r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3194
Expires: Thu, 01 Dec 2022 12:51:36 GMT
Date: Thu, 01 Dec 2022 11:58:22 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1587
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:58:22 GMT
Last-Modified: Thu, 01 Dec 2022 11:31:55 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6171
Expires: Thu, 01 Dec 2022 13:41:13 GMT
Date: Thu, 01 Dec 2022 11:58:22 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 11:19:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2316
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: w4FMxMYiu3BUF3zEMDoVJaSUyuWGAcwh3b2HF0CBppaXBb2fTTqKEDHnLGW/8qWf4SzffeHEETA=
x-amz-request-id: GET6XMMA5XMJWVRK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 11:45:39 GMT
age: 763
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 11:58:22 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 11:08:56 GMT
cache-control: public,max-age=3600
age: 2966
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
riversideconcrete.co.nz/
103.42.110.9301 Moved Permanently 707 B IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Thu, 01 Dec 2022 11:58:22 GMT
server: LiteSpeed
location: https://www.riversideconcrete.co.nz/
cache-control: public
x-content-type-options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1570
Cache-Control: max-age=164077
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:58:22 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:32:59 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.242.41.15101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.242.41.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +D7/BFsBgeS+8ZsfjOr76A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ODTwAOjUeSTOfRzZWKTEDKW0fHU=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5621
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 11:58:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5621
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 11:58:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5621
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 11:58:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5621
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 11:58:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: 4823cf63-98eb-40d3-bb8b-e09cd2262f36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7SqHjYIAMF8xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c10-316b213c33ce9bc2355c0900;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tK4wl-g5kcUhVFE3iZGILhZhZSsaMzQD9JTBHj1JXV95yXs_e3gMGw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 13:21:34 GMT
age: 81410
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 9d34c42b-ba0c-498f-8f99-d4ab527ffa89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbzMdHXNIAMFgaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cbe9-376846f31dc9b995797cbd18;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:32:25 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DngCuOTO9fQAwWe_ip6EtBcgruigZN6Bl1_v5BHM2dsWlhqCXCL3gg==
via: 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:33 GMT
age: 51171
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qftF-GQkcjKTs30KMGCTDymw2SVSXeAYKGNWUnaMfvIb8HjtfHUx8A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:44:47 GMT
age: 51217
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CJiSRzIK7-rQE81gaP2We0LhgKX1YmuJKEGYEqW34Bm1KMx6NB8yhQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 04:29:19 GMT
age: 26945
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash acffcb88ce68b2d70c9c046a7b5a4aa8
cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1
692d782ac1d812de6dadbcfe46034b6b5d8bbd586e56beedd96dc4d65445dd4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12035
x-amzn-requestid: eef7d417-c6ca-4e3f-ac00-1425f3d5c4a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0TSGHDIAMF_jA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdae-467c79a805dfb5622687f628;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:39:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: haFJ2LZecbT4HRbkvcaZxR4SAIx5cGxNyghKiDOJVX6xDkPwzc2wNQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:34 GMT
age: 51170
etag: "cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gsn5uUFEzDZDOMPTvW9UQxtccvRfJKUM4eJ8U99jvUGzNIKkF9SzeA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:20 GMT
age: 50944
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/images/yootheme/logo-inverted.svg
103.42.110.9200 OK 1.2 kB URL HTTP/2 www.riversideconcrete.co.nz/images/yootheme/logo-inverted.svg
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2257)
Hash 04f6197bc22a3a94a949470a139636e4
9a5017e25a6d6f6c06cc3ccc7ef0a32a077926eb
b5f35e0dcb1b839c0c92d215a7768d4f583540be5a03c3b82ac1b77b832f0f67
Analyzer Verdict Alert fortinet Malware
GET /images/yootheme/logo-inverted.svg HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:24 GMT
content-type: image/svg+xml
last-modified: Mon, 30 May 2022 23:03:28 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1237
date: Thu, 01 Dec 2022 11:58:24 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:58:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-14HME41C01
142.250.74.168200 OK 78 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-14HME41C01
IP 142.250.74.168:0
File type ASCII text, with very long lines (22462)
Hash 314785fae4533ae715cfe975ef878257
5fbaa89cd43d77b4dffab5686262e605f37050ce
ea254d5fbe9210f433f05d4f833ac3b62f50d0cba2863b14a1453e4be90b6b51
GET /gtag/js?id=G-14HME41C01 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 11:58:24 GMT
expires: Thu, 01 Dec 2022 11:58:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77746
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 11:58:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.riversideconcrete.co.nz/templates/yootheme/cache/ca/design-planning-concrete-cafa15f3.jpeg
103.42.110.9200 OK 51 kB URL HTTP/2 www.riversideconcrete.co.nz/templates/yootheme/cache/ca/design-planning-concrete-cafa15f3.jpeg
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 960x695, components 3\012- data
Hash 193830085c6aee3cb9199fd6f13527e8
0d8504fe18c4e22da49bde63e6147649f3c69535
7794722eca996785a211854124c3f5e2db0ad4e365311c4d79455edeb1a80445
Analyzer Verdict Alert fortinet Malware
GET /templates/yootheme/cache/ca/design-planning-concrete-cafa15f3.jpeg HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:24 GMT
content-type: image/jpeg
last-modified: Mon, 28 Nov 2022 18:57:04 GMT
accept-ranges: bytes
content-length: 50669
date: Thu, 01 Dec 2022 11:58:24 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/templates/yootheme/css/theme.9.css?1669662631
103.42.110.9200 OK 46 kB URL HTTP/2 www.riversideconcrete.co.nz/templates/yootheme/css/theme.9.css?1669662631
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type ASCII text, with very long lines (64551)
Hash 9503e89f28a6e2a98b3f4f7e682b57df
6e9a1b81dda87ee0405dfe656d48786c4a9de6f1
413a5d846aeb982be32e5eaa6c3587088dfabac17dedbdb8a0f70d2a1c62eb53
GET /templates/yootheme/css/theme.9.css?1669662631 HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:24 GMT
content-type: text/css
last-modified: Mon, 28 Nov 2022 19:10:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 45867
date: Thu, 01 Dec 2022 11:58:24 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/
103.42.110.9200 OK 12 kB URL HTTP/2 www.riversideconcrete.co.nz/
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2270)
Hash f51431ced5a8755fa0ce1217a9e68c39
07d8ae1f75e59306bd5b0be936c954138f3d8478
c7c7ad7a6faba66656780efa2001cdc7a75b13813ece09861d498a640642debb
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
link: </images/yootheme/logo-inverted.svg>; rel=preload; as=image,</templates/yootheme/cache/70/concrete-driveways-703c5e96.jpeg>; rel=preload; as=image,</templates/yootheme/cache/ca/design-planning-concrete-cafa15f3.jpeg>; rel=preload; as=image,</templates/yootheme/cache/d3/concrete-earthworks-demolition-d31d91ba.jpeg>; rel=preload; as=image,</templates/yootheme/cache/00/logo-riverside-00091f56.png>; rel=preload; as=image
content-type: text/html; charset=utf-8
expires: Wed, 17 Aug 2005 00:00:00 GMT
