTP/2
manager.principlerec.com/
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/html; charset=utf-8
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; expires=Fri, 09-Sep-2022 20:02:53 GMT; Max-Age=3660; path=/; HttpOnly
sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u; expires=Sat, 10-Sep-2022 03:01:53 GMT; Max-Age=28800; path=/; HttpOnly
location: https://manager.principlerec.com/authentication/login
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/7.4.30, PleskLin
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d0c56e0b2955a5dd7f37ba4bbf5727b4
f435bd1f6fb8ec931f1817fe4b91e6b86a7cb14b
99f7da9dca677db8e9cec5491c0d6d8a86b9c5e907907c2fdd30973c747f4282

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5347
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 19:01:53 GMT
Last-Modified: Fri, 09 Sep 2022 17:32:46 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

manager.principlerec.com/authentication/login

51.79.11.195

200 OK

5.7 kB

URL HTTP/2
manager.principlerec.com/authentication/login
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (694), with CRLF, LF line terminators
Size
5.7 kB (5667 bytes)
Hash
266f706d3a603996ddf1978b67b54ba9
9f939f05c2228ebc2c0ea933828aea41bbcc86a7
46dfb68202e98fe6d74d4eb190be471be6956e6dc590df9adb991619c6de63e4

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /authentication/login HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/html; charset=utf-8
content-length: 5667
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; expires=Fri, 09-Sep-2022 20:02:53 GMT; Max-Age=3660; path=/; HttpOnly
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/7.4.30, PleskLin
X-Firefox-Spdy: h2

manager.principlerec.com/assets/css/reset.min.css?v=2.9.3

51.79.11.195

200 OK

514 B

URL HTTP/2
manager.principlerec.com/assets/css/reset.min.css?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (971), with no line terminators
Size
514 B (514 bytes)
Hash
71d0474794c4d99e89bc360c28340869
7d4c049a698d44dd686d0e4e93421e10fad3e6dc
0003da1c9ba6f1805b8f14780c117fbdf006c59c853271cc9d9a1842d91e9f31

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/css/reset.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/css
content-length: 514
x-accel-version: 0.01
last-modified: Sun, 23 Jan 2022 12:13:04 GMT
etag: "3cb-5d63ec6223400-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.149.101.24

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.101.24:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eqHB71d8OSow13uyDmxXaQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1v9nNYHh8hS3v7X97zwv3yZbyB4=

manager.principlerec.com/assets/plugins/roboto/roboto.css?v=2.9.3

51.79.11.195

200 OK

263 B

URL HTTP/2
manager.principlerec.com/assets/plugins/roboto/roboto.css?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
263 B (263 bytes)
Hash
04879b4eb221ad7eb1a2a173375d8ad5
555e74d1ea628bcbc63b6324c76a7c7ad706896b
14d4fff1afe0ab8a656924ee94a1f8055d97f11a6ca0033c2a222508528664ca

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/plugins/roboto/roboto.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/css
content-length: 263
x-accel-version: 0.01
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "3de-5d63ec7ebf780-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
X-Firefox-Spdy: h2

manager.principlerec.com/modules/si_custom_theme/assets/css/si_custom_theme_style_client.css

51.79.11.195

200 OK

256 B

URL HTTP/2
manager.principlerec.com/modules/si_custom_theme/assets/css/si_custom_theme_style_client.css
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
ASCII text, with CRLF line terminators
Size
256 B (256 bytes)
Hash
e78f90ceceaa16dfa97cfdab875d794a
437ed9709be6ff867be15219145d6afb92605ec0
2a1d866091103a74889174e59bf130eb5df5ec9c8b97ce3497e291b17b71ae07

HTTP Headers

GET /modules/si_custom_theme/assets/css/si_custom_theme_style_client.css HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/css
content-length: 256
x-accel-version: 0.01
last-modified: Thu, 03 Feb 2022 05:03:43 GMT
etag: "1ed-5d7160eed9239-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
X-Firefox-Spdy: h2

manager.principlerec.com/uploads/company/3d2f366f5c179c305aa1858670181546.png

51.79.11.195

200 OK

2.8 kB

URL HTTP/2
manager.principlerec.com/uploads/company/3d2f366f5c179c305aa1858670181546.png
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
PNG image data, 300 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
2.8 kB (2834 bytes)
Hash
5c25b4d0f9147abe0da70594276cfb72
239252dda90ee8ec10a0f487c264ea86e993d93c
2722b35637f92ef89b74218bde04c1435453fe28b16fa3e018ed24a2ddf62e7a

HTTP Headers

GET /uploads/company/3d2f366f5c179c305aa1858670181546.png HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: image/png
content-length: 2834
last-modified: Thu, 03 Feb 2022 04:57:51 GMT
etag: "61fb60cf-b12"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/roboto/fonts/Regular/Roboto-Regular.woff2?v=1.1.0

51.79.11.195

200 OK

63 kB

URL HTTP/2
manager.principlerec.com/assets/plugins/roboto/fonts/Regular/Roboto-Regular.woff2?v=1.1.0
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
Web Open Font Format (Version 2), TrueType, length 63412, version 2.0\012- data
Size
63 kB (63412 bytes)
Hash
bde1ca6a5d7cefc8108c75fdaad29ed6
1e042848a06b43a9369952c636bca41f95cfc316
cc7b26ac53700f78f8a452be6d14f14943e88dceb14edf64cddceba6e66f3f5e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/plugins/roboto/fonts/Regular/Roboto-Regular.woff2?v=1.1.0 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://manager.principlerec.com/assets/plugins/roboto/roboto.css?v=2.9.3
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:54 GMT
content-type: font/woff2
content-length: 63412
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "61ed466e-f7b4"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

manager.principlerec.com/uploads/company/favicon.png

51.79.11.195

200 OK

1.9 kB

URL HTTP/2
manager.principlerec.com/uploads/company/favicon.png
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
1.9 kB (1866 bytes)
Hash
c2207f41b6eeaceb6644e620e9fc1c72
118ad2f09337d01c630da2edc441861ac91eb3d0
800440321c485ba430c39e9717b8e2d6bba62c636c34dbc6b1433e0195fe443f

HTTP Headers

GET /uploads/company/favicon.png HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:54 GMT
content-type: image/png
content-length: 1866
last-modified: Thu, 03 Feb 2022 04:57:51 GMT
etag: "61fb60cf-74a"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/lightbox/images/prev.png

51.79.11.195

200 OK

1.4 kB

URL HTTP/2
manager.principlerec.com/assets/plugins/lightbox/images/prev.png
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
PNG image data, 50 x 45, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1360 bytes)
Hash
84b76dee6b27b795e89e3649078a11c2
6640a3432f7ba7aea6129cdf7a5d3eabd47c295c
7fd9273f20fdb1229c224341271a119020a5eee74ccf6b4605730917c864caf2

HTTP Headers

GET /assets/plugins/lightbox/images/prev.png HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:54 GMT
content-type: image/png
content-length: 1360
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "61ed466e-550"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/lightbox/images/next.png

51.79.11.195

200 OK

1.4 kB

URL HTTP/2
manager.principlerec.com/assets/plugins/lightbox/images/next.png
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
PNG image data, 50 x 45, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1350 bytes)
Hash
31f15875975aab69085470aabbfec802
777e92c050f600b4519299c3d786b8f2f459fea4
15b869b02c6fbaa8c6c26445a2dd2d9bad80fd27b1409f8179e5dd89dc89d90a

HTTP Headers

GET /assets/plugins/lightbox/images/next.png HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:54 GMT
content-type: image/png
content-length: 1350
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "61ed466e-546"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/lightbox/images/loading.gif

51.79.11.195

200 OK

8.5 kB

URL HTTP/2
manager.principlerec.com/assets/plugins/lightbox/images/loading.gif
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
GIF image data, version 89a, 32 x 32\012- data
Size
8.5 kB (8476 bytes)
Hash
2299ad0b3f63413f026dfec20c205b8f
cf720b50cf8dde0e1a84ce1c6a77788bfc5882d5
225aa88b6ab02c06222ec9468d62e15fa188e39cdb9431d1f55401ad380753ed

HTTP Headers

GET /assets/plugins/lightbox/images/loading.gif HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:54 GMT
content-type: image/gif
content-length: 8476
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "61ed466e-211c"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/lightbox/js/lightbox.min.js?v=2.9.3

51.79.11.195

200 OK

66 kB

URL HTTP/2
manager.principlerec.com/assets/plugins/lightbox/js/lightbox.min.js?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (9089)
Size
66 kB (66496 bytes)
Hash
d7836aff45cb44b129422ea3f66206b7
6cde4269a8a1c0d4a3341b37936b9c374b925c04
73f07a74945a2f8722b0f57d92a22db06b13dc88182e0bbd707cc2bf33e3dc9a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/plugins/lightbox/js/lightbox.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: W/"61ed466e-249c"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/lightbox/images/close.png

51.79.11.195

200 OK

280 B

URL HTTP/2
manager.principlerec.com/assets/plugins/lightbox/images/close.png
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
PNG image data, 27 x 27, 8-bit colormap, non-interlaced\012- data
Size
280 B (280 bytes)
Hash
d9d2d0b1308cb694aa8116915592e2a9
3ca48361cfe0e41163023d03c26296f375bb3eac
5d62e6c90005bfb71f6abb440f9e4753681cb23bbd5e60477ab6f442d2f0e69c

HTTP Headers

GET /assets/plugins/lightbox/images/close.png HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:54 GMT
content-type: image/png
content-length: 280
x-accel-version: 0.01
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "118-5d63ec7ebf780"
accept-ranges: bytes
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4863
Expires: Fri, 09 Sep 2022 20:22:57 GMT
Date: Fri, 09 Sep 2022 19:01:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4863
Expires: Fri, 09 Sep 2022 20:22:57 GMT
Date: Fri, 09 Sep 2022 19:01:54 GMT
Connection: keep-alive

manager.principlerec.com/assets/plugins/datetimepicker/jquery.datetimepicker.min.css?v=2.9.3

51.79.11.195

200 OK

4.7 kB

URL HTTP/2
manager.principlerec.com/assets/plugins/datetimepicker/jquery.datetimepicker.min.css?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (16502)
Size
4.7 kB (4673 bytes)
Hash
ee2c294d002cda77ee2ad5e4305499c2
d0a69464a43ea78b8858572d60708bbae1e895d4
aea216cf3801b6974ee22b9fa5e6b5a72a1eebc6638cab6b6a8b9d16f860b0b1

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/plugins/datetimepicker/jquery.datetimepicker.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:12 GMT
etag: W/"61ed4658-4077"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4863
Expires: Fri, 09 Sep 2022 20:22:57 GMT
Date: Fri, 09 Sep 2022 19:01:54 GMT
Connection: keep-alive

manager.principlerec.com/assets/themes/perfex/css/style.min.css?v=2.9.3

51.79.11.195

200 OK

8.7 kB

URL HTTP/2
manager.principlerec.com/assets/themes/perfex/css/style.min.css?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (39843), with no line terminators
Size
8.7 kB (8660 bytes)
Hash
f9310e7589034851eb6787e6c6394c27
f7afd60288deeb2e524495eaefc7224cbce61f4a
dcd95a548e557eb0946b266c364d60915611ddbb3aaff9fb41f4ed8160723fe7

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/themes/perfex/css/style.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:48 GMT
etag: W/"61ed467c-9ba3"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg

34.120.237.76

200 OK

3.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.1 kB (3125 bytes)
Hash
0078c7a407144a1ede33aef6f734eecf
113393e0dbabb3aff949d19ab6517ba1082b622d
42afcaf15e45dfa9aff14f59f69d60a3de127005e35783d2d35a4cfa652b57b3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3125
x-amzn-requestid: 5820e798-6469-40f9-8d70-ee71f1a163b9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLM5GGQAoAMF8eQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ac1d3-3a0e9db848ea7ab145f1cffa;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 04:32:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: eZaKpjBYe3Qn7vs3zF52Cxob-xu3LMFs8esQAu6Lp6bzM0aOEHoXVg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1352c0a623ff0601dd16439f3f225f70.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 04:32:20 GMT
etag: "113393e0dbabb3aff949d19ab6517ba1082b622d"
content-type: image/jpeg
age: 52174
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4532 bytes)
Hash
a5fdeb374d4e3669ce5d9ff2cd22cd19
70ede5692526afd351d134a391383461dafdc64f
10c5d8e41aae1a36525a45375966b5067333f0c7edc176a540fd6527ebe1ad8c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4532
x-amzn-requestid: e5694699-7f38-4542-8808-54bda7ee7d86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIMmGGUmIAMF2cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63198e26-1aa6788e24fcfdf0008bee21;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 06:39:34 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zdVUahmbPQ7sQMlg14M89JOwjN2PEM03GNLYEwxPjcaioRpyqb8isA==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:26:32 GMT
age: 74122
etag: "70ede5692526afd351d134a391383461dafdc64f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9009587-828b-4a7a-8b84-f28d4b93cdef.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7515 bytes)
Hash
60fa03262bb3728f24a4c7a8177ec788
09dcbdc6043f01dd56920cca3ce3920d0d07b795
e7448f186933f9848f1d55f0e8dba593918846d02fb9cc3a7cd86d69b96a7fde

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9009587-828b-4a7a-8b84-f28d4b93cdef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7515
x-amzn-requestid: eaf81b32-3b53-4e89-a9d0-943bc9f9982f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X0j0QFhxoAMF-Mw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6311b34e-114287d30092033a2b54ec01;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 07:39:58 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: _mlXN3nJ7ZPcUDWIqqiv2CB6dkSJ2Y-AZIXNs4xOj18ZX6DYMdhXAA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 ece5d4a731ece5ff46c564ab2b946ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:46:19 GMT
age: 76535
etag: "09dcbdc6043f01dd56920cca3ce3920d0d07b795"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/bootstrap/css/bootstrap.min.css?v=2.9.3

51.79.11.195

200 OK

27 kB

URL HTTP/2
manager.principlerec.com/assets/plugins/bootstrap/css/bootstrap.min.css?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (65369)
Size
27 kB (26913 bytes)
Hash
16fbf80ea4f89714b4cead6f4897ccad
cf764b09c4d2f2a596c8510e64025bfcdf8dc929
ec8d036ca43c878edcefcc0b51ad0de9997b76e9d41b0e9214aaf68add4b80a6

HTTP Headers

GET /assets/plugins/bootstrap/css/bootstrap.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:06 GMT
etag: W/"61ed4652-1da71"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9258cc3-ebbf-4d4c-85d1-6bc185623583.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8354 bytes)
Hash
7afe346e3b24ea4388913b449d1ffc42
f5348ba99fb8966dded580409108316f4e4e1237
1d1cafc3e99c20b23212679838567d4d5fc98c45cf902188e44b25ff2982c8ad

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9258cc3-ebbf-4d4c-85d1-6bc185623583.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8354
x-amzn-requestid: 55971de2-bf63-4300-9007-1bc234962d0e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKRKXFGTIAMFp3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a6242-23914ec672a0a898498bbed6;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:44:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: lxqcvxSdM4FBQBZTNnhCrpl02fsnInyii7Yaw7fs4STzEd2fZIuuXA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 a8e5d5aeee6eacca5c379e5059b1f68c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:45:36 GMT
etag: "f5348ba99fb8966dded580409108316f4e4e1237"
content-type: image/jpeg
age: 76578
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/datatables/datatables.min.css?v=2.9.3

51.79.11.195

200 OK

5.7 kB

URL HTTP/2
manager.principlerec.com/assets/plugins/datatables/datatables.min.css?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (4327)
Size
5.7 kB (5725 bytes)
Hash
a7dd36576e04596fcf20a3520bb8d33c
a8c314e11e45386d51a9b373efe83848a6d8d3e5
f137ecf20d709c9ae0ccfa164c2599fad280f2595c7928f908bcd90d1a48b382

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/plugins/datatables/datatables.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:12 GMT
etag: W/"61ed4658-2000"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/Chart.js/Chart.min.js?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/plugins/Chart.js/Chart.min.js?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/plugins/Chart.js/Chart.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:10 GMT
etag: W/"61ed4656-244cb"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/bootstrap/js/bootstrap.min.js?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/plugins/bootstrap/js/bootstrap.min.js?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/plugins/bootstrap/js/bootstrap.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:06 GMT
etag: W/"61ed4652-92e8"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/themes/perfex/js/global.min.js?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/themes/perfex/js/global.min.js?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/themes/perfex/js/global.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:48 GMT
etag: W/"61ed467c-7c6"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/datatables/datatables.min.js?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/plugins/datatables/datatables.min.js?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/plugins/datatables/datatables.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:12 GMT
etag: W/"61ed4658-1f71f1"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/bootstrap-colorpicker/css/bootstrap-colorpicker.min.css?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/plugins/bootstrap-colorpicker/css/bootstrap-colorpicker.min.css?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/plugins/bootstrap-colorpicker/css/bootstrap-colorpicker.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:06 GMT
etag: W/"61ed4652-f9d"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/css/bs-overides.min.css?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/css/bs-overides.min.css?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/css/bs-overides.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:04 GMT
etag: W/"61ed4650-2a60"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/datetimepicker/jquery.datetimepicker.full.min.js?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/plugins/datetimepicker/jquery.datetimepicker.full.min.js?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/plugins/datetimepicker/jquery.datetimepicker.full.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:12 GMT
etag: W/"61ed4658-ee46"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/builds/common.js?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/builds/common.js?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/builds/common.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:04 GMT
etag: W/"61ed4650-6c3d"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/bootstrap-colorpicker/js/bootstrap-colorpicker.min.js?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/plugins/bootstrap-colorpicker/js/bootstrap-colorpicker.min.js?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/plugins/bootstrap-colorpicker/js/bootstrap-colorpicker.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:06 GMT
etag: W/"61ed4652-4914"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/font-awesome/css/font-awesome.min.css?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/plugins/font-awesome/css/font-awesome.min.css?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/plugins/font-awesome/css/font-awesome.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:22 GMT
etag: W/"61ed4662-7918"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/builds/bootstrap-select.min.js?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/builds/bootstrap-select.min.js?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/builds/bootstrap-select.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:04 GMT
etag: W/"61ed4650-10339"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/jquery-validation/jquery.validate.min.js?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/plugins/jquery-validation/jquery.validate.min.js?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/plugins/jquery-validation/jquery.validate.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:30 GMT
etag: W/"61ed466a-5add"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/bootstrap-select/css/bootstrap-select.min.css?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/plugins/bootstrap-select/css/bootstrap-select.min.css?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/plugins/bootstrap-select/css/bootstrap-select.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:06 GMT
etag: W/"61ed4652-2b6b"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: W/"61ed466e-b1e"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

manager.principlerec.com/assets/plugins/jquery/jquery.min.js

51.79.11.195

200 OK

0 B

URL HTTP/2
manager.principlerec.com/assets/plugins/jquery/jquery.min.js
IP
51.79.11.195:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/plugins/jquery/jquery.min.js HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=a404e66cfe9426a36d3b12071fab5434; sp_session=giu65p3bbq80h6a8tc9emrce65ibvd5u
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 19:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:28 GMT
etag: W/"61ed4668-152b5"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations