Report - is.gd/Takarek

Report Overview

Submitted URL
is.gd/Takarek
IP
104.25.234.53
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-08 19:00:09
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	797 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.216.88.5
is.gd	51320	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	786 B	559 B	172.67.83.132
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.4 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
22051-4482.s3.webspace.re	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	13 kB	456 kB	91.218.65.6
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	34 kB	34.120.237.76
netbank.takarekbank.hu	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	530 B	388 B	195.228.180.117

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/secured	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/secured/	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/secured/login.php	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/zentk/material-design-icons/iconfont/material-icons730c.css?version=1647007157	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/login730c.css?version=1647007157	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/eib.hu.min730c.js?version=1647007157	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/zentk/foundation/css/app730c.css?version=1647007157	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/eib730c.css?version=1647007157	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/zentk/zentk730c.css?version=1647007157	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/zentk/jquery-ui/jquery-ui.min.js	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/zentk/foundation/js/vendor/foundation.min.js	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/zentk/zentk_mobilapp.hu.min730c.js?version=1647007157	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/zentk/zentk.hu.min730c.js?version=1647007157	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/icons730c.css?version=1647007157	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/zentk/foundation/js/vendor/what-input.js	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/takrek/1/zentk/jquery/jquery.min.js	Malware
2022-12-08	medium	22051-4482.s3.webspace.re/eibpublic_ib_S7/LPExt/usefullinks.hu.html	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (49)

	URL	Size	First Seen	Last Seen
	22051-4482.s3.webspace.re/takrek/1/zentk/zentk_communication.hu.min730c.js?version=1647007157	22 kB	2023-03-08	2023-03-29
Pretty URL 22051-4482.s3.webspace.re/takrek/1/zentk/zentk_communication.hu.min730c.js?version=1647007157 IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:01:13 Last Seen2023-03-29 21:10:23 Times Seen2 Hash b9286e61621ac837d111216a7367b90e eecccd7c12be4fb408fbffcae0f30b5751cf05f5 e0c5cc34e33fc664688d8c8dbc51d809b132997e8ca85d4150dbf3c302a000a6 Loading...

	22051-4482.s3.webspace.re/takrek/1/zentk/jquery/jquery.min.js	88 kB	2023-03-07	2024-04-19
Pretty URL 22051-4482.s3.webspace.re/takrek/1/zentk/jquery/jquery.min.js IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-19 20:57:43 Times Seen95065 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	22051-4482.s3.webspace.re/takrek/1/zentk/zentk_formats.hu.min730c.js?version=1647007157	25 kB	2023-03-08	2023-03-29
Pretty URL 22051-4482.s3.webspace.re/takrek/1/zentk/zentk_formats.hu.min730c.js?version=1647007157 IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:01:14 Last Seen2023-03-29 21:10:23 Times Seen2 Hash d0665e86b1de8ec9509b1ccb247d7895 06cf324340847dfdbebe27535ba6ec45876b8929 8dbb97715545ab005bf404fa890a2f8649ff4c3ee6b5d9876b8680dfd861159e Loading...

	22051-4482.s3.webspace.re/takrek/1/zentk/jquery-ui/jquery-ui.min.js	110 kB	2023-03-08	2023-03-29
Pretty URL 22051-4482.s3.webspace.re/takrek/1/zentk/jquery-ui/jquery-ui.min.js IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:01:14 Last Seen2023-03-29 21:10:23 Times Seen2 Hash 6eb1814798dbc865c9dd1e22802afb59 281bc40cd96ccffa9ed453270cb5175d707b8335 64a938e773a40436d1bf7e675dc621971d08e45af5522c35e557606f5178cd3f Loading...

	22051-4482.s3.webspace.re/takrek/1/eib.hu.min730c.js?version=1647007157	30 kB	2023-03-08	2023-03-29
Pretty URL 22051-4482.s3.webspace.re/takrek/1/eib.hu.min730c.js?version=1647007157 IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:01:13 Last Seen2023-03-29 21:10:23 Times Seen2 Hash 5a230272aa96ac8755113046187466b1 4d26c3cdb8a02bf90c4e01ee98ecdb89ec606f80 bd53f9336af8fff1a4b721647f3ca8137aa59d1a3986fbb224f914dbb48deffc Loading...

	22051-4482.s3.webspace.re/takrek/1/zentk/zentk.hu.min730c.js?version=1647007157	86 kB	2023-03-08	2023-03-10
Pretty URL 22051-4482.s3.webspace.re/takrek/1/zentk/zentk.hu.min730c.js?version=1647007157 IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:01:14 Last Seen2023-03-10 18:55:19 Times Seen1 Hash aab1e614511dc51ba1f88991f559a325 7ecba896eeebf8cf6386cc323fe3d243010452e2 66ddc4212cad7838b4d4f72f61f30ad906aa4a73181d0d9ba0d40039bf0f6731 Loading...

	22051-4482.s3.webspace.re/takrek/1/zentk/zentk_mobilapp.hu.min730c.js?version=1647007157	21 kB	2023-03-08	2023-03-29
Pretty URL 22051-4482.s3.webspace.re/takrek/1/zentk/zentk_mobilapp.hu.min730c.js?version=1647007157 IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:01:13 Last Seen2023-03-29 21:10:23 Times Seen2 Hash 2d9ac64f6ad4f9b309716c8e81471027 7c2f3e931a807cf3ea1fee15182b3bd820a963dd b671dc8c1863d15e59dee2da64616d06a135176af9b90cf39505012b425ef515 Loading...

	22051-4482.s3.webspace.re/takrek/secured/login.php	4.5 kB	2023-03-08	2023-03-10
Pretty URL 22051-4482.s3.webspace.re/takrek/secured/login.php IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:01:14 Last Seen2023-03-10 18:55:19 Times Seen1 Hash eb74a401504e04e5dacb840cd541e7da e4c91c1ecef881628ad7e7d5c087426d579a210e 92a71effbf5771cd3cb81e97ff948454276fdf3d9fc562cc93fdc0a0f72080b9 Loading...

	22051-4482.s3.webspace.re/takrek/secured/login.php	25 B	2023-03-08	2023-03-17
Pretty URL 22051-4482.s3.webspace.re/takrek/secured/login.php IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:01:13 Last Seen2023-03-17 11:29:15 Times Seen1 Hash 0ab2475f128a98eaac69f559d3e09d6c 37fae43fef960f0cec4a523f2a2842bfc743f644 592bcb2a9e4a06569bbe22703e2475236765bdb60679162dcc7b46877210031a Loading...

	22051-4482.s3.webspace.re/takrek/secured/login.php	4.5 kB	2023-03-08	2023-03-17
Pretty URL 22051-4482.s3.webspace.re/takrek/secured/login.php IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:01:13 Last Seen2023-03-17 11:29:15 Times Seen1 Hash 223c996f8a906012c5edc449a9e2b3bb 1fc8d85bd96f089a71208c707aa5aeac382a1b41 189eb8d5aa86ff4ba8ffcfb3c6f9b9148c907d278cb7fe3c46e8548846500386 Loading...

	22051-4482.s3.webspace.re/takrek/1/zentk/foundation/js/vendor/what-input.js	14 kB	2023-03-08	2023-11-14
Pretty URL 22051-4482.s3.webspace.re/takrek/1/zentk/foundation/js/vendor/what-input.js IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:01:13 Last Seen2023-11-14 09:35:35 Times Seen17 Hash ae7bfd22e20224d3c72cf3c4fb20f7ac c9b10032ed8e1d2d2999768888eaec0d2a6922fc d21ad553baa697f961d35ba95eadccd899ce993cbce77a9935d7182dc855cbcc Loading...

	22051-4482.s3.webspace.re/takrek/1/zentk/zentk_foundation.hu.min730c.js?version=1647007157	39 kB	2023-03-08	2023-03-29
Pretty URL 22051-4482.s3.webspace.re/takrek/1/zentk/zentk_foundation.hu.min730c.js?version=1647007157 IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:01:13 Last Seen2023-03-29 21:10:23 Times Seen2 Hash c7ecb8158d49930e7a0e530fb6fdf9e8 cbd01a733c9e717767e87de195c09ce4925886e2 dcb1a2a48cc925bb5205914a7b8112988cdaca8e1bb27397a90502119c8ff9fd Loading...

	22051-4482.s3.webspace.re/takrek/1/zentk/foundation/js/vendor/foundation.min.js	518 kB	2023-03-08	2023-03-29
Pretty URL 22051-4482.s3.webspace.re/takrek/1/zentk/foundation/js/vendor/foundation.min.js IP 91.218.65.6 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:01:14 Last Seen2023-03-29 21:10:23 Times Seen2 Hash 8b4d00243137501f37a0ef5514ab2583 a79dd782d65d93f294fa627f72ce9fc285a2b7c7 e35cb9d5f5783927f1bc29d7fc7ae3a4b7bbe275695ae2ff998e399ea87750e4 Loading...

		Size	First Seen	Last Seen
	#1 Eval - c04491681576c9a8b6ef555758a9613d	6.9 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:57 Times Seen24 Hash c04491681576c9a8b6ef555758a9613d 63ee0d62ffe31805850a005fb090ec249788e39d 08baba013b4074794a594578fc28ba42294f7f77a9dd4366701f886518db84e0 Loading...

	#2 Eval - 599b9b812226cb409d3bcbe238ba70b3	11 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen23 Hash 599b9b812226cb409d3bcbe238ba70b3 06a3e976be5501cb1df219516382638ac4f6fede 485cc4cc8c4f75ddf7276d39452b1020757ce40acf64cdc844cae5b04b615e8c Loading...

	#3 Eval - a6545390cf2cf5e8cee851583f32234c	7.6 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen23 Hash a6545390cf2cf5e8cee851583f32234c c5a8805dc499fe11563b5567feda800a1d5f5508 b2e982deda7e5db1203b83998081b793fa8f9971cbb0bfef6ba9549ffe0047c5 Loading...

	#4 Eval - 74fcbf3b2dc4864595e73461ba30f9b9	16 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen23 Hash 74fcbf3b2dc4864595e73461ba30f9b9 3d7469791c9e7f7b39f0d05b642e11444bdcde59 cf113aff83e001e903600f80482fb0c32bbb069f4b105d77f4be782658efb221 Loading...

	#5 Eval - 2c6cfba867984b6e4959a72707c76730	21 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen24 Hash 2c6cfba867984b6e4959a72707c76730 2c0e7e582fbedc22e8057ebca072fd7caae0222b de07d917513ae401814963e6bbcd04996c22222ef834628a95dd1500251462dd Loading...

	#6 Eval - 7480474ef631f5416339826a3c4cdf88	12 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen23 Hash 7480474ef631f5416339826a3c4cdf88 31afd046fd336c36e3cc72fe8c87c8bcd00a737b 7c06b702da8d7ac6ee88faeee187b000f5cb704341bda631e633a9884fa15241 Loading...

	#7 Eval - b9d241748dc5443f3d539dbe7249b5f0	23 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:57 Times Seen22 Hash b9d241748dc5443f3d539dbe7249b5f0 1b66f6260be08242386078939d0b20b30092b98d e2b35535ebc1147622811a45bcfd7e0e294f94cf6a37f35028ffbba0bccfe5b1 Loading...

	#8 Eval - 8856da16a63b824406ecc2c9bd907568	13 kB	2023-03-08	2023-12-01
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2023-12-01 15:59:02 Times Seen8 Hash 8856da16a63b824406ecc2c9bd907568 c243f9a088c423d5f73ae28f20d67e45d000d6fd 089a211b1e2b22cc0abed36077b7adce37a8559ff369b04163efdd3147e65f65 Loading...

	#9 Eval - 105c8d9a3df49aa8954b4f93a41a6d4b	14 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:57 Times Seen24 Hash 105c8d9a3df49aa8954b4f93a41a6d4b 1de5e20b87160b787b4be0e450dab9c823248eca c7f211747f2cbd86ef75cbc543ac7ad4f0c5b3dcf17d49fa45263852bf013f92 Loading...

	#10 Eval - 9fe17b34027f3e824608937286e31ba1	6.3 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen23 Hash 9fe17b34027f3e824608937286e31ba1 b23b31a32651e6a93b7ce3badcffec99d73fe5c4 d713e72c52112e3c0ef476fa82628a3bb3491a7c05389d4a94d0c5abf6ac8bbd Loading...

	#11 Eval - 6c516b72d2920c3c79b5bb88a9cc337c	18 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen23 Hash 6c516b72d2920c3c79b5bb88a9cc337c 1cb4a36820991fd5d13b9c84bd85f0e10296fe57 94ce184b3a057910ae7cb0dfb1cab27cf6569dfb45fc94857f6d62f9bab0b465 Loading...

	#12 Eval - 39e4d84bfd7cc1da9a0aa18540fd8359	12 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:57 Times Seen24 Hash 39e4d84bfd7cc1da9a0aa18540fd8359 36c6ea41bcfaf7efaa21b81095fc56382d941dda a129011de8aa5e960e4fe1b6c5517c9f830c2d226414ca92ff50807122793d6f Loading...

	#13 Eval - 32fcb6370c6b6c574e8aa217e7d3bd50	3.6 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:57 Times Seen24 Hash 32fcb6370c6b6c574e8aa217e7d3bd50 a3fa40934b15f81bea120fcb39d8b7c491e51070 6b5536a9815e3521e8e78be948219237c441dbef2e6e18d7be69842737c87537 Loading...

	#14 Eval - 1711450e7dab1438a62a4ac3173f813d	14 kB	2023-03-07	2024-04-06
Pretty Observations First Seen2023-03-07 13:00:33 Last Seen2024-04-06 08:37:17 Times Seen64 Hash 1711450e7dab1438a62a4ac3173f813d 76c6b5921477c7247fe045e86f22bb0459afc371 b5f310a398cfd610f38603c8b6ddca4c7ef86ae39297661df784b9874c244860 Loading...

	#15 Eval - 911b75c29896da569bb375c1111403e8	1.7 kB	2023-03-07	2024-04-06
Pretty Observations First Seen2023-03-07 13:00:33 Last Seen2024-04-06 08:37:17 Times Seen63 Hash 911b75c29896da569bb375c1111403e8 f0d310db92a1a7307eb8c6274a4d8abcbbd4f97d 827b8360b303f9d3bd617476555b3ee52def5d8884288e7dfd86cc992c0bf979 Loading...

	#16 Eval - 6fdfcd77b04d23291e355b062a40b185	31 kB	2023-03-08	2023-03-29
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2023-03-29 21:10:23 Times Seen2 Hash 6fdfcd77b04d23291e355b062a40b185 944c4381ad6c643fcd59f7f74865494b1ec1c44d 008bb3c8994e7376e8e9a7befde62621def56f35d20340509563767e576074b0 Loading...