last-modified: Thu, 01 Dec 2022 11:58:24 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,public
pragma: no-cache
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 11:58:24 GMT
server: LiteSpeed
x-content-type-options: nosniff
set-cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; path=/; HttpOnly; secure
ls_smartpush=1f; path=/; expires=Mon, 30 Jan 2023 11:58:24 GMT; secure; SameSite=Strict
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/templates/yootheme/cache/70/concrete-driveways-703c5e96.jpeg
103.42.110.9200 OK 129 kB URL HTTP/2 www.riversideconcrete.co.nz/templates/yootheme/cache/70/concrete-driveways-703c5e96.jpeg
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 960x695, components 3\012- data
Size 129 kB (129095 bytes)
Hash 7889d80ef1acb6d775c54a5d10b4d053
ae6ef0275ac64bfa5606ad7ec030512d75703a93
01624f87c7c50fe9daa0c865b74dd7156548e0f2cac485c365a35053d8f42c3f
Analyzer Verdict Alert fortinet Malware
GET /templates/yootheme/cache/70/concrete-driveways-703c5e96.jpeg HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:24 GMT
content-type: image/jpeg
last-modified: Mon, 28 Nov 2022 18:57:04 GMT
accept-ranges: bytes
content-length: 129095
date: Thu, 01 Dec 2022 11:58:24 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/media/jui/js/jquery-migrate.min.js?62a2be63e4263d1230f5655ac7acbb42
103.42.110.9200 OK 3.8 kB URL HTTP/2 www.riversideconcrete.co.nz/media/jui/js/jquery-migrate.min.js?62a2be63e4263d1230f5655ac7acbb42
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type ASCII text, with very long lines (9959)
Hash 7c4522c04f6ad8cc5ba9d83d27a652c9
9b3058c58d6f0f3bcf204d57d5e38fc3ef507b8f
186df88869ab6951e2647db3b07fc025857cdab144cd7367513944d1d2f0f26c
GET /media/jui/js/jquery-migrate.min.js?62a2be63e4263d1230f5655ac7acbb42 HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:25 GMT
content-type: application/javascript
last-modified: Sun, 14 Aug 2022 05:21:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 3823
date: Thu, 01 Dec 2022 11:58:25 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/media/com_jchoptimize/cache/js/64c159773c97f644058885b37336eca8e4555fb9988be61f335d0f278cd10b8c.js
103.42.110.9200 OK 4.7 kB URL HTTP/2 www.riversideconcrete.co.nz/media/com_jchoptimize/cache/js/64c159773c97f644058885b37336eca8e4555fb9988be61f335d0f278cd10b8c.js
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type ASCII text, with very long lines (8197)
Hash d1ba5326aa14d80ae1b8483d4d1fcacc
6855c66ce738e395606df04749ea456447434a47
49271eeb65d37cbf7844df9f61ddd9bcab55ee5e2077295d8136a157356ac801
Analyzer Verdict Alert fortinet Malware
GET /media/com_jchoptimize/cache/js/64c159773c97f644058885b37336eca8e4555fb9988be61f335d0f278cd10b8c.js HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:25 GMT
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 14:22:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 4651
date: Thu, 01 Dec 2022 11:58:25 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/templates/yootheme/vendor/yootheme/theme-analytics/app/analytics.min.js?3.0.14
103.42.110.9200 OK 286 B URL HTTP/2 www.riversideconcrete.co.nz/templates/yootheme/vendor/yootheme/theme-analytics/app/analytics.min.js?3.0.14
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type ASCII text, with very long lines (470)
Hash fa1790b36d58be2d56643f7ec622e59d
01d7a70feaa971c9edd2ac605439d5c698336e25
a90197e49cb2c1d00835e01ab61d83d2b6299c82bd5e437a23ed66f6613f26d8
Analyzer Verdict Alert fortinet Malware
GET /templates/yootheme/vendor/yootheme/theme-analytics/app/analytics.min.js?3.0.14 HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:25 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 18:54:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 286
date: Thu, 01 Dec 2022 11:58:25 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/templates/yootheme/js/theme.js?3.0.14
103.42.110.9200 OK 1.4 kB URL HTTP/2 www.riversideconcrete.co.nz/templates/yootheme/js/theme.js?3.0.14
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type ASCII text, with very long lines (2329)
Hash e5aa22bc2cc372a6216ed67742cabc79
3c372c449dd92c43eb74afdc542931d4ce6afdc3
f16731734d2d97416f18d72b3a4efc1fd0aa7e6ede5c88a56bd641d4adbc85a7
Analyzer Verdict Alert fortinet Malware
GET /templates/yootheme/js/theme.js?3.0.14 HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:25 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 18:54:13 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1369
date: Thu, 01 Dec 2022 11:58:25 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/media/jui/js/jquery-noconflict.js?62a2be63e4263d1230f5655ac7acbb42
103.42.110.9200 OK 21 B URL HTTP/2 www.riversideconcrete.co.nz/media/jui/js/jquery-noconflict.js?62a2be63e4263d1230f5655ac7acbb42
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
Hash e2060c4e5e5955c824723b13a212d3ec
18420ce484978f8ba3d7371febf1638828bb7a67
5b6cf4e6eda02f7c90b60b3c32413c0851915f8f80a268a913b92929085132a6
Analyzer Verdict Alert fortinet Malware
GET /media/jui/js/jquery-noconflict.js?62a2be63e4263d1230f5655ac7acbb42 HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:25 GMT
content-type: application/javascript
last-modified: Sun, 14 Aug 2022 05:21:56 GMT
accept-ranges: bytes
content-length: 21
date: Thu, 01 Dec 2022 11:58:25 GMT
server: LiteSpeed
x-content-type-options: nosniff
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/templates/yootheme/cache/a6/logo-riverside-mobile-a60ca28d.webp
103.42.110.9200 OK 1.8 kB URL HTTP/2 www.riversideconcrete.co.nz/templates/yootheme/cache/a6/logo-riverside-mobile-a60ca28d.webp
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type RIFF (little-endian) data, Web/P image\012- data
Hash 098bb0c37c0ede5a3e6c1b4038546321
668ab5b8b2cdc10fcb3e9f97912a0b5f54e32182
3f846e612b1191f5e207c29fdcbd4fac5b6c02c94a0f5a781ce59cbf4f95c72a
Analyzer Verdict Alert fortinet Malware
GET /templates/yootheme/cache/a6/logo-riverside-mobile-a60ca28d.webp HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:25 GMT
content-type: image/webp
last-modified: Mon, 28 Nov 2022 18:57:04 GMT
accept-ranges: bytes
content-length: 1788
date: Thu, 01 Dec 2022 11:58:25 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/templates/yootheme/cache/b8/logo-riverside-b836e971.webp
103.42.110.9200 OK 2.9 kB URL HTTP/2 www.riversideconcrete.co.nz/templates/yootheme/cache/b8/logo-riverside-b836e971.webp
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7b29e93812774a1a9e6e84bc368bb402
890744f9581f89c624242f82ce448cc8d781caec
797696b35156ab467509ed37797fd3a253728f251b54e1e94e6f4cfba4a8f1d3
Analyzer Verdict Alert fortinet Malware
GET /templates/yootheme/cache/b8/logo-riverside-b836e971.webp HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:25 GMT
content-type: image/webp
last-modified: Mon, 28 Nov 2022 18:57:04 GMT
accept-ranges: bytes
content-length: 2866
date: Thu, 01 Dec 2022 11:58:25 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/media/jui/js/jquery.min.js?62a2be63e4263d1230f5655ac7acbb42
103.42.110.9200 OK 33 kB URL HTTP/2 www.riversideconcrete.co.nz/media/jui/js/jquery.min.js?62a2be63e4263d1230f5655ac7acbb42
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type ASCII text, with very long lines (65462)
Hash 26b55cd30f96f1b41c0c2bda738f8739
9d50e0b677c5c9e445598ebc007ec7d73f8bb39a
5da5b99b4f3abc5a36096242a2643011ca88a0c942df7c6ead1dbd1037a1450e
Analyzer Verdict Alert fortinet Malware
GET /media/jui/js/jquery.min.js?62a2be63e4263d1230f5655ac7acbb42 HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:25 GMT
content-type: application/javascript
last-modified: Sun, 14 Aug 2022 05:21:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 33158
date: Thu, 01 Dec 2022 11:58:25 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/templates/yootheme/vendor/assets/uikit/dist/js/uikit-icons-fuse.min.js?3.0.14
103.42.110.9200 OK 18 kB URL HTTP/2 www.riversideconcrete.co.nz/templates/yootheme/vendor/assets/uikit/dist/js/uikit-icons-fuse.min.js?3.0.14
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1ac5ba0b25ad1fcdebf2fb19881b2d65
1216ab3a765659b083cfa2cd6d1010b21b096f45
419cdeaae481fdd4ed50e79873d61fd856e0583a69479c25ea8a851605ad83c9
GET /templates/yootheme/vendor/assets/uikit/dist/js/uikit-icons-fuse.min.js?3.0.14 HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:25 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 18:54:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 17870
date: Thu, 01 Dec 2022 11:58:25 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/templates/yootheme/vendor/assets/uikit/dist/js/uikit.min.js?3.0.14
103.42.110.9200 OK 44 kB URL HTTP/2 www.riversideconcrete.co.nz/templates/yootheme/vendor/assets/uikit/dist/js/uikit.min.js?3.0.14
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type ASCII text, with very long lines (65536), with no line terminators
Hash a8fa15dd8b5c2245a150cf60862dab60
85d81b3e85473ba3eb963ad093b779557222de95
05a84fe431e08e65bf79ef4235ea8b468ab9e162136b1853e4bbc552944fb73c
Analyzer Verdict Alert fortinet Malware
GET /templates/yootheme/vendor/assets/uikit/dist/js/uikit.min.js?3.0.14 HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:25 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 18:54:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 44319
date: Thu, 01 Dec 2022 11:58:25 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.riversideconcrete.co.nz/templates/yootheme/cache/d3/concrete-earthworks-demolition-d31d91ba.jpeg
103.42.110.9200 OK 157 kB URL HTTP/2 www.riversideconcrete.co.nz/templates/yootheme/cache/d3/concrete-earthworks-demolition-d31d91ba.jpeg
IP 103.42.110.9:0
ASN #45638 SYNERGY WHOLESALE PTY LTD
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 960x695, components 3\012- data
Size 157 kB (157224 bytes)
Hash f4b2d43e128d60259f1e17cbf47446dd
d46623422921f19c16127ddf08140973531c64ea
b365028dfd8d389ee75644a3a21d29593eea6c0f7909072824f6be5a7a36ee3f
Analyzer Verdict Alert fortinet Malware
GET /templates/yootheme/cache/d3/concrete-earthworks-demolition-d31d91ba.jpeg HTTP/1.1
Host: www.riversideconcrete.co.nz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Cookie: 7a16ae1be47c28a93d037ac2fb66f281=bc0c3f6481b1627be61d9f5fee304e6d; ls_smartpush=1f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Fri, 01 Dec 2023 11:58:24 GMT
content-type: image/jpeg
last-modified: Mon, 28 Nov 2022 18:57:04 GMT
accept-ranges: bytes
content-length: 157224
date: Thu, 01 Dec 2022 11:58:24 GMT
server: LiteSpeed
x-content-type-options: nosniff
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-14HME41C01>m=2oebs0&_p=1052068746&cid=1433514346.1669895904&ul=en-us&sr=1280x1024&_s=1&sid=1669895904&sct=1&seg=0&dl=https%3A%2F%2Fwww.riversideconcrete.co.nz%2F&dt=House%20Repiling%20%26%20Concreting%20Tasman&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-14HME41C01>m=2oebs0&_p=1052068746&cid=1433514346.1669895904&ul=en-us&sr=1280x1024&_s=1&sid=1669895904&sct=1&seg=0&dl=https%3A%2F%2Fwww.riversideconcrete.co.nz%2F&dt=House%20Repiling%20%26%20Concreting%20Tasman&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-14HME41C01>m=2oebs0&_p=1052068746&cid=1433514346.1669895904&ul=en-us&sr=1280x1024&_s=1&sid=1669895904&sct=1&seg=0&dl=https%3A%2F%2Fwww.riversideconcrete.co.nz%2F&dt=House%20Repiling%20%26%20Concreting%20Tasman&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.riversideconcrete.co.nz
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.riversideconcrete.co.nz
date: Thu, 01 Dec 2022 11:58:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
216.239.34.178200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.239.34.178:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.riversideconcrete.co.nz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 01 Dec 2022 10:41:08 GMT
expires: Thu, 01 Dec 2022 12:41:08 GMT
cache-control: public, max-age=7200
age: 4638
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: 52b09ca3-705b-4c86-9f56-172637553f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7TVG58oAMFQTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c15-4577a47243ad190672f8ac89;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Y0-NAp2LMMG5TjQQ9ENHwDyKXLObKTYqzPPOWvZhs7Y9WJIC6LoblQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 13:29:35 GMT
age: 80936
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2