firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 13:15:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9d6Kg2ZQ_xcqGobk58JfQdWTYFRfR4YmaYAE2P3SXVlr1YJ1HL-TRQ==
Age: 733
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 28 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 21IEr-Nvb15ReO4ylaPCfA5A5j0zgCoykjcgs-k4YWyP8gxMDesRcA==
age: 28766
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7438
Expires: Wed, 28 Sep 2022 15:31:50 GMT
Date: Wed, 28 Sep 2022 13:27:52 GMT
Connection: keep-alive
tcaiqah79krq.karlthehandyman.com/?=mfedors@slurpmail.net
50.87.147.128200 OK 2.3 kB URL HTTP/1.1 tcaiqah79krq.karlthehandyman.com/?=mfedors@slurpmail.net
IP 50.87.147.128:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 75c9f80684c360c2a771e05c61893ae6
6eaef760b7d564a9d35789964f0127c7627a4b48
d881c94b3942a6973f4e6de36122fa64a96b8fd547beea2292dab3fda48e0ef5
Analyzer Verdict Alert fortinet Phishing
GET /?=mfedors@slurpmail.net HTTP/1.1
Host: tcaiqah79krq.karlthehandyman.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 13:27:52 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2265
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 13:27:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Wed, 28 Sep 2022 12:29:33 GMT
Expires: Wed, 28 Sep 2022 13:04:06 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: d7bBsqx3wZTcAvPWtmVQooRkPiLnh-dHDGTUsr-JrmmuKhDy5h5yjQ==
Age: 3499
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 840d86b3626e611da3c4d96f9f00cea2
5ea3585058abef77421f1848ff464f9debdacf3f
203b52e785523250901b71815ec28e97b6ee21426bdac9cb148288c4a6c4e5c8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "203B52E785523250901B71815EC28E97B6EE21426BDAC9CB148288C4A6C4E5C8"
Last-Modified: Wed, 28 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7663
Expires: Wed, 28 Sep 2022 15:35:35 GMT
Date: Wed, 28 Sep 2022 13:27:52 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3526d5ce1381ba26cbc553db057e1915
fe01c920696448e8bf12e6fff877bce8281d34a2
09604aed7cbca7971bfcb5afcb53591600b944f28eff21aa65dc601e78cdda53
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4759
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 13:27:53 GMT
Last-Modified: Wed, 28 Sep 2022 12:08:34 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.213.140.56101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.213.140.56:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HZbS8RjCROt6FWO4msAZJg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XeB77bIXo1KvP8Ss6ZcnIzJNwvQ=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6827
Expires: Wed, 28 Sep 2022 15:21:41 GMT
Date: Wed, 28 Sep 2022 13:27:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6827
Expires: Wed, 28 Sep 2022 15:21:41 GMT
Date: Wed, 28 Sep 2022 13:27:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6827
Expires: Wed, 28 Sep 2022 15:21:41 GMT
Date: Wed, 28 Sep 2022 13:27:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6827
Expires: Wed, 28 Sep 2022 15:21:41 GMT
Date: Wed, 28 Sep 2022 13:27:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b794c6812cb546de0295e087ebe66a7
a54803cca7d3c509c195f65961e1110c8ec56f55
6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pR4b1-lZZRMnWf-PdXFGXaHBCGAfOyp3AjeuCvtu5imWmf9N9l2wKQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:38 GMT
age: 56356
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ad84ed0c5b2090df7996007514cf1984
651600f2ef18cecc2e38370069bbb5e1d86f68e0
a3d0729e1d43afeadd2dd8273c858b8839d9e476f773c8ec9d96b5969a9e0b4a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13299
x-amzn-requestid: 926df8b6-beec-470d-b0b3-33be326cd379
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF8YIAMF3Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-343e91e735af43d01fc83ddd;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fcxclGRP3zfWwb6opjYU2bL9VAq_mCSNjFtfp9iMLq6tbZu57EDqpQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:50:04 GMT
etag: "651600f2ef18cecc2e38370069bbb5e1d86f68e0"
content-type: image/jpeg
age: 56270
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6139c878a7d2bd32c61fc8287996eb5b
9c4692ea64832895fbd107d91f879728b6a440c7
3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8500
x-amzn-requestid: 626c21ec-f29b-4b69-b275-c22c864c2409
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3VmENnIAMFeTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c23-75eccc381fbd6e5d4ff59c06;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Eyy8qoYVCJbt6b6hTGJ-rOrYex9RuX1InyZbpHkeu9yQqPUEvowKcw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:58 GMT
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
content-type: image/jpeg
age: 56336
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea3890e460356d6ecc3ba4e405ac2e9e
b383135e2ebc23fe80eb0d594b198cb8c89327a5
8fcff053ce6e5750136bf876bad5b2916935f13ea039912d977928b086f0a48b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: e99c9f33-b72a-4070-80cf-06fb4a87d1df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZG4S6EcAoAMFX1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6332a0df-04122b4a345dbc3f3918af98;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 07:06:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yprErfM7s7P7jJPJT-HQZ2Z_AAN4946Tjwyn1g4r7yiA6IF0yLdQTQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 05:22:11 GMT
age: 29143
etag: "b383135e2ebc23fe80eb0d594b198cb8c89327a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa5cad224dbddd71881bd07255beb4da
bc214d60be395d4cf753216ff8f9691c33d25e75
82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14464
x-amzn-requestid: 5cbbafdb-3f69-4ee2-9e46-c1ff0ed4ef14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPFiooAMFulA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-633a649700e040b91deadb64;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cNryG5vkxZuFATZfcNW9Z1-0teUBWLRyWslX1onwYlDCQBUjU2xVdA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:03 GMT
age: 56511
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
lmomiconlinexmumm.classichome.co.za/?username=mfedors@slurpmail.net
193.106.191.175200 OK 13 kB URL HTTP/2 lmomiconlinexmumm.classichome.co.za/?username=mfedors@slurpmail.net
IP 193.106.191.175:0
Hash 6fc8cb1c4dbe9b2b9db7f602955694ad
f003ee7e5ed2a2cdd6b6e3a3c7c346cb47cec169
fa7377ce848abefb7008e8b3a650a32788d7a5b47409ac026ff7ddda1d1a8022
Analyzer Verdict Alert fortinet Malware
POST /?username=mfedors@slurpmail.net HTTP/1.1
Host: lmomiconlinexmumm.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://lmomiconlinexmumm.classichome.co.za
Content-Length: 2548
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:53 GMT
content-type: application/json
vary: Accept-Encoding
set-cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="; Domain=classichome.co.za; expires=Wed, 28 Sep 2022 14:27:53 GMT; HttpOnly; Max-Age=3600; Path=/; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
lmomiconlinexmumm.classichome.co.za/websocket/hook/?__P50n=MzkzMGQ5NTA0MDZjNDE2NThkM2E2NGNlOGJjM2JlMzU=
193.106.191.175101 Switching Protocols 0 B URL HTTP/1.1 lmomiconlinexmumm.classichome.co.za/websocket/hook/?__P50n=MzkzMGQ5NTA0MDZjNDE2NThkM2E2NGNlOGJjM2JlMzU=
IP 193.106.191.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /websocket/hook/?__P50n=MzkzMGQ5NTA0MDZjNDE2NThkM2E2NGNlOGJjM2JlMzU= HTTP/1.1
Host: lmomiconlinexmumm.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://lmomiconlinexmumm.classichome.co.za
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0mfmB0mRZyte4MKifLQGcw==
Connection: keep-alive, Upgrade
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.21.6
Date: Wed, 28 Sep 2022 13:27:57 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: MtOpNizsjJ7fVseM0E61tso82+w=
Sec-WebSocket-Extensions: permessage-deflate
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F838bed0c-c665-42d6-8c20-1decd709953c.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F838bed0c-c665-42d6-8c20-1decd709953c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c58fdf09a7d552be0c8666522a29de7
60c873f097c85376797fed366804119f7e9c445e
24569f084d3fd428526503bde8b3da64152911934cd5e0e9140c06d954e4bcd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F838bed0c-c665-42d6-8c20-1decd709953c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9314
x-amzn-requestid: ed84d0e5-30c5-4841-ba9d-3626234b2056
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3VbFqBoAMFy-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c22-5d0ccbc31fb085be45ef947b;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: yBDUlVwqRnXuJKsaz3vbFNhtNvihQMuk5wX5y4UmEKm1D21wSVdJHQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:58 GMT
etag: "60c873f097c85376797fed366804119f7e9c445e"
content-type: image/jpeg
age: 56342
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
lmomiconlinexmumm.classichome.co.za/?username=mfedors@slurpmail.net
193.106.191.175200 OK 0 B URL HTTP/2 lmomiconlinexmumm.classichome.co.za/?username=mfedors@slurpmail.net
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /?username=mfedors@slurpmail.net HTTP/1.1
Host: lmomiconlinexmumm.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tcaiqah79krq.karlthehandyman.com/
Connection: keep-alive
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:55 GMT
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache
pragma: no-cache
vary: Accept-Encoding, Accept-Encoding
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 602eeeb2-f328-4b19-bac7-be94bf771800
x-ms-ests-server: 2.1.13777.5 - WEULR1 ProdSlices
referrer-policy: strict-origin-when-cross-origin
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
X-Firefox-Spdy: h2
00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
193.106.191.175200 OK 0 B URL HTTP/2 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lmomiconlinexmumm.classichome.co.za/
Connection: keep-alive
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:57 GMT
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1171044
cache-control: public, max-age=31536000
last-modified: Thu, 16 Jan 2020 00:32:52 GMT
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: e0c1be84-e01e-005d-7397-c8af81000000
x-ms-version: 2009-09-19
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/scrollbar/arrow_staticdown_16.png
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/scrollbar/arrow_staticdown_16.png
IP 193.106.191.175:0
GET /images/scrollbar/arrow_staticdown_16.png HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: b4e6c4a9-201e-0064-1f3e-d33b59000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/backgrounds/image1.jpg
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/backgrounds/image1.jpg
IP 193.106.191.175:0
GET /images/backgrounds/image1.jpg HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: 1d6d0dba-a01e-0008-2f3e-d3d0ce000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/passwordstrengthmeter.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/passwordstrengthmeter.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/js/passwordstrengthmeter.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:44:00 GMT
x-ms-request-id: ae5dfeaa-801e-002d-1f8a-d24ce4000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/microsoftajaxcombined.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/microsoftajaxcombined.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/jsc/microsoftajaxcombined.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:59 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:38:23 GMT
x-ms-request-id: 083742a9-e01e-0014-700e-d2b7f8000000
vary: Accept-Encoding, Accept-Encoding
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/js/ConvergedLogin_PCore_ZuzZ0B9zaPr4yfAbYf7RGA2.js
193.106.191.175200 OK 0 B URL HTTP/2 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/js/ConvergedLogin_PCore_ZuzZ0B9zaPr4yfAbYf7RGA2.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /shared/1.0/content/js/ConvergedLogin_PCore_ZuzZ0B9zaPr4yfAbYf7RGA2.js HTTP/1.1
Host: 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lmomiconlinexmumm.classichome.co.za/
Origin: https://lmomiconlinexmumm.classichome.co.za
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:56 GMT
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 738329
cache-control: public, max-age=31536000
last-modified: Fri, 02 Sep 2022 23:42:25 GMT
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 9aec7179-301e-009f-1e87-cca60b000000
x-ms-version: 2009-09-19
content-encoding: gzip
X-Firefox-Spdy: h2
4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/Prefetch/Prefetch.aspx
193.106.191.175200 OK 0 B URL HTTP/2 4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/Prefetch/Prefetch.aspx
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /Prefetch/Prefetch.aspx HTTP/1.1
Host: 4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lmomiconlinexmumm.classichome.co.za/
Connection: keep-alive
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:57 GMT
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache,no-store, no-cache
vary: Accept-Encoding, Accept-Encoding
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-ua-compatible: IE=Edge
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
X-Firefox-Spdy: h2
4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/WebResource.axd?d=SYxG2gKEltHc92c7-eKy7vreyN1e2QqrvpdCCR4utt35Rwac9rd_c8SeOHxrYQBj6_mlgMwB-OaZiOiHvHjimRyiyb40s7dxOv3AMLtzClV2W-wogtkMOc2pDBD_sJZyRKzfvgJtVY-JClcKNVaTSg2&t=637983616337948032
193.106.191.175200 OK 0 B URL HTTP/2 4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/WebResource.axd?d=SYxG2gKEltHc92c7-eKy7vreyN1e2QqrvpdCCR4utt35Rwac9rd_c8SeOHxrYQBj6_mlgMwB-OaZiOiHvHjimRyiyb40s7dxOv3AMLtzClV2W-wogtkMOc2pDBD_sJZyRKzfvgJtVY-JClcKNVaTSg2&t=637983616337948032
IP 193.106.191.175:0
GET /WebResource.axd?d=SYxG2gKEltHc92c7-eKy7vreyN1e2QqrvpdCCR4utt35Rwac9rd_c8SeOHxrYQBj6_mlgMwB-OaZiOiHvHjimRyiyb40s7dxOv3AMLtzClV2W-wogtkMOc2pDBD_sJZyRKzfvgJtVY-JClcKNVaTSg2&t=637983616337948032 HTTP/1.1
Host: 4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/Prefetch/Prefetch.aspx
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/x-javascript
cache-control: public
last-modified: Fri, 09 Sep 2022 23:07:13 GMT
vary: Accept-Encoding, Accept-Encoding
x-aspnet-version: 4.0.30319
x-as-routekeyapplicationendpointlist: weuportal.office.com
x-as-routekey: weu
x-powered-by: ASP.NET
x-ua-compatible: IE=Edge
access-control-allow-origin: *
access-control-allow-headers: *
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/headbundle.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/headbundle.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/jsc/headbundle.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:22:44 GMT
x-ms-request-id: 57c68dfa-901e-006c-700e-d21400000000
vary: Accept-Encoding, Accept-Encoding
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/angularlib.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/angularlib.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/jsc/angularlib.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:59 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:23:03 GMT
x-ms-request-id: 57c6b070-901e-006c-6c0e-d21400000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Images/transparent.gif
193.106.191.175400 Bad Request 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Images/transparent.gif
IP 193.106.191.175:0
GET /Images/transparent.gif HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 400 Bad Request
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
x-ms-request-id: f169606e-001e-0041-373e-d3a773000000
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/adminapp.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/adminapp.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/jsc/adminapp.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:59 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:23:39 GMT
x-ms-request-id: 5d9f7401-001e-001c-7e8a-d2adf7000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
193.106.191.175200 OK 0 B URL HTTP/2 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lmomiconlinexmumm.classichome.co.za/
Connection: keep-alive
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:57 GMT
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1171044
cache-control: public, max-age=31536000
last-modified: Wed, 12 Feb 2020 22:01:50 GMT
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: f66b17b7-a01e-0078-3697-c8c471000000
x-ms-version: 2009-09-19
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/servicestatus.png
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/servicestatus.png
IP 193.106.191.175:0
GET /images/servicestatus.png HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: 8792a30e-901e-004e-643e-d3e449000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/gridview.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/gridview.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/gridview.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:44:01 GMT
x-ms-request-id: 3ab14b55-901e-000e-7f8a-d2d627000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/masterstyles15mvc.css
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/masterstyles15mvc.css
IP 193.106.191.175:0
GET /admincenter/admin-pkg/2022.9.22.2/en/css/masterstyles15mvc.css HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: text/css
last-modified: Mon, 26 Sep 2022 21:38:46 GMT
x-ms-request-id: f21ad691-b01e-0026-720e-d2b78f000000
vary: Accept-Encoding, Accept-Encoding
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/jquery/jquery-1_10_2_min.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/jquery/jquery-1_10_2_min.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/js/jquery/jquery-1_10_2_min.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:38:17 GMT
x-ms-request-id: f21acb7f-b01e-0026-220e-d2b78f000000
vary: Accept-Encoding, Accept-Encoding
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/peoplepicker.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/peoplepicker.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/peoplepicker.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:43:56 GMT
x-ms-request-id: 219f59a3-c01e-005e-158a-d21477000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/adoption.css
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/adoption.css
IP 193.106.191.175:0
GET /admincenter/admin-pkg/2022.9.22.2/en/css/adoption.css HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: f532d4f8-301e-0025-063e-d363bd000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/pagelayout_mos_background_left.jpg
193.106.191.175400 Bad Request 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/pagelayout_mos_background_left.jpg
IP 193.106.191.175:0
GET /Shell/Images/pagelayout_mos_background_left.jpg HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 400 Bad Request
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
x-ms-request-id: f16960a4-001e-0041-6a3e-d3a773000000
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/angularextensions.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/angularextensions.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/jsc/angularextensions.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:28:00 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:23:13 GMT
x-ms-request-id: 57c6ba36-901e-006c-0a0e-d21400000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/webtrends.js
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/webtrends.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/js/webtrends.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
vary: Accept-Encoding
x-ms-request-id: 5e7218d1-d01e-002d-4d3e-d379b2000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/productkeycontrol.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/productkeycontrol.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/productkeycontrol.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:43:58 GMT
x-ms-request-id: 742f2b8b-e01e-0004-498a-d27290000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/hipcontrol.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/hipcontrol.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/jsc/hipcontrol.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:22:54 GMT
x-ms-request-id: eff176df-c01e-002c-5d8a-d21338000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/home.css
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/home.css
IP 193.106.191.175:0
GET /admincenter/admin-pkg/2022.9.22.2/en/css/home.css HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: 5e721978-d01e-002d-663e-d379b2000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/webuivalidation.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/webuivalidation.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/js/webuivalidation.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:43:59 GMT
x-ms-request-id: 07c2dfd9-201e-0069-570e-d2c6db000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/listgrid.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/listgrid.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/listgrid.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:39:47 GMT
x-ms-request-id: e39d27a6-f01e-0008-4016-d2e598000000
vary: Accept-Encoding, Accept-Encoding
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/reporting.js
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/reporting.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/js/reporting.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
vary: Accept-Encoding
x-ms-request-id: 07f2ac47-501e-0023-673e-d35002000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/searchbox.js
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/searchbox.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/js/searchbox.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
vary: Accept-Encoding
x-ms-request-id: 79a76378-301e-0057-4e3e-d364f2000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6b8fffaf21337fcc3970.js
193.106.191.175200 OK 0 B URL HTTP/2 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6b8fffaf21337fcc3970.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6b8fffaf21337fcc3970.js HTTP/1.1
Host: 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lmomiconlinexmumm.classichome.co.za/
Connection: keep-alive
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:57 GMT
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1171038
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 19:42:21 GMT
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 8127f607-701e-0054-0797-c876a3000000
x-ms-version: 2009-09-19
content-encoding: gzip
X-Firefox-Spdy: h2
00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
193.106.191.175200 OK 0 B URL HTTP/2 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1
Host: 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lmomiconlinexmumm.classichome.co.za/
Connection: keep-alive
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1171042
cache-control: public, max-age=31536000
last-modified: Tue, 10 Nov 2020 03:41:05 GMT
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 42aceff7-b01e-0055-2797-c888ae000000
x-ms-version: 2009-09-19
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/header_bg_signup_office.jpg
193.106.191.175400 Bad Request 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/header_bg_signup_office.jpg
IP 193.106.191.175:0
GET /Shell/Images/header_bg_signup_office.jpg HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 400 Bad Request
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
x-ms-request-id: 7fed1c11-901e-0053-6a3e-d3dca3000000
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Images/list_bullet_5x5.gif
193.106.191.175400 Bad Request 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Images/list_bullet_5x5.gif
IP 193.106.191.175:0
GET /Images/list_bullet_5x5.gif HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 400 Bad Request
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
x-ms-request-id: f16960cc-001e-0041-103e-d3a773000000
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/pagelayout_mos_background_right.jpg
193.106.191.175400 Bad Request 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/pagelayout_mos_background_right.jpg
IP 193.106.191.175:0
GET /Shell/Images/pagelayout_mos_background_right.jpg HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 400 Bad Request
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
x-ms-request-id: 00ae7688-901e-000e-1f3e-d3d627000000
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/adminbootstrap.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/jsc/adminbootstrap.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/jsc/adminbootstrap.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:59 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:23:19 GMT
x-ms-request-id: 1383b8da-201e-000b-6e8a-d204fc000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
193.106.191.175200 OK 0 B URL HTTP/2 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lmomiconlinexmumm.classichome.co.za/
Connection: keep-alive
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:57 GMT
content-type: image/x-icon
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1171043
cache-control: public, max-age=31536000
etag: 0x8D8731240E548EB
last-modified: Sun, 18 Oct 2020 03:02:30 GMT
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3b2611da-a01e-007e-4097-c822b0000000
x-ms-version: 2009-09-19
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/pagelayout_white_panel.jpg
193.106.191.175400 Bad Request 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/pagelayout_white_panel.jpg
IP 193.106.191.175:0
GET /Shell/Images/pagelayout_white_panel.jpg HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 400 Bad Request
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
x-ms-request-id: b9a72014-501e-0063-423e-d3626c000000
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/conciergehelper.css
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/conciergehelper.css
IP 193.106.191.175:0
GET /admincenter/admin-pkg/2022.9.22.2/en/css/conciergehelper.css HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: 8792ee8b-901e-004e-3d3e-d3e449000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/assistancepanel.js
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/assistancepanel.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/js/assistancepanel.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
vary: Accept-Encoding
x-ms-request-id: 79a73860-301e-0057-523e-d364f2000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/shell/images/signup_ms_logo.png
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/shell/images/signup_ms_logo.png
IP 193.106.191.175:0
GET /shell/images/signup_ms_logo.png HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: 817a0427-101e-006f-6b3e-d3c032000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/spinner_24x24_metro.gif
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/spinner_24x24_metro.gif
IP 193.106.191.175:0
GET /images/spinner_24x24_metro.gif HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: dae5c024-601e-0017-5f3e-d363ca000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/spinner_16x16_metro.gif
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/spinner_16x16_metro.gif
IP 193.106.191.175:0
GET /images/spinner_16x16_metro.gif HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: 28867948-101e-0050-1c3e-d30891000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/geminiwizard.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/geminiwizard.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/webcontrols/js/geminiwizard.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:44:00 GMT
x-ms-request-id: 2cb1aa3f-b01e-0036-698a-d272e7000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/webcontrols.png
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/webcontrols.png
IP 193.106.191.175:0
GET /images/webcontrols.png HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: 00c7bbb2-401e-004d-6b3e-d3052d000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/js/oneDs_8363475333f6d315e7ae.js
193.106.191.175200 OK 0 B URL HTTP/2 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za/shared/1.0/content/js/oneDs_8363475333f6d315e7ae.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /shared/1.0/content/js/oneDs_8363475333f6d315e7ae.js HTTP/1.1
Host: 00386373-02c7-4c44-97bf-01adcedb3ee5-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lmomiconlinexmumm.classichome.co.za/
Connection: keep-alive
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:57 GMT
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 1171024
cache-control: public, max-age=31536000
last-modified: Sat, 04 Jun 2022 01:23:25 GMT
vary: Accept-Encoding, Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: d43f3e47-701e-0011-6c97-c89fa0000000
x-ms-version: 2009-09-19
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/mscorlib.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/mscorlib.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/js/mscorlib.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:43:11 GMT
x-ms-request-id: 748fe3e8-601e-0068-6f8a-d29907000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/commonhealthdashboard.css
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/commonhealthdashboard.css
IP 193.106.191.175:0
GET /admincenter/admin-pkg/2022.9.22.2/en/css/commonhealthdashboard.css HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: 8179fd22-101e-006f-7e3e-d3c032000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
lmomiconlinexmumm.classichome.co.za/?username=mfedors@slurpmail.net
193.106.191.175200 OK 0 B URL HTTP/2 lmomiconlinexmumm.classichome.co.za/?username=mfedors@slurpmail.net
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /?username=mfedors@slurpmail.net HTTP/1.1
Host: lmomiconlinexmumm.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tcaiqah79krq.karlthehandyman.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:52 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/home15.css
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/home15.css
IP 193.106.191.175:0
GET /admincenter/admin-pkg/2022.9.22.2/en/css/home15.css HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: 8179e973-101e-006f-413e-d3c032000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/netperf.js
193.106.191.175200 OK 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/netperf.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/js/netperf.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 21:44:56 GMT
x-ms-request-id: 6f63b1a4-501e-0001-2a8a-d2a04b000000
cache-control: max-age=630720000
vary: Accept-Encoding, Accept-Encoding
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/scrollbar/arrow_staticup_16.png
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/images/scrollbar/arrow_staticup_16.png
IP 193.106.191.175:0
GET /images/scrollbar/arrow_staticup_16.png HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:59 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: 87937ed8-901e-004e-093e-d3e449000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/website.css
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/css/website.css
IP 193.106.191.175:0
GET /admincenter/admin-pkg/2022.9.22.2/en/css/website.css HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: 07f289a4-501e-0023-103e-d35002000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/O365SharedClusteredImage.png
193.106.191.175400 Bad Request 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/O365SharedClusteredImage.png
IP 193.106.191.175:0
GET /Shell/Images/O365SharedClusteredImage.png HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 400 Bad Request
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
x-ms-request-id: f169607f-001e-0041-473e-d3a773000000
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/pagelayout_nav_highlight.jpg
193.106.191.175400 Bad Request 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/pagelayout_nav_highlight.jpg
IP 193.106.191.175:0
GET /Shell/Images/pagelayout_nav_highlight.jpg HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 400 Bad Request
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
x-ms-request-id: 00ae7719-901e-000e-1d3e-d3d627000000
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/shell/images/o365_gallatin_logo.png
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/shell/images/o365_gallatin_logo.png
IP 193.106.191.175:0
GET /shell/images/o365_gallatin_logo.png HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:59 GMT
content-type: application/xml
vary: Accept-Encoding
x-ms-request-id: 80923099-201e-0016-5c3e-d33c16000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/header_wizard_hl_mos.jpg
193.106.191.175400 Bad Request 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/Shell/Images/header_wizard_hl_mos.jpg
IP 193.106.191.175:0
GET /Shell/Images/header_wizard_hl_mos.jpg HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 400 Bad Request
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/xml
x-ms-request-id: f16960c3-001e-0041-073e-d3a773000000
cache-control: max-age=630720000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/webtrendsstream.js
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/webtrendsstream.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/js/webtrendsstream.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
vary: Accept-Encoding
x-ms-request-id: 5e71d6c7-d01e-002d-583e-d379b2000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2
99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/home.js
193.106.191.175404 Not Found 0 B URL HTTP/2 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za/admincenter/admin-pkg/2022.9.22.2/en/js/home.js
IP 193.106.191.175:0
Analyzer Verdict Alert fortinet Malware
GET /admincenter/admin-pkg/2022.9.22.2/en/js/home.js HTTP/1.1
Host: 99efe3f5-ec18-4747-8cd9-8860bb9db2bd-3930d950.classichome.co.za
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4fc3e60e-db65-41b1-b139-7d7e5c332e45-3930d950.classichome.co.za/
Cookie: __P50n="MzkzMGQ5NTAtNDA2Yy00MTY1LThkM2EtNjRjZThiYzNiZTM1OmUxOWU3MDZhLWQ0ZDctNDdkZi1hZjFhLTA0ODE4NGI3OTUwNQ=="
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.21.6
date: Wed, 28 Sep 2022 13:27:58 GMT
content-type: application/javascript
vary: Accept-Encoding
x-ms-request-id: b4e6fa4f-201e-0064-203e-d33b59000000
timing-allow-origin: *
access-control-expose-headers: date,Akamai-Request-BC
access-control-allow-origin: *
x-cdn-provider: Akamai
content-encoding: gzip
X-Firefox-Spdy: h2