	#17 Eval - 00d739657a3c4c9d4bf09c713f90cc8a	27 kB	2023-03-08	2023-03-29
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2023-03-29 21:10:23 Times Seen2 Hash 00d739657a3c4c9d4bf09c713f90cc8a 13d5b9142025327eb95d718644a82cc3ec74fb6e d318ffc8b6220ce1212d00e6f8352ede55dabda3788a8d97e487419b33961032 Loading...

	#18 Eval - 060e27b0de3754b23ba69d95650c8e9d	21 kB	2023-03-08	2023-03-29
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2023-03-29 21:10:23 Times Seen2 Hash 060e27b0de3754b23ba69d95650c8e9d 85a67fd1549c01de7860210ae13b681c5ccba2ef f1d8801a5bf9f1e3a9dd5c78c97f363b8e137b3586b17f1fad8e8b33e19e8795 Loading...

	#19 Eval - 27dcc244c86abb1a62b1e8f913f19cca	20 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen23 Hash 27dcc244c86abb1a62b1e8f913f19cca 29759c5f9ad8d927044ccf1d4a029d35d8e2406a cc43411c4a27ed787d30b8b187fe448a9d2f5a3e294a91fd901ae00534aad5af Loading...

	#20 Eval - f026a65ea5acc7261505ecb373ccf6f8	1.7 kB	2023-03-07	2024-04-06
Pretty Observations First Seen2023-03-07 13:00:33 Last Seen2024-04-06 08:37:17 Times Seen64 Hash f026a65ea5acc7261505ecb373ccf6f8 fa479f7a45234c07e462f74884397959ca45fe6f 75a2f90ab0923c992a8184ccbdc4edd1952bc1dbb5941d4736314ce01c2d9a65 Loading...

	#21 Eval - fed966c936454f414be7dc5e0ea8d196	204 B	2023-03-08	2024-03-10
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-10 00:08:13 Times Seen47 Hash fed966c936454f414be7dc5e0ea8d196 131e99f996b47663c357bb3fa45f7d9441e7f1e2 7f52f77a685031628ab0113ab6c62a0d02c3de9b73b5f2c4d72e1911382f911d Loading...

	#22 Eval - 34731768d3abd403f9d87b3bec02e807	12 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:57 Times Seen24 Hash 34731768d3abd403f9d87b3bec02e807 a05217ca3604cc11084a5749adfe7cbd4b45e222 25fc3649451062e63eb815473595b3751759f71ee7bc45247ebbf1986faae0e1 Loading...

	#23 Eval - eff48cd12a319f18bd1c0b6b1b45c69c	8.9 kB	2023-03-07	2024-04-06
Pretty Observations First Seen2023-03-07 13:00:33 Last Seen2024-04-06 08:37:17 Times Seen67 Hash eff48cd12a319f18bd1c0b6b1b45c69c f9d194648332f9a3ccc53821b789e924fb82e722 ce57c60eeabfd1a008e2d15bb2133d8648421ff83e8e891ff61afe8e527e7026 Loading...

	#24 Eval - 46a83dbb4c9a7f9ac788859966d75e17	8.6 kB	2023-03-07	2024-04-06
Pretty Observations First Seen2023-03-07 13:00:33 Last Seen2024-04-06 08:37:17 Times Seen65 Hash 46a83dbb4c9a7f9ac788859966d75e17 9702a2f1ce36d13ce0dc09afce96a5272131dfc7 b1318b1e3ca5a09fdeadac65b1fd6a4ba48b0b18de1d214188f7506b4859519e Loading...

	#25 Eval - 07c378659607c36786d7f1707994e70f	17 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:57 Times Seen23 Hash 07c378659607c36786d7f1707994e70f 86e74b0d532d06827fae7319e875949a32370dfc fe838002a84878a7447d133b73f08888859ff5d08bf40583f95592e55fc2a06c Loading...

	#26 Eval - d45d6e10b0ebf7a327dd7b9dfc5e824e	3.0 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen24 Hash d45d6e10b0ebf7a327dd7b9dfc5e824e 3a70f71c28e10af73bcc2eb2e03309553cca10c7 ed1560089e07e9bcf3a33154b582282c93188f52a58305e08d1d0fad680a9a35 Loading...

	#27 Eval - dbabcf2308a92a1e69aa93fefff8714f	16 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen23 Hash dbabcf2308a92a1e69aa93fefff8714f 89011f88a0afeb57dca9a8105964c54f763f11ba 4144ac5955d5de000d6da5fe337b6da4f7dfbf7925e3760300853a03d8a9eb9c Loading...

	#28 Eval - 723f99e26fda42be41bd37e5d910107b	2.7 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:57 Times Seen24 Hash 723f99e26fda42be41bd37e5d910107b c8c4a5a124bb712339a53128cd73265a7d19d758 e2bc237678272bacb388f4fa6a5bf4ba5cff3cd2533acc7e8c9343bcea320193 Loading...

	#29 Eval - e1f9a7182d9c7f736ded1308ebfd76f4	19 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen23 Hash e1f9a7182d9c7f736ded1308ebfd76f4 53868375da61d2a2f721647643bcba227d123cc5 0dbf78cc307c00feba50a9b085187544744f6b7ab1b369e2e0f5374d575f993a Loading...

	#30 Eval - 37433e427b37e444289754f487894320	30 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:57 Times Seen22 Hash 37433e427b37e444289754f487894320 d0a2de99d606ec622eb156cf185415554a97122c 8d66b3714b46718d349b4ef191cc992abdfe95428e9925f03749b53b08765aa8 Loading...

	#31 Eval - 7f8d5e3d0590c0ececc673fa63c55e59	9.5 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:57 Times Seen23 Hash 7f8d5e3d0590c0ececc673fa63c55e59 9d2072e83502a99a8dcbe7edfb174df3ae1bddd3 8932405593b1c2b0f8b37e0bcedb0dd3eceab93902a34c510a6809a9f5d2bb24 Loading...

	#32 Eval - c091494bffa5dd06bcfb66f884c93bb1	36 kB	2023-03-08	2023-03-29
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2023-03-29 21:10:23 Times Seen2 Hash c091494bffa5dd06bcfb66f884c93bb1 0860398208646771b853324dcf84d068aef5c9a4 951c3de90ae088d66c95572f481774863fb8bc0ac69ca49cf3e489583d43e029 Loading...

	#33 Eval - 457c04a1c8ef4cb33173a8b1d09292ae	28 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:57 Times Seen24 Hash 457c04a1c8ef4cb33173a8b1d09292ae 9bba676129ac4a9dc131074c0258d131ff2c6f6c bee6be0b5d4afc72f31c9baccbfa5b1db2aaf32e045aa0ea946e217e25e99244 Loading...

	#34 Eval - 19810f71ff5eef9b1235cb09fb63599b	6.6 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen24 Hash 19810f71ff5eef9b1235cb09fb63599b f7dba549bf29521af24161364c51bb50f9a13bb8 4d8c0ae79bf3ee2c89dd022a7821a120fa03b5e84680f00be7e1fa3f316e79d5 Loading...

	#35 Eval - b2ce1d2786384b6e58779a7487583c03	6.5 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:58 Times Seen23 Hash b2ce1d2786384b6e58779a7487583c03 075161a22096c345a836479d0cbd3310b1262488 34109beed2ad0199a7fdab8582716ed435d42bf74e6b8cce88b180aa4f09991b Loading...

	#36 Eval - 6daf6030b1d021d36373017c2d48ba48	13 kB	2023-03-08	2024-03-07
Pretty Observations First Seen2023-03-08 07:01:14 Last Seen2024-03-07 18:31:57 Times Seen23 Hash 6daf6030b1d021d36373017c2d48ba48 68cc13ab11c3f87f02eb2a8752f5154fc9bbaee1 5c26223727551d369ab0a2f53ebcc8b409e02c3d4e00ba526b5e26e61caaed44 Loading...

HTTP Transactions (45)

URL IP Response Size

is.gd/Takarek

172.67.83.132

301 Moved Permanently

0 B

URL HTTP/1.1
is.gd/Takarek
IP
172.67.83.132:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Takarek HTTP/1.1
Host: is.gd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 08 Dec 2022 18:59:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 08 Dec 2022 19:59:58 GMT
Location: https://is.gd/Takarek
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7767bdc0eb08b505-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8172
Expires: Thu, 08 Dec 2022 21:16:10 GMT
Date: Thu, 08 Dec 2022 18:59:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3778
Expires: Thu, 08 Dec 2022 20:02:56 GMT
Date: Thu, 08 Dec 2022 18:59:58 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 18:08:13 GMT
content-type: application/json
age: 3105
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7634
Expires: Thu, 08 Dec 2022 21:07:12 GMT
Date: Thu, 08 Dec 2022 18:59:58 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: MTqY5uiWB9eBhdizuymohoGPrHR3U21NiB9K0BniFJD/MLcjEwKbzJmtWY5GHoxlGRnNUo+TQMQ=
x-amz-request-id: NH548DS3CXQJPTV0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 18:49:55 GMT
age: 603
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:58 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 18:07:55 GMT
age: 3123
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ad4abb867fcf97efddacf1f3ede368dc
cb1a634db12929b2a8d2ba2bdc802077ef014422
20282dd7db903cd68f1f51a88ad8f6482a67b242bc3471dab87aba7f0baf0460

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "20282DD7DB903CD68F1F51A88AD8F6482A67B242BC3471DAB87ABA7F0BAF0460"
Last-Modified: Wed, 07 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 09 Dec 2022 00:59:58 GMT
Date: Thu, 08 Dec 2022 18:59:58 GMT
Connection: keep-alive

22051-4482.s3.webspace.re/takrek/secured

91.218.65.6

301 Moved Permanently

333 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/secured
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
333 B (333 bytes)
Hash
aec932e8d008654d1b1b85b2f4836fb2
8657f6fb31963544000d36addc834967787b65ea
b0785a840124c530c3dc711f3706a271491823fef27640bc3cdc66610011561a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/secured HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/html; charset=iso-8859-1
content-length: 333
location: https://22051-4482.s3.webspace.re/takrek/secured/
x-powered-by: PleskLin
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/secured/

91.218.65.6

302 Found

0 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/secured/
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/secured/ HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 302 Found
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: login.php
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4659
Cache-Control: max-age=141872
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:59:59 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:24:31 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

22051-4482.s3.webspace.re/takrek/secured/login.php

91.218.65.6

200 OK

6.7 kB

URL HTTP/2
22051-4482.s3.webspace.re/takrek/secured/login.php
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
6.7 kB (6700 bytes)
Hash
6b14bdd22b2eb1bd6acd5d518b4c3f66
0e469c3776e7e5db99fd3dbdd7ed4e5dfbf97c45
e3623d135832ba1dc377d608779f4ac703b73b40b5eeff529e6f803b53c503cf

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/secured/login.php HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/html; charset=UTF-8
content-length: 6700
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/zentk_communication730c.css?version=1647007157

91.218.65.6

200 OK

70 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/zentk_communication730c.css?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
ASCII text
Size
70 B (70 bytes)
Hash
c7e9f7bca99756300125b271889ff634
685b99ba94a4835e5cc5bfb7f0f4a41a668b463b
818858c6b6fb72301a0f5ca06a01293bd4dcd680bf6daec17d30d7e695f23bf1

HTTP Headers

GET /takrek/1/zentk/zentk_communication730c.css?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/css
content-length: 70
x-accel-version: 0.01
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: "67-5ef0bd17f1a80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/material-design-icons/iconfont/material-icons730c.css?version=1647007157

91.218.65.6

200 OK

447 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/material-design-icons/iconfont/material-icons730c.css?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
ASCII text
Size
447 B (447 bytes)
Hash
bb6a21bec4cb0d297ceaf064b29e478f
e942d3db735c47ca914654e7cb2aab90d5eee8b0
277b20715225e7c687580854ed3472802bc43e7579d844d6a771770275f71b20

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/zentk/material-design-icons/iconfont/material-icons730c.css?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/css
content-length: 447
x-accel-version: 0.01
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: "3c9-5ef0bd17f1a80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/pics/banklogo-white.png

91.218.65.6

200 OK

4.6 kB

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/pics/banklogo-white.png
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
PNG image data, 240 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
4.6 kB (4615 bytes)
Hash
feefe3d550d350ce3385ee80dcc916f1
918c7172236bcc6595f1158f27f29f38b54033d0
fff6fc8f92dcc6b0e036d0ed6882b740163380b53f81b9140aed6d0303a20c0f

HTTP Headers

GET /takrek/1/pics/banklogo-white.png HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: image/png
content-length: 4615
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: "638d5d9a-1207"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.216.88.5

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.216.88.5:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pE2Uhb1sU+EJYeEYXUacUA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5NLf5BWdYaPPb+l/rNtKsSqW8Rc=

22051-4482.s3.webspace.re/takrek/1/login730c.css?version=1647007157

91.218.65.6

200 OK

146 kB

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/login730c.css?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
ASCII text, with very long lines (4391)
Size
146 kB (146521 bytes)
Hash
a1cd40f36708f36ace0500810ddebf0c
16e0d5866eef4a42554289a8530e038eeec77836
f36710aa0f3abbe0e2a2e677ae306b6321051159100a5de5a2be8fcc14d740b1

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/login730c.css?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/css
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-1128"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/fontawesome/css/all730c.css?version=1647007157

91.218.65.6

200 OK

150 kB

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/fontawesome/css/all730c.css?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
ASCII text
Size
150 kB (150460 bytes)
Hash
9341242440eee75008b6bc92df7ca68f
ba912d9e5dcc0ef12cb982800f4dff03f3ef5055
f55bfcf6fd35daa83c438a44529ff93fc67fe2d7a195230c8c75c2d58efe93d5

HTTP Headers

GET /takrek/1/zentk/fontawesome/css/all730c.css?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/css
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-14113"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/zentk_formats.hu.min730c.js?version=1647007157

91.218.65.6

200 OK

48 kB

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/zentk_formats.hu.min730c.js?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
ASCII text, with very long lines (571)
Size
48 kB (48433 bytes)
Hash
112e04c8e889c741d0ba5e0b11c2eda7
611609f993e4bbc0d7e18c75ee0c3496eb9138dc
40b1f641a21c213cafbc87f975e73ec1ddca6d9ff75fe20e70315c851656f7a3

HTTP Headers

GET /takrek/1/zentk/zentk_formats.hu.min730c.js?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: application/javascript
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-62fe"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/secured/image/f5.png

91.218.65.6

200 OK

14 kB

URL HTTP/2
22051-4482.s3.webspace.re/takrek/secured/image/f5.png
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
PNG image data, 151 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (13530 bytes)
Hash
5dd051b338b787b7b3cbc17b1abc6831
173a77381129268ec6fa5e82f5604755d7ecef79
05d942c4457f5e7b8867c5d8fc1ce44a7590faef0122e088908b84253e0925b6

HTTP Headers

GET /takrek/secured/image/f5.png HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Cookie: sid=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: image/png
content-length: 13530
last-modified: Mon, 05 Dec 2022 02:55:28 GMT
etag: "638d5da0-34da"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/eib.hu.min730c.js?version=1647007157

91.218.65.6

200 OK

9.4 kB

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/eib.hu.min730c.js?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
ASCII text, with very long lines (642)
Size
9.4 kB (9355 bytes)
Hash
ec66d0099a7caac37edf7ace55d82097
61802be7ec9f459aa1e771efd9fc91ae8d33b3ba
a7dab2d73256021125b50dccd9689da730040fde1bd381147b4aa51230b94218

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/eib.hu.min730c.js?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: application/javascript
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-74a7"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/jquery-ui/jquery-ui.css

91.218.65.6

200 OK

1.3 kB

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/jquery-ui/jquery-ui.css
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
ASCII text
Size
1.3 kB (1294 bytes)
Hash
019076f5721012b0aa629dabb6e28f0b
7c6d019555a6c6a2e438118290d40f0ec3280b5d
824133312d5d34e237725227d9b7bd7ad46c69eb67eb0542923c2a13acd33738

HTTP Headers

GET /takrek/1/zentk/jquery-ui/jquery-ui.css HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/css
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-b2d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/foundation/css/app730c.css?version=1647007157

91.218.65.6

200 OK

20 kB

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/foundation/css/app730c.css?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
20 kB (19513 bytes)
Hash
1d651e123f7a8c626c0f066425164b56
30f17b9e64bbf17824109abed901590d7da40780
6d8073353baa43d0b813a51b1080b8ca38a9e5726aab1a68e4c474c3a569f777

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/zentk/foundation/css/app730c.css?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/css
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-306e5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3928
Expires: Thu, 08 Dec 2022 20:05:28 GMT
Date: Thu, 08 Dec 2022 19:00:00 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6557 bytes)
Hash
210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EeYw3qxRNMEhtLkUrHQe5b1H_f2k-5BWSZV4LEZ9U64rqm7Addv_Dw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 06:56:32 GMT
age: 43408
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8659 bytes)
Hash
b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:35:32 GMT
age: 69868
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7801 bytes)
Hash
8c94003641bb5a7595e7004f80f95d22
3446450df60d732f9021d5bfd5f5f7c6c870d9ec
4d782dbf94b2163e9bc18028cd0c1a391fdcfcb019f23c4c26ea0b44432039ff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7801
x-amzn-requestid: cb8d5aab-409f-4b39-b498-b1ba84f34e06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFRNHX4oAMFvoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c07-7c6e3bfa3f81082b48f43fa9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8QHhEAFHTHd-5UqS1S5qwJj_h4WNfix2CgS4MO4zR_psrzgMP3SZ5g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:16:35 GMT
age: 71005
etag: "3446450df60d732f9021d5bfd5f5f7c6c870d9ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/eib730c.css?version=1647007157

91.218.65.6

200 OK

19 kB

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/eib730c.css?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
Unicode text, UTF-8 text, with very long lines (61786)
Size
19 kB (18741 bytes)
Hash
dd7a6985b8ecada793a365d0a4d3cd30
25b9308ac32b9afcfa8b0700fbc8f471f2541a7d
189c35a28c3c9830a2543f9f7bfa93a661c2a8931e60f7c368f001157ef4c67e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/eib730c.css?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/css
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-f16d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7268 bytes)
Hash
24d89b69ba37bf23c5d576aff4063caf
3d46a21b4da571d7e4962e335c18a28ca5f81ecf
09b52cdab278805c6e7282f469a02768ee62fc9ef09a6623a337e3d3aaa446fd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7268
x-amzn-requestid: ae5c231c-b1be-498a-a242-e8d641f3fe8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFDgEzUoAMFgyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911baf-10f06dc37cac69631c823fd9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:03:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wFqXeAYHSBcj85PiuqhV790clAMWg_NHMCO5Q5WARXDaohFWZdeCig==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:19:17 GMT
age: 70843
etag: "3d46a21b4da571d7e4962e335c18a28ca5f81ecf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/foundation/css/foundation.min.css

91.218.65.6

200 OK

30 kB

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/foundation/css/foundation.min.css
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
30 kB (29563 bytes)
Hash
865d3d3cecf6c457e4f2688a839d5810
5cf4da63d8621a2525ca1867df3dfcfe85ff7454
3af5a1d8bd19a321f649ddb5c9e302b3d9f83bb70d71855cfdd78a3a378b554c

HTTP Headers

GET /takrek/1/zentk/foundation/css/foundation.min.css HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/css
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-2600c"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/eibpublic_ib_S7/LPExt/logininfo.hu.html?version=1647007157

91.218.65.6

404 Not Found

0 B

URL HTTP/2
22051-4482.s3.webspace.re/eibpublic_ib_S7/LPExt/logininfo.hu.html?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /eibpublic_ib_S7/LPExt/logininfo.hu.html?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 14
Origin: https://22051-4482.s3.webspace.re
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Cookie: sid=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/html
last-modified: Fri, 18 Nov 2022 10:10:40 GMT
etag: W/"328-5edbbeafda422"
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/zentk730c.css?version=1647007157

91.218.65.6

200 OK

0 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/zentk730c.css?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/zentk/zentk730c.css?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/css
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-1362e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/jquery-ui/jquery-ui.min.js

91.218.65.6

200 OK

0 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/jquery-ui/jquery-ui.min.js
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/zentk/jquery-ui/jquery-ui.min.js HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: application/javascript
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-1ac08"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/foundation/js/vendor/foundation.min.js

91.218.65.6

200 OK

0 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/foundation/js/vendor/foundation.min.js
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/zentk/foundation/js/vendor/foundation.min.js HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: application/javascript
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-7e770"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/zentk_mobilapp.hu.min730c.js?version=1647007157

91.218.65.6

200 OK

0 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/zentk_mobilapp.hu.min730c.js?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/zentk/zentk_mobilapp.hu.min730c.js?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: application/javascript
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-51c9"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/zentk_communication.hu.min730c.js?version=1647007157

91.218.65.6

200 OK

0 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/zentk_communication.hu.min730c.js?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /takrek/1/zentk/zentk_communication.hu.min730c.js?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: application/javascript
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-564c"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/zentk.hu.min730c.js?version=1647007157

91.218.65.6

200 OK

0 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/zentk.hu.min730c.js?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/zentk/zentk.hu.min730c.js?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: application/javascript
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-14f4d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/icons730c.css?version=1647007157

91.218.65.6

200 OK

0 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/icons730c.css?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/icons730c.css?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/css
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-120bc"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/zentk_foundation.hu.min730c.js?version=1647007157

91.218.65.6

200 OK

0 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/zentk_foundation.hu.min730c.js?version=1647007157
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /takrek/1/zentk/zentk_foundation.hu.min730c.js?version=1647007157 HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: application/javascript
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-97a8"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

is.gd/Takarek

104.25.233.53

301 Moved Permanently

0 B

URL HTTP/2
is.gd/Takarek
IP
104.25.233.53:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Takarek HTTP/1.1
Host: is.gd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
date: Thu, 08 Dec 2022 18:59:58 GMT
content-type: text/html; charset=UTF-8
location: https://22051-4482.s3.webspace.re/takrek/secured
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7767bdc29f10b518-OSL
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/foundation/js/vendor/what-input.js

91.218.65.6

200 OK

0 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/foundation/js/vendor/what-input.js
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/zentk/foundation/js/vendor/what-input.js HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: application/javascript
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-36cf"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/takrek/1/zentk/jquery/jquery.min.js

91.218.65.6

200 OK

0 B

URL HTTP/2
22051-4482.s3.webspace.re/takrek/1/zentk/jquery/jquery.min.js
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /takrek/1/zentk/jquery/jquery.min.js HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: application/javascript
last-modified: Mon, 05 Dec 2022 02:55:22 GMT
etag: W/"638d5d9a-15851"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

22051-4482.s3.webspace.re/eibpublic_ib_S7/LPExt/usefullinks.hu.html

91.218.65.6

404 Not Found

0 B

URL HTTP/2
22051-4482.s3.webspace.re/eibpublic_ib_S7/LPExt/usefullinks.hu.html
IP
91.218.65.6:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /eibpublic_ib_S7/LPExt/usefullinks.hu.html HTTP/1.1
Host: 22051-4482.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 14
Origin: https://22051-4482.s3.webspace.re
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/takrek/secured/login.php
Cookie: sid=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 08 Dec 2022 18:59:59 GMT
content-type: text/html
last-modified: Fri, 18 Nov 2022 10:10:40 GMT
etag: W/"328-5edbbeafda422"
content-encoding: br
X-Firefox-Spdy: h2

netbank.takarekbank.hu/eibpublic_ib_S8/zentk/fontawesome/webfonts/fa-regular-400.ttf

195.228.180.117

200 OK

0 B

URL HTTP/1.1
netbank.takarekbank.hu/eibpublic_ib_S8/zentk/fontawesome/webfonts/fa-regular-400.ttf
IP
195.228.180.117:0
ASN
#203583 DOM-P Zrt.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /eibpublic_ib_S8/zentk/fontawesome/webfonts/fa-regular-400.ttf HTTP/1.1
Host: netbank.takarekbank.hu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://22051-4482.s3.webspace.re
Connection: keep-alive
Referer: https://22051-4482.s3.webspace.re/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 19:00:01 GMT
Server: Apache
Last-Modified: Wed, 27 Jul 2022 20:18:23 GMT
ETag: "4bacc-5e4cf1e6fc07c"
Accept-Ranges: bytes
Content-Length: 309964
Connection: close
Content-Type: application/font-sfnt
Strict-Transport-Security: max-age=16000000; preload;
Set-Cookie: SERVERID=peibnetweb01l; path=/; HttpOnly; Secure
Cache-control: private

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (49)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations