r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2932
Expires: Wed, 29 Mar 2023 13:24:23 GMT
Date: Wed, 29 Mar 2023 12:35:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11174
Expires: Wed, 29 Mar 2023 15:41:45 GMT
Date: Wed, 29 Mar 2023 12:35:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 29 Mar 2023 12:15:56 GMT
content-type: application/json
age: 1175
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c0d9353dc46e88bf564ed464b0b073c7
0b5ce170e7db24267a3ba5b79a48548b1acd2e5b
7c7ef189b14109b44aa96454ea1b94bcbd3d69599cc7ba429f8234f6acd88a9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C7EF189B14109B44AA96454EA1B94BCBD3D69599CC7BA429F8234F6ACD88A9B"
Last-Modified: Mon, 27 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10634
Expires: Wed, 29 Mar 2023 15:32:45 GMT
Date: Wed, 29 Mar 2023 12:35:31 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: fDZvRj3T+PhVRcZJZfDLAv4YmVI2P+AyOFDhNYNUzEvAOUpNuHYuONYcdn/yIW1tXHR6r3/FnRN9KdjQv1YurA==
x-amz-request-id: CMPJ6180ASV11CZ2
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 29 Mar 2023 12:02:29 GMT
age: 1982
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 12:35:31 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Retry-After, Alert, Last-Modified, Expires, ETag, Cache-Control, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 29 Mar 2023 12:14:36 GMT
age: 1255
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
viec.in/123/RobCleanerInstlr2715.exe
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/RobCleanerInstlr2715.exe
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/RobCleanerInstlr2715.exe HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 76a0aba3ddb470751c690f5a725159f2
8cb789e8e0dfa336270700ef1e607173f2aee6cd
e76de476654125a06994065d66e30c6fb6c354d0f67fd4e31a3f78679e2bfdcb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E76DE476654125A06994065D66E30C6FB6C354D0F67FD4E31A3F78679E2BFDCB"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11818
Expires: Wed, 29 Mar 2023 15:52:30 GMT
Date: Wed, 29 Mar 2023 12:35:32 GMT
Connection: keep-alive
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js
104.17.25.14200 OK 6.5 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (20087)
Hash 6cfa1ffc4889c0035506daea0275c825
2dcc44c7670dd51b8e8c7c12088d24cdffa64237
02abade26ab9e805db1edf9ccd3067e49eeff131adf44fdfd6c3aae8ca3c1581
GET /ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://viec.in
Connection: keep-alive
Referer: http://viec.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 12:35:32 GMT
content-type: application/javascript; charset=utf-8
content-length: 6546
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-4ef8"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2889885
expires: Mon, 18 Mar 2024 12:35:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TyhIEAvyQ1rTwpW4lbJjKjuM7%2F8RoEmO%2BtS81UMak%2FIu2%2BFclRqaL7XO5XzMwWeJsiqjD00eAF%2BZiRfTWyCpvv0Kt0lVI4IcvuM1pDThhNhaQK0d%2BxuGuhGKmzjSUNk1blt3gP9a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7af8273eb8cfb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.min.css
104.17.25.14200 OK 1.3 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (5259), with no line terminators
Hash 61a2bf49c274907cb7c423ee7e577a2f
8e84fdaed011407912d3566446a79bf373481764
28b184ed88d2def77e206fb8e8987308d3520ae8662e6fc70049f25f697b5f14
GET /ajax/libs/magnific-popup.js/1.1.0/magnific-popup.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://viec.in
Connection: keep-alive
Referer: http://viec.in/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 12:35:32 GMT
content-type: text/css; charset=utf-8
content-length: 1283
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-148b"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5400005
expires: Mon, 18 Mar 2024 12:35:32 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oEb5t6L7eb8ZhQNl%2BloxXs9otgmukFnaZOZYgzrDyb0YnloMfx8cHvxu8JM3owUAbKlKbVG7kLZZkw13X%2BGg0Zz6R5wHcAboTviCq9v%2FuCO6zpXdimbY7MUq6aO9N8fUCSI%2BGq7e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7af8273eb8cdb50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f963800b69e4efd29c7389de243002ae
24d5d79582fc3d78e1e7fdd40ea8713083605cf3
ce00c7bfaed0249e80deca031fefb6074f803d85b81086705f868c0e7e89ca57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 12:35:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bfa3fc96de14a80af0187a7c3ee285d4
e60c9b3124ec2a611286af0b777319cf10230c1b
ccdfe9029ede4a2535fb88ed1d74b419cf65a63b204e7d28f215722c6fdd160b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 12:35:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bfa3fc96de14a80af0187a7c3ee285d4
e60c9b3124ec2a611286af0b777319cf10230c1b
ccdfe9029ede4a2535fb88ed1d74b419cf65a63b204e7d28f215722c6fdd160b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 12:35:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
viec.in/123/vendor/my-icons-collection/font/flaticon.css
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/vendor/my-icons-collection/font/flaticon.css
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/vendor/my-icons-collection/font/flaticon.css HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bfa3fc96de14a80af0187a7c3ee285d4
e60c9b3124ec2a611286af0b777319cf10230c1b
ccdfe9029ede4a2535fb88ed1d74b419cf65a63b204e7d28f215722c6fdd160b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 12:35:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
viec.in/123/css/bootstrap.min.css
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/css/bootstrap.min.css
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/css/bootstrap.min.css HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
push.services.mozilla.com/
34.216.181.0101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.216.181.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xUx5wofRx/i7cw+PzAEgPg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: np3YVrA6Pfze+N4eLtEoeTih72E=
www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3466.031428269217!2d76.99318081467297!3d29.689868482012553!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0x81f1b9911c13ed69!2sVision%20International%20visa%20Consultants!5e0!3m2!1sen!2sin!4v1567679760974!5m2!1sen!2sin
142.250.74.132200 OK 1.8 kB URL HTTP/2 www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3466.031428269217!2d76.99318081467297!3d29.689868482012553!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0x81f1b9911c13ed69!2sVision%20International%20visa%20Consultants!5e0!3m2!1sen!2sin!4v1567679760974!5m2!1sen!2sin
IP 142.250.74.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3480)
Hash 77c32c57f4b1683cdc7f256e5e9e249b
9dd15bab624a825bf7810a85c1fb7047be6715a3
65e0dbc3bfb24849f33f6d9ed7257a0198a4687f3b75431362ca692c4ef8893a
GET /maps/embed?pb=!1m18!1m12!1m3!1d3466.031428269217!2d76.99318081467297!3d29.689868482012553!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0x81f1b9911c13ed69!2sVision%20International%20visa%20Consultants!5e0!3m2!1sen!2sin!4v1567679760974!5m2!1sen!2sin HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://viec.in/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-XFIPkaB5bEX1CVmMImKwrg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 29 Mar 2023 12:35:32 GMT
server: scaffolding on HTTPServer2
content-length: 1758
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
viec.in/123/vendor/navigation/menumaker.css
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/vendor/navigation/menumaker.css
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/vendor/navigation/menumaker.css HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
viec.in/123/vendor/owl/css/owl.carousel.min.css
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/vendor/owl/css/owl.carousel.min.css
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/vendor/owl/css/owl.carousel.min.css HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 69d033c232e94b122a0b66e4733f1d57
dca98865e28271c9eafc7307850dbce5126c1a86
d80b57ddab8c2898af0939a454bb1296abd2f964c3bf3eaea2bab7c225d73490
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 12:35:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
viec.in/123/vendor/fontawesome/css/all.css
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/vendