Report - propertywolf.pk/

Report Overview

Submitted URL
propertywolf.pk/
IP
67.223.118.20
ASN
#22612 NAMECHEAP-NET
Submitted
2022-11-04 03:42:57
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
112

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-10T13:03:15Z	385 B	44 kB	142.250.74.168
cdn.buttonizer.io	unknown	2022-05-27T08:05:46Z	2023-03-10T09:13:13Z	361 B	84 kB	104.21.24.5
api.buttonizer.io	unknown	2022-04-25T09:58:30Z	2023-03-10T09:13:13Z	1.0 kB	13 kB	104.21.24.5
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-10T13:35:34Z	372 B	21 kB	142.250.74.174
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	1.7 kB	3.5 kB	93.184.220.29
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-10T14:35:32Z	340 B	964 B	104.18.32.68
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	3.1 kB	6.3 kB	142.250.74.3
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
s.w.org	748	2017-01-30T05:56:16Z	2023-03-10T14:13:07Z	402 B	822 B	192.0.77.48
region1.google-analytics.com	unknown	2022-03-17T12:26:33Z	2023-03-10T05:19:43Z	666 B	562 B	216.239.32.36
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.0 kB	5.3 kB	23.36.76.226
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-10T12:25:49Z	479 B	1.8 kB	142.250.74.10
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.8 kB	65 kB	34.120.237.76
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-10T14:37:36Z	1.5 kB	51 kB	142.250.74.99
propertywolf.pk	unknown	2022-09-29T21:05:19Z	2023-02-11T23:00:32Z	10 kB	2.4 MB	67.223.118.20
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	52.39.57.61

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-04	medium	propertywolf.pk/	Malware
2022-11-04	medium	propertywolf.pk/	Malware
2022-11-04	medium	propertywolf.pk/wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.9.2	Malware
2022-11-04	medium	propertywolf.pk/wp-includes/css/dist/block-library/style.min.css?ver=6.1	Malware
2022-11-04	medium	propertywolf.pk/wp-content/uploads/uag-plugin/assets/1000/uag-css-1308-1667464162.css?ver=2.0.13	Malware
2022-11-04	medium	propertywolf.pk/wp-includes/js/jquery/jquery.min.js?ver=3.6.1	Malware
2022-11-04	medium	propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/imagesloaded.min.js?ver=2.0.13	Malware
2022-11-04	medium	propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/testimonial.min.js?ver=2.0.13	Malware
2022-11-04	medium	propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/slick.min.js?ver=2.0.13	Malware
2022-11-04	medium	propertywolf.pk/wp-includes/js/wp-emoji-release.min.js?ver=6.1	Malware
2022-11-04	medium	propertywolf.pk/wp-content/uploads/2022/10/1xc86wewAyb8hkZG7afEF4LnaPkP3pS8sc92jCab-1024x576.jpeg	Malware
2022-11-04	medium	propertywolf.pk/wp-content/uploads/2022/10/1xc86wewAyb8hkZG7afEF4LnaPkP3pS8sc92jCab-scaled.jpeg	Malware

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed
2022-11-03	medium	propertywolf.pk	Sinkholed

JavaScript (17)

	URL	Size	First Seen	Last Seen
	propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/imagesloaded.min.js?ver=2.0.13	7.3 kB	2023-03-09	2024-04-24
Pretty URL propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/imagesloaded.min.js?ver=2.0.13 IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 09:22:16 Last Seen2024-04-24 09:23:00 Times Seen80 Hash 14df4a80f0e6f12f8d8fdb5c61e8a91a a560113bae3e44dd7b24dc196bb633269a248da9 e4d7770074594021771329a3e8a855fcf2bde2c15036b4b456aa430d083e4029 Loading...

	propertywolf.pk/wp-content/uploads/uag-plugin/assets/1000/uag-js-1308-1667464162.js?ver=2.0.13	5.5 kB	2023-03-10	2023-03-10
Pretty URL propertywolf.pk/wp-content/uploads/uag-plugin/assets/1000/uag-js-1308-1667464162.js?ver=2.0.13 IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:52:43 Last Seen2023-03-10 19:52:43 Times Seen1 Hash 98d99faa4c5de66ebab74b0a327054fa e9e55ca6f912e6ecd5dc2d311dad0c9f22278644 022e56d4cb0dc5abc7e15b552276194779f2b26aed469c6a4eebf920f5f63d2d Loading...

	propertywolf.pk/wp-includes/js/wp-emoji-release.min.js?ver=6.1	19 kB	2023-03-07	2024-04-24
Pretty URL propertywolf.pk/wp-includes/js/wp-emoji-release.min.js?ver=6.1 IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-24 08:08:07 Times Seen38030 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	propertywolf.pk/	333 B	2023-03-07	2024-04-24
Pretty URL propertywolf.pk/ IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-24 11:47:12 Times Seen7465 Hash 3688fd64c409264431201fa55a828e81 2b7eeefaa1edf3a7621f7576b35b01c895ef5367 944433761a880eab1d567dd5389499af76aa03582c82a8aa88838e3c6c2134c6 Loading...

	propertywolf.pk/	2.1 kB	2023-03-10	2023-03-10
Pretty URL propertywolf.pk/ IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:52:43 Last Seen2023-03-10 19:52:43 Times Seen1 Hash 3413e403ede2b4f13048c9247d41536c eeee5a34d75d7ac3d4168ad1aeb4c858eafda203 dfe933a48f3d0658e0e09b8332f9b10fc19751acf12c150f3bc44bf6b77764d1 Loading...

	propertywolf.pk/	397 B	2023-03-10	2023-03-10
Pretty URL propertywolf.pk/ IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:52:43 Last Seen2023-03-10 19:52:43 Times Seen1 Hash 783741c229aeff693f73aee75699d62a 700101143eba06237070d34a99d45bcf7041e90d 84e04f1fa0a99662b470cd342458bac9d3360770fd856af01ef7fa8bf65b7aca Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-20
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-20 17:36:09 Times Seen1522 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	propertywolf.pk/	184 B	2023-03-08	2023-05-10
Pretty URL propertywolf.pk/ IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:59:33 Last Seen2023-05-10 20:07:21 Times Seen2 Hash df69630e7959c4e414d032981804ddd0 13a7c1df0fd40808db0296f6da2242c83cb612bc cba9d5ceb0d6a4b8e72f8b5ae2f0db6e76936dc0bf776f2e62da3b023e58e0d2 Loading...

	propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/slick.min.js?ver=2.0.13	44 kB	2023-03-09	2024-04-24
Pretty URL propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/slick.min.js?ver=2.0.13 IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 09:22:16 Last Seen2024-04-24 09:23:03 Times Seen86 Hash f156add3be76dd6ee084dc63f8cfe3da fb1c1657fbefce2362f82265ae7a5d0da2e53d55 ddfbc20b572338e84a5a632d52bb0d9224a8bb28d4a2a49e07e61797a92ffdf2 Loading...

	propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/testimonial.min.js?ver=2.0.13	1.4 kB	2023-03-10	2023-04-01
Pretty URL propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/testimonial.min.js?ver=2.0.13 IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 12:39:49 Last Seen2023-04-01 10:26:28 Times Seen2 Hash 2ce915fe477104241cf5f4321dfb39af bff07a2dfee144cbbe4a55880c15317b8808398a 23159620049608939a8c973374fb43d2985bdd2655513c6bb266a45fdb3678d7 Loading...

	propertywolf.pk/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	11 kB	2023-03-07	2024-04-24
Pretty URL propertywolf.pk/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 09:47:16 Times Seen68583 Hash 79b4956b7ec478ec10244b5e2d33ac7d a46025b9d05e3df30d610a8aef14f392c7058dc9 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Loading...

	propertywolf.pk/wp-includes/js/jquery/jquery.min.js?ver=3.6.1	90 kB	2023-03-08	2024-04-24
Pretty URL propertywolf.pk/wp-includes/js/jquery/jquery.min.js?ver=3.6.1 IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:46 Last Seen2024-04-24 08:08:07 Times Seen31795 Hash 17738318d61d394f1de8890d589afaec f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3 cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Loading...

	propertywolf.pk/	300 B	2023-03-10	2023-03-10
Pretty URL propertywolf.pk/ IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:52:43 Last Seen2023-03-10 19:52:43 Times Seen1 Hash 7cf415b1356f7d3956330a4f96cf3857 fce5b8bc2eb0bf8a8ddfa801484672f504fb35c3 152929ee5438bb0d89ee26b0011a6db2d21e9dad42a99d265097630e16a51cfc Loading...

	propertywolf.pk/	47 B	2023-03-07	2024-04-24
Pretty URL propertywolf.pk/ IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-24 11:47:10 Times Seen2003 Hash 2c51b5be11f71c5e12aff7f05787fdfd 5e99384e82d66bdfa4db7c8b43a9066c2896e46d f305ca5823e9ef3bf3cdd312369057a018addabb859d129e07543349fdd74d35 Loading...

	www.googletagmanager.com/gtag/js?id=UA-246582976-1	111 kB	2023-03-10	2023-03-10
Pretty URL www.googletagmanager.com/gtag/js?id=UA-246582976-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:52:43 Last Seen2023-03-10 19:52:43 Times Seen1 Hash 4c581e9192422cce993e61537c8fcfac 5a70f578310556d83a64a82b6d4e107bc02c7df8 fdac00cc8d79bcda057fc9092172811eec2995dd67639d23bca02a0e65ded6bd Loading...

	www.googletagmanager.com/gtag/js?id=G-B4NJ8WKFH8&l=dataLayer&cx=c	180 kB	2023-03-10	2023-03-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-B4NJ8WKFH8&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 19:52:43 Last Seen2023-03-10 19:52:43 Times Seen1 Hash cf2a46e36c45649ea1c17bf2104c60ff ccc064983d377857a9f381e8ac10b8b13ace57a3 066f256ad8c2cebf1ae91f0a2db40dec9f503aab94951fd9bcec39711feb4e91 Loading...

	propertywolf.pk/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.2	17 kB	2023-03-07	2024-04-24
Pretty URL propertywolf.pk/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.2 IP 67.223.118.20 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:22:33 Last Seen2024-04-24 11:47:13 Times Seen1024 Hash 423e4eab18767461cb68a11c5b2a0cb4 d5c17c5fbecfe815e7c27347155158e90e9fb709 d6a23f9c4dec2f455c8e2340a99ad4db01a1d538bb1f2537bab3991ec64e14c7 Loading...

HTTP Transactions (64)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b7be8442ec1e518ccc80739495f6d047
7a9d24b9d4046262c7753c49afaf9c19f4840626
b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16147
Expires: Fri, 04 Nov 2022 08:11:52 GMT
Date: Fri, 04 Nov 2022 03:42:45 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2842f538168981f07b56e2c69379841a
0cc4ad0a78c1407bc9b7850eb0fb1a02130e3b22
3f9e8fb02409a19ceb54fee3f0f7f73eeed9e0ad63fa778eac7b3e4633d7d682

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4691
Cache-Control: max-age=111994
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:45 GMT
Etag: "63638a5c-1d7"
Expires: Sat, 05 Nov 2022 10:49:19 GMT
Last-Modified: Thu, 03 Nov 2022 09:31:08 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

propertywolf.pk/

67.223.118.20

301 Moved Permanently

707 B

URL HTTP/1.1
propertywolf.pk/
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Fri, 04 Nov 2022 03:42:45 GMT
server: LiteSpeed
location: https://propertywolf.pk/
x-turbo-charged-by: LiteSpeed

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2842f538168981f07b56e2c69379841a
0cc4ad0a78c1407bc9b7850eb0fb1a02130e3b22
3f9e8fb02409a19ceb54fee3f0f7f73eeed9e0ad63fa778eac7b3e4633d7d682

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4691
Cache-Control: max-age=111994
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:45 GMT
Etag: "63638a5c-1d7"
Expires: Sat, 05 Nov 2022 10:49:19 GMT
Last-Modified: Thu, 03 Nov 2022 09:31:08 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15605
Expires: Fri, 04 Nov 2022 08:02:50 GMT
Date: Fri, 04 Nov 2022 03:42:45 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: DhyI6eKRbTtz0QZAOeVpF458cx5l6p8BatlX6sV9HLzlTGM22KzsvsiWmR/5wwGCN9O2mmG2KxQ=
x-amz-request-id: NQWKDVHG1SP0GH75
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 04 Nov 2022 03:09:25 GMT
age: 2000
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 03:42:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
bcdb73aa37b27b89bae758076b4bc556
280da75ab9b6198a84b0e53fbfb227982b4231da
e38353bd8b0d2c51ac27e4c449c814d00f3ea5d112211dd6d059031abb811cc8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 03:42:45 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 01 Nov 2022 06:17:45 GMT
Expires: Tue, 08 Nov 2022 06:17:44 GMT
Etag: "280da75ab9b6198a84b0e53fbfb227982b4231da"
Cache-Control: max-age=354298,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 764a57702c5fb503-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
670d0b2f341e8ff1e4ee9fe4fe21e210
dcd277daebf63623b985a81a96bcdc6a6f67c518
75029ab8db44811ac539aa3e2f1f8e015a45b80cb5a1099cec7d64e55e2a72a6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4781
Cache-Control: max-age=107023
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:46 GMT
Etag: "63637698-1d7"
Expires: Sat, 05 Nov 2022 09:26:29 GMT
Last-Modified: Thu, 03 Nov 2022 08:06:48 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

propertywolf.pk/

67.223.118.20

200 OK

20 kB

URL HTTP/2
propertywolf.pk/
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (57667), with CRLF, LF line terminators
Size
20 kB (20516 bytes)
Hash
8c573cd6a8728773ffda12b06b755c60
1f85ab4d20a32779c5f0e2b09c8338cca88ce734
a43994e66fa2fb8e0b2e3ea54063915b289fd16b5a74d47d905eba22337ce55b

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
x-powered-by: PHP/7.4.32
content-type: text/html; charset=UTF-8
link: <https://propertywolf.pk/wp-json/>; rel="https://api.w.org/", <https://propertywolf.pk/wp-json/wp/v2/pages/1308>; rel="alternate"; type="application/json", <https://propertywolf.pk/>; rel=shortlink
etag: "538-1667480328;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
content-length: 20516
date: Fri, 04 Nov 2022 03:42:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b88610b42bd507f0ac1700d26db03fbb
073bcc479dfbe62a2691dbdfc3c87a99bcdc2fc4
4e544dd8861a1438b1667462866044f8646dfefb42f3bc6cbac2de324de4b568

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f1ec2926e63a926e5dfe7996043dda5f
b419c8aaafba305f568303f348cdafd6f250faf6
a102485c0952b52761e8c577c8c7b0b93a322fc51ffb24ab297bb3ec7ddae814

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-246582976-1

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-246582976-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43536 bytes)
Hash
004f87f89c4edc6bbb463f81a8b12cda
22035d1778e8d2c960564e0677b64ef936116461
5b21a0798a0e64bcb5b193ea1646544ab88cc37ee6835a2517b4ea2e5b561ff5

HTTP Headers

GET /gtag/js?id=UA-246582976-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 04 Nov 2022 03:42:46 GMT
expires: Fri, 04 Nov 2022 03:42:46 GMT
cache-control: private, max-age=900
last-modified: Fri, 04 Nov 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43536
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.39.57.61

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.39.57.61:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: svwyeNiFtKj1imjWN60fhw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FK5GekO9ApcQ6vSXPh9aHnWUAbQ=

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b88610b42bd507f0ac1700d26db03fbb
073bcc479dfbe62a2691dbdfc3c87a99bcdc2fc4
4e544dd8861a1438b1667462866044f8646dfefb42f3bc6cbac2de324de4b568

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f1ec2926e63a926e5dfe7996043dda5f
b419c8aaafba305f568303f348cdafd6f250faf6
a102485c0952b52761e8c577c8c7b0b93a322fc51ffb24ab297bb3ec7ddae814

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

propertywolf.pk/wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.9.2

67.223.118.20

200 OK

7.7 kB

URL HTTP/2
propertywolf.pk/wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.9.2
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (38375)
Size
7.7 kB (7686 bytes)
Hash
5e8aa80e8c69e966aa5ddb223c5394a3
a99e0f026436b8a7f8d10da0f96e4a0977f003dc
66134865a5ca3fa8f1018bf7c1aeddd875cdd0eb41e3db1cbd50e0f1f4427571

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.9.2 HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: text/css
last-modified: Wed, 12 Oct 2022 19:53:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7686
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/css/slick.min.css?ver=2.0.13

67.223.118.20

200 OK

828 B

URL HTTP/2
propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/css/slick.min.css?ver=2.0.13
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
Unicode text, UTF-8 text, with very long lines (4021), with no line terminators
Size
828 B (828 bytes)
Hash
4a8498b04ed68c2ff741ec3895fdbbf6
e7e291bcfbd746a2d09bf8482748d10f9d2463bf
aba8d45400b1b5e0cf2bf6252723bb3ed998dec6166bfc650871bcb68b4f0ffa

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/ultimate-addons-for-gutenberg/assets/css/slick.min.css?ver=2.0.13 HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: text/css
last-modified: Mon, 24 Oct 2022 09:59:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 828
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-includes/css/dist/block-library/style.min.css?ver=6.1

67.223.118.20

200 OK

12 kB

URL HTTP/2
propertywolf.pk/wp-includes/css/dist/block-library/style.min.css?ver=6.1
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (47826)
Size
12 kB (11601 bytes)
Hash
3f7f7fa954242b63cf5127c14417c6e5
712c7c9ea049d297e3fb27d3c805be5c5867c4d4
e274dc85b6107cb6054dbee83ddb1e3dda3162ca8f93b16b2d692a451cf9511d

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1 HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: text/css
last-modified: Wed, 02 Nov 2022 07:41:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11601
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

67.223.118.20

200 OK

4.0 kB

URL HTTP/2
propertywolf.pk/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (11126)
Size
4.0 kB (3995 bytes)
Hash
7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3995
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/uploads/uag-plugin/assets/1000/uag-css-1308-1667464162.css?ver=2.0.13

67.223.118.20

200 OK

6.8 kB

URL HTTP/2
propertywolf.pk/wp-content/uploads/uag-plugin/assets/1000/uag-css-1308-1667464162.css?ver=2.0.13
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (27339)
Size
6.8 kB (6797 bytes)
Hash
ab083ffd06e99b3845a1220f6ad861f3
376b1cbfc4102738818e30d976aad5d2d4052a34
f57bcc915e977ae5ca1ecdf33940e4e49939a03604a061cdbd34bc76f2384f6c

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/uag-plugin/assets/1000/uag-css-1308-1667464162.css?ver=2.0.13 HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: text/css
last-modified: Thu, 03 Nov 2022 08:29:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6797
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto%3A400%7CRoboto+Condensed%3A700%2C%7CYeseva+One%3A400%2C400italic&display=fallback&ver=3.9.2

142.250.74.10

200 OK

1.0 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto%3A400%7CRoboto+Condensed%3A700%2C%7CYeseva+One%3A400%2C400italic&display=fallback&ver=3.9.2
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.0 kB (1016 bytes)
Hash
5ce341dce7bcaa86996dcf9f60e147f1
f3c77dcaf728719b512527dc8893aa30bd29865e
555aea3df7e6e4245e5e9f4bb3b013f099af15995776fa307b12c0982c9c4e6a

HTTP Headers

GET /css?family=Roboto%3A400%7CRoboto+Condensed%3A700%2C%7CYeseva+One%3A400%2C400italic&display=fallback&ver=3.9.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 04 Nov 2022 03:42:46 GMT
date: Fri, 04 Nov 2022 03:42:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cdn.buttonizer.io/embed.js

104.21.24.5

200 OK

83 kB

URL HTTP/2
cdn.buttonizer.io/embed.js
IP
104.21.24.5:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
83 kB (82695 bytes)
Hash
4b9674d6bcb33bdbf79059033ea64d61
d69850e3ee9d432166c441507cb4707e20382ecc
95838a86e88d421ee3cfd2e1bc082373dfe446936dda4025103508b68db5e64d

HTTP Headers

GET /embed.js HTTP/1.1
Host: cdn.buttonizer.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 04 Nov 2022 03:42:46 GMT
content-type: application/javascript
access-control-allow-origin: *
cf-bgj: minify
cf-polished: origSize=408282
etag: W/"63ada-5ec014025d993"
last-modified: Thu, 27 Oct 2022 10:03:18 GMT
x-powered-by: PleskLin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1133
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iR5S4lCqWg3GBQGJPinOpCBac65brXbiS%2BQyZqV%2B9TKmibuf2D28cY%2FhiJtPKRT%2F0gYNjzRKzx%2Fyky0xzVP5da49FGZ93ZUwjRQCaXrEVgVxLk%2BxGT7xFPBkHAIu%2FKa5vG5GEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 764a57766a16b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

propertywolf.pk/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

67.223.118.20

200 OK

30 kB

URL HTTP/2
propertywolf.pk/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (65447)
Size
30 kB (30324 bytes)
Hash
3a1740685bd5c0bbd5f2b812e1eb7fb4
488e07695da787fed18361c50292aef35abb5e81
4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 07:41:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30324
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/uploads/2022/10/cropped-cropped-wolf-logo-1-70x70.png

67.223.118.20

200 OK

8.0 kB

URL HTTP/2
propertywolf.pk/wp-content/uploads/2022/10/cropped-cropped-wolf-logo-1-70x70.png
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
8.0 kB (7964 bytes)
Hash
8b7ba2f4512b3ecd6825c4aea08653bf
9aa8a05dbef813fe3a68f9b1e3714054feb041b4
29acd36059c8da04cd75d1a9e76c805342ee1c335e6cbd469168ab38b19fb8e7

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2022/10/cropped-cropped-wolf-logo-1-70x70.png HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: image/png
last-modified: Tue, 01 Nov 2022 07:27:14 GMT
accept-ranges: bytes
content-length: 7964
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4873b91ff9e1327d57e6ad100a152cec
4e5c092b944615affe4ecd481c2a33fa6dbb2bb6
05467c141fbcdf4af9b8b7e1153e60509f51ce729a4dcad88f9e0d2d4debfd34

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
80c24b40cdde8cee581bb90b6b40e21d
226d4e0b55c4b95c5fbd30ff2ba239ac46118ad6
872e04e821e4328d2d5bd46f8775baab858bbd75e6f7673f27eb914a70ccae65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4873b91ff9e1327d57e6ad100a152cec
4e5c092b944615affe4ecd481c2a33fa6dbb2bb6
05467c141fbcdf4af9b8b7e1153e60509f51ce729a4dcad88f9e0d2d4debfd34

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
bacec4fbb60799f4f549a1ea9629c62c
711d417a6db00659d69e616838c40a1fee3fd9f7
0bd0f4640557011188f6ab1791bac4b56370140173bfa50fe149b562b8cf4250

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=89619
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:46 GMT
Etag: "63634549-117"
Expires: Sat, 05 Nov 2022 04:36:25 GMT
Last-Modified: Thu, 03 Nov 2022 04:36:25 GMT
Server: nginx
Content-Length: 279

fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2

142.250.74.99

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15660, version 1.0\012- data
Size
16 kB (15660 bytes)
Hash
d7b0b953a50fddaa88089b5b787cf719
2f85bc568b27659a3d6452f58f9fd7678450326d
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516

HTTP Headers

GET /s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://propertywolf.pk
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15660
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Nov 2022 22:17:42 GMT
expires: Wed, 01 Nov 2023 22:17:42 GMT
cache-control: public, max-age=31536000
age: 192305
last-modified: Tue, 19 Apr 2022 18:42:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/yesevaone/v20/OpNJno4ck8vc-xYpwWWxli1VWw.woff2

142.250.74.99

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/yesevaone/v20/OpNJno4ck8vc-xYpwWWxli1VWw.woff2
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 16664, version 1.0\012- data
Size
17 kB (16664 bytes)
Hash
247f3761e787cb917d84b6beb4826113
a8376faed88a229491b529573007fe65dd818e01
4df2558618d59bf36dcdafac03f2a3d4b6fed61a7381558bff35a1b81675114a

HTTP Headers

GET /s/yesevaone/v20/OpNJno4ck8vc-xYpwWWxli1VWw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://propertywolf.pk
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16664
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 00:08:40 GMT
expires: Fri, 03 Nov 2023 00:08:40 GMT
cache-control: public, max-age=31536000
age: 99247
last-modified: Wed, 27 Apr 2022 15:49:00 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.99

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://propertywolf.pk
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:34:08 GMT
expires: Thu, 02 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 115719
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4873b91ff9e1327d57e6ad100a152cec
4e5c092b944615affe4ecd481c2a33fa6dbb2bb6
05467c141fbcdf4af9b8b7e1153e60509f51ce729a4dcad88f9e0d2d4debfd34

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
bacec4fbb60799f4f549a1ea9629c62c
711d417a6db00659d69e616838c40a1fee3fd9f7
0bd0f4640557011188f6ab1791bac4b56370140173bfa50fe149b562b8cf4250

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=89618
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:47 GMT
Etag: "63634549-117"
Expires: Sat, 05 Nov 2022 04:36:25 GMT
Last-Modified: Thu, 03 Nov 2022 04:36:25 GMT
Server: nginx
Content-Length: 279

propertywolf.pk/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.2

67.223.118.20

200 OK

3.8 kB

URL HTTP/2
propertywolf.pk/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.2
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (16935), with no line terminators
Size
3.8 kB (3808 bytes)
Hash
3a5528d3c5255102448258fcf5496360
332bb0c5baaf8110b353094632417e9f313a8b94
024bb2f7ca7725ca60738783b8b6bbc237c937b6725aec3c2a1044961857186a

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.9.2 HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: application/javascript
last-modified: Wed, 12 Oct 2022 19:53:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3808
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/imagesloaded.min.js?ver=2.0.13

67.223.118.20

200 OK

2.0 kB

URL HTTP/2
propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/imagesloaded.min.js?ver=2.0.13
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (7120)
Size
2.0 kB (1990 bytes)
Hash
47df458b7d2a30181fd4ff1253538bc7
ff2d3455c5990d1b181632045e7325a9e6db63fb
27beb9e44b33a08a0b1306c6204f4ef1947fcae6e6f595506e79057bb253281f

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/imagesloaded.min.js?ver=2.0.13 HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 09:59:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1990
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/testimonial.min.js?ver=2.0.13

67.223.118.20

200 OK

403 B

URL HTTP/2
propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/testimonial.min.js?ver=2.0.13
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (1358), with no line terminators
Size
403 B (403 bytes)
Hash
b10c270e5b28da493df9fbaa34927f1a
b4f812ca2c18f71fd141044ba6314b1e32749648
51850fd85edd1e4002d9e9a35ab0fe52bcf7a5e1b4bd5ad0a24f3a4ffd4c4d6f

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/testimonial.min.js?ver=2.0.13 HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 09:59:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 403
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/uploads/uag-plugin/assets/1000/uag-js-1308-1667464162.js?ver=2.0.13

67.223.118.20

200 OK

747 B

URL HTTP/2
propertywolf.pk/wp-content/uploads/uag-plugin/assets/1000/uag-js-1308-1667464162.js?ver=2.0.13
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (1408)
Size
747 B (747 bytes)
Hash
c1320abbea32f8f3de5e465c8847da7f
7425fdd8b1a6d434745c0c78a61a6a7f223c9814
a4e39b173defe606182ce9a4b5062bcb9f8630797e2584e2af968b70b71523db

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/uag-plugin/assets/1000/uag-js-1308-1667464162.js?ver=2.0.13 HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 08:29:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 747
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/slick.min.js?ver=2.0.13

67.223.118.20

200 OK

11 kB

URL HTTP/2
propertywolf.pk/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/slick.min.js?ver=2.0.13
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (32026)
Size
11 kB (10658 bytes)
Hash
3abd2fab4e4fe4a5da22a4c0ed165e02
7672155547a1564e0edb6f50aedbaf816dcdd48f
b186cb08e357e2a14da1c5be82707690aa673696aeb20efe249543413d606126

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/slick.min.js?ver=2.0.13 HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 09:59:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10658
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-includes/js/wp-emoji-release.min.js?ver=6.1

67.223.118.20

200 OK

4.6 kB

URL HTTP/2
propertywolf.pk/wp-includes/js/wp-emoji-release.min.js?ver=6.1
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (15660)
Size
4.6 kB (4619 bytes)
Hash
0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1 HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: application/javascript
last-modified: Tue, 12 Apr 2022 05:56:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4619
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

api.buttonizer.io/serve/455e75cf-1c9c-4b2c-8705-e7e16df58b93

104.21.24.5

200 OK

11 kB

URL HTTP/2
api.buttonizer.io/serve/455e75cf-1c9c-4b2c-8705-e7e16df58b93
IP
104.21.24.5:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with very long lines (959), with no line terminators
Size
11 kB (11032 bytes)
Hash
8135cc13cfa5398fa057f6978154a1be
6568292e348b145d397c1218fc221246d542a281
9b8d8b669b729a361bc7312930eb3178eaa89c332d75a645bf9c68e3bee32e27

HTTP Headers

POST /serve/455e75cf-1c9c-4b2c-8705-e7e16df58b93 HTTP/1.1
Host: api.buttonizer.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 92
Origin: https://propertywolf.pk
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 04 Nov 2022 03:42:47 GMT
content-type: application/json
cache-control: max-age=60, public
last-modified: Fri, 04 Nov 2022 03:42:47 GMT
access-control-allow-origin: https://propertywolf.pk
access-control-allow-credentials: true
access-control-expose-headers: link, set-cookie
vary: Origin
x-cached: MISS
x-backend: buttonizer-serve
x-do-app-origin: 39e9076a-e6ab-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e3nKG3eyk3DdDVuVg1DTC6bZYBPGsoHK0G%2BSk7rRgwCIyMnT2hed%2FMeGDZM6vJ0An8rwFS4pwUDJGdbd3l22h1HZ%2Fqu3iIuCyXK5JktpgFzPwBf4lczo7eYB06d9leO6fB7hcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 764a5778db3cb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

s.w.org/images/core/emoji/14.0.0/svg/1f4de.svg

192.0.77.48

200 OK

391 B

URL HTTP/2
s.w.org/images/core/emoji/14.0.0/svg/1f4de.svg
IP
192.0.77.48:0
ASN
#2635 AUTOMATTIC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (391), with no line terminators
Size
391 B (391 bytes)
Hash
f34c63197816c3e60bea4a9537c5fffa
d0cb02de1a16ba96121b7f588c83068a5cbea2bc
75c52e1c16937c12b0237d384089300a6d05d8e12d390995674abe2e56886445

HTTP Headers

GET /images/core/emoji/14.0.0/svg/1f4de.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 03:42:47 GMT
content-type: image/svg+xml
content-length: 391
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3206
Expires: Fri, 04 Nov 2022 04:36:13 GMT
Date: Fri, 04 Nov 2022 03:42:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3206
Expires: Fri, 04 Nov 2022 04:36:13 GMT
Date: Fri, 04 Nov 2022 03:42:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3206
Expires: Fri, 04 Nov 2022 04:36:13 GMT
Date: Fri, 04 Nov 2022 03:42:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3206
Expires: Fri, 04 Nov 2022 04:36:13 GMT
Date: Fri, 04 Nov 2022 03:42:47 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6557 bytes)
Hash
ca6c7517d7015fbc35fa290c1c2d6afd
594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c
a746b36be50209915a0e5657abd219aab382eee4b7556142aa1316daf3a9f5a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: f2e39db1-fb8a-4a9b-8a1d-ee08000ddeb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC1VyFHuIAMF5Eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636435be-7a03ef677f8dbd680f72de90;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:42:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OI-hzSDTy-vFSFOZxI98XT8VZmnpFlU_cobzCTkrn4T5NuH8cqybMg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:52:32 GMT
age: 21015
etag: "594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43a2ca39-70e2-4cc7-b378-65317cca7969.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9023 bytes)
Hash
55f392ea73e9746f7edb30e319646c4b
09b052e39f5493c2c2b79d92e81e510aeffbfcb4
9a5b1575ed3a943be74e212f41f122178dcf4c89ef0d78eb8cc761508cd453d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43a2ca39-70e2-4cc7-b378-65317cca7969.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9023
x-amzn-requestid: 599a15c5-bd47-4c30-91e5-b445da7e66f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apwvQHCsIAMFWlg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a2e61-1d36740311e6b1e531d44767;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 07:08:17 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FdYEabB0P-JcMOvjTK2TdVUCbuCbCEICZXoKHcz2-QdUfpIgey1tWw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 14:25:51 GMT
age: 47816
etag: "09b052e39f5493c2c2b79d92e81e510aeffbfcb4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F877911e5-70a1-471d-b418-3ee8665daf00.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8016 bytes)
Hash
f787d03ccf6f14f05b9fb00149a92f49
0d3c7535f83ced168b1efb0f849e353de31d40db
bda8d5d8dee8c1b3b9a0dd81407bc920a3a2a737dceaaebf75e8554ef1cdcec8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F877911e5-70a1-471d-b418-3ee8665daf00.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8016
x-amzn-requestid: 971369d4-3728-4fef-9d82-794fd184d26d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0S3FbeIAMFceg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63643412-0efd014e4b25ed9c4aed13cb;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZPGScUHAZtgr_egNkJ2bOzK_ftHSd0Yr1U_S7jYUelg56FCtTOC2TA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:17 GMT
age: 20970
etag: "0d3c7535f83ced168b1efb0f849e353de31d40db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/uploads/2022/10/Screenshot-2022-06-15-181101-1.png

67.223.118.20

200 OK

90 kB

URL HTTP/2
propertywolf.pk/wp-content/uploads/2022/10/Screenshot-2022-06-15-181101-1.png
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 474 x 372, 8-bit colormap, non-interlaced\012- data
Size
90 kB (89795 bytes)
Hash
84c0a69c2ac9d075de965b63d8dd90f1
24c7a4eab1788043e7e12f04c25d6eb0754799a6
bf4f29cfb3fee3e1c7024b6cdb9bbfcd753ae7d1a52b55ffd38503329f0e099f

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2022/10/Screenshot-2022-06-15-181101-1.png HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: image/png
last-modified: Sun, 16 Oct 2022 23:01:23 GMT
accept-ranges: bytes
content-length: 89795
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e763f4b-3a03-44da-b01c-40142867c7d7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7994 bytes)
Hash
f67d6ac91d1a30360cd535fa4f2fb762
d4ec3ae0cc0c904798bf60caec24332b82f42617
92e8ab36824acc99cedaa44d728d2980d3152409a7634c7f1cbe3abf8672123b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e763f4b-3a03-44da-b01c-40142867c7d7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7994
x-amzn-requestid: 91f890f5-0104-4035-81aa-0ec332b481e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC18UGhsIAMFr4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636436b5-4a994af4192125ba5d729e0e;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:46:29 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: yH5fVPZPl9AyxvzT1zP3I1c47lW-fwnDSfEuK6b8m8VbKM0MpkCmVA==
via: 1.1 76dcc62b68091cc715d50b5017be77fc.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:38 GMT
etag: "d4ec3ae0cc0c904798bf60caec24332b82f42617"
content-type: image/jpeg
age: 20949
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4d35891-f796-4a25-b3d1-1a1f42800b89.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5782 bytes)
Hash
9685f5d5e91c119fef70a5f0ac2bb64f
52318fc169c37f8dc2c48ae478f1ad136bd3762d
37487b56f0613c240c6d556f35fe423fe75ba0979a320b9b41bea03b105456a9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4d35891-f796-4a25-b3d1-1a1f42800b89.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5782
x-amzn-requestid: a177e1a1-8c19-410f-ab92-6e36cb11bb5c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0RqFRPoAMFy-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364340a-095c72b028d4886618ad570a;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:06 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: M-fMqJ6fhWbBipZ9vi2eLfDYewAHsJFMjd2EwGDI7RnplK36MsMG_Q==
via: 1.1 5abfab33f248090bb0f31ca137ce9464.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:54:24 GMT
age: 20903
etag: "52318fc169c37f8dc2c48ae478f1ad136bd3762d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1a3df84-4e22-41a2-bf91-e7fe82561ae9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9354 bytes)
Hash
3a1fb7d52f37f8395bf4e1bdcdc60744
192d9b837efdf7ecafa90da62c839fed5b2fe38e
1f097506eea4ea37b0a3968e92d8ea2044fc3fa25182030297777caeb5188315

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1a3df84-4e22-41a2-bf91-e7fe82561ae9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9354
x-amzn-requestid: 1fa657a1-a068-4939-923f-9234267c84bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a28dSH7tIAMFwTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635f7454-008040f90f1fb1e6503d9162;Sampled=0
x-amzn-remapped-date: Mon, 31 Oct 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yGlNJMvjenoUGz_3V644W6XdfCMLqbTMgzBYlQ7w6hXgrOcG3Qk-yA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:54:47 GMT
age: 20880
etag: "192d9b837efdf7ecafa90da62c839fed5b2fe38e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/uploads/2022/10/1xc86wewAyb8hkZG7afEF4LnaPkP3pS8sc92jCab-1024x576.jpeg

67.223.118.20

200 OK

192 kB

URL HTTP/2
propertywolf.pk/wp-content/uploads/2022/10/1xc86wewAyb8hkZG7afEF4LnaPkP3pS8sc92jCab-1024x576.jpeg
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 1024x576, components 3\012- data
Size
192 kB (192447 bytes)
Hash
1d5c96d72328fabf0c8ed8f036e23685
fe36f57b0c556cd17b0a0697e8333025d4a17d91
f97ccbf4261efbaa88d340df90ed0e8b1a65069f370b42e1d1758d6d76d173e7

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2022/10/1xc86wewAyb8hkZG7afEF4LnaPkP3pS8sc92jCab-1024x576.jpeg HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: image/jpeg
last-modified: Mon, 17 Oct 2022 23:49:20 GMT
accept-ranges: bytes
content-length: 192447
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-B4NJ8WKFH8&gtm=2oeb20&_p=360266425&gdid=dZTNiMT&cid=506056068.1667533366&ul=en-us&sr=1280x1024&_s=1&sid=1667533366&sct=1&seg=0&dl=https%3A%2F%2Fpropertywolf.pk%2F&dt=Home%20-%20PropertyWolf.pk&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-B4NJ8WKFH8&gtm=2oeb20&_p=360266425&gdid=dZTNiMT&cid=506056068.1667533366&ul=en-us&sr=1280x1024&_s=1&sid=1667533366&sct=1&seg=0&dl=https%3A%2F%2Fpropertywolf.pk%2F&dt=Home%20-%20PropertyWolf.pk&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-B4NJ8WKFH8&gtm=2oeb20&_p=360266425&gdid=dZTNiMT&cid=506056068.1667533366&ul=en-us&sr=1280x1024&_s=1&sid=1667533366&sct=1&seg=0&dl=https%3A%2F%2Fpropertywolf.pk%2F&dt=Home%20-%20PropertyWolf.pk&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://propertywolf.pk
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://propertywolf.pk
date: Fri, 04 Nov 2022 03:42:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c57e881aab01c697b3abb6bbc6182970
0f9079aa8a799cc802f40cfed0cbe1105c4058cd
481b3bb0afccdead61c5b84a257f60e1c2ba38add789b4ac78969dcff1f593a1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 03:42:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 04 Nov 2022 02:41:09 GMT
expires: Fri, 04 Nov 2022 04:41:09 GMT
cache-control: public, max-age=7200
age: 3699
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/uploads/2021/05/static-bg.jpg

67.223.118.20

200 OK

196 kB

URL HTTP/2
propertywolf.pk/wp-content/uploads/2021/05/static-bg.jpg
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2142x1080, components 3\012- data
Size
196 kB (195477 bytes)
Hash
20ef40c9ea3dc9859a0ce47deb9e9f6c
aa19c1a3df3a93e51dd952c5e0d599c9e8d3a259
e571c2680453f8d1d5502c2215e060876f09baa79b6ebdcbd912eb6cabb40df3

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2021/05/static-bg.jpg HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/wp-content/uploads/uag-plugin/assets/1000/uag-css-1308-1667464162.css?ver=2.0.13
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:47 GMT
content-type: image/jpeg
last-modified: Mon, 24 Oct 2022 10:04:11 GMT
accept-ranges: bytes
content-length: 195477
date: Fri, 04 Nov 2022 03:42:47 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/uploads/2022/10/cropped-logo-wolf-1-32x32.png

67.223.118.20

200 OK

2.0 kB

URL HTTP/2
propertywolf.pk/wp-content/uploads/2022/10/cropped-logo-wolf-1-32x32.png
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (2023 bytes)
Hash
e32a72296c1e6a6801779b36507c71ea
a833faa0b06e83e9314c56e6dde5124fd5353a3c
422c33ef2677ded771cd2c7c5ee6e531ca76a1292f7e9c52cec0f2b609fe27bf

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2022/10/cropped-logo-wolf-1-32x32.png HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Cookie: _ga_B4NJ8WKFH8=GS1.1.1667533366.1.0.1667533366.0.0.0; _ga=GA1.1.506056068.1667533366
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:48 GMT
content-type: image/png
last-modified: Sat, 22 Oct 2022 05:37:23 GMT
accept-ranges: bytes
content-length: 2023
date: Fri, 04 Nov 2022 03:42:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/uploads/2022/10/cropped-logo-wolf-1-192x192.png

67.223.118.20

200 OK

37 kB

URL HTTP/2
propertywolf.pk/wp-content/uploads/2022/10/cropped-logo-wolf-1-192x192.png
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
37 kB (37165 bytes)
Hash
e10ce5f4b526d5b86ae302f54f767adb
538f64bbd20ee4373290907827edea3a6809a390
30c7bb265723b208a7a857cd3124840130bea29acc618717aebe6273ea4e09fc

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2022/10/cropped-logo-wolf-1-192x192.png HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Cookie: _ga_B4NJ8WKFH8=GS1.1.1667533366.1.0.1667533366.0.0.0; _ga=GA1.1.506056068.1667533366
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:48 GMT
content-type: image/png
last-modified: Sat, 22 Oct 2022 05:37:23 GMT
accept-ranges: bytes
content-length: 37165
date: Fri, 04 Nov 2022 03:42:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/uploads/2022/10/blue-world-city-1.png

67.223.118.20

200 OK

770 kB

URL HTTP/2
propertywolf.pk/wp-content/uploads/2022/10/blue-world-city-1.png
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 870 x 489, 8-bit/color RGBA, non-interlaced\012- data
Size
770 kB (770210 bytes)
Hash
7d519d4a1edca7089e7cbd084a5b18f1
c8d461d6ef3f73c0a8492d26185b86b22e0cc5b0
647cb4179411942bb0f6ed54df63fdc7695239ba86f04b5649aa1103fa0ea801

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2022/10/blue-world-city-1.png HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:46 GMT
content-type: image/png
last-modified: Mon, 31 Oct 2022 13:10:54 GMT
accept-ranges: bytes
content-length: 770210
date: Fri, 04 Nov 2022 03:42:46 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

propertywolf.pk/wp-content/uploads/2022/10/1xc86wewAyb8hkZG7afEF4LnaPkP3pS8sc92jCab-scaled.jpeg

67.223.118.20

200 OK

1.0 MB

URL HTTP/2
propertywolf.pk/wp-content/uploads/2022/10/1xc86wewAyb8hkZG7afEF4LnaPkP3pS8sc92jCab-scaled.jpeg
IP
67.223.118.20:0
ASN
#22612 NAMECHEAP-NET

File type
data
Size
1.0 MB (1027129 bytes)
Hash
b6f6c87d81ddb18cfd351c2340072b93
48f20ada20d2a753528fe6776423453ee092d0ad
db94dcb709cd0908816f8f42bc0646f086ff1ba54c37dc03b03337b01f628728

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2022/10/1xc86wewAyb8hkZG7afEF4LnaPkP3pS8sc92jCab-scaled.jpeg HTTP/1.1
Host: propertywolf.pk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://propertywolf.pk/wp-content/uploads/uag-plugin/assets/1000/uag-css-1308-1667464162.css?ver=2.0.13
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 11 Nov 2022 03:42:47 GMT
content-type: image/jpeg
last-modified: Mon, 17 Oct 2022 23:49:19 GMT
accept-ranges: bytes
content-length: 1022533
date: Fri, 04 Nov 2022 03:42:47 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48ed2916-30a1-46c8-8937-a8213ca50702.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11070 bytes)
Hash
068891a060bfab0650cbe836d18b7184
b8b782747dca705f0424e1a272bd703951400c62
518f9d4db49210907c2665c6f2284aa295db63fcc9dfaad99664e6fefea16e75

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48ed2916-30a1-46c8-8937-a8213ca50702.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 11070
x-amzn-requestid: 6f465257-3152-4701-b43a-ce54947f4294
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC04lEtXoAMFzcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63643503-7c9f9c7457cc974c3b112467;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:39:15 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C3xV3NajMEJj2LBnNdorAMHCzWV1TqSHGxOeGczvPnDhib0IjK0djg==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:21 GMT
age: 20973
etag: "b8b782747dca705f0424e1a272bd703951400c62"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

api.buttonizer.io/serve/455e75cf-1c9c-4b2c-8705-e7e16df58b93

104.21.24.5

200 OK

0 B

URL HTTP/2
api.buttonizer.io/serve/455e75cf-1c9c-4b2c-8705-e7e16df58b93
IP
104.21.24.5:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

OPTIONS /serve/455e75cf-1c9c-4b2c-8705-e7e16df58b93 HTTP/1.1
Host: api.buttonizer.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://propertywolf.pk/
Origin: https://propertywolf.pk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 04 Nov 2022 03:42:47 GMT
content-type: text/html; charset=UTF-8
cache-control: private, must-revalidate
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST, PUT, GET, DELETE
access-control-allow-headers: content-type
access-control-max-age: 3600
access-control-allow-origin: https://propertywolf.pk
pragma: no-cache
expires: -1
x-backend: buttonizer-serve
x-do-app-origin: 39e9076a-e6ab-11ec-b1dc-0c42a19a82a7
x-do-orig-status: 200
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jr21aads275ZBuBEdSjMk4rzPCx0ucG24plGkORH4N2sOMHql1CzNMAw8v3OIwxb2jR8QMvcW6zJZmP0571eVi0KEAqmoutbVPToPvqhynYO%2BJ%2Br29p%2BTjuIIzEWNYs2uwZHZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 764a57785af9b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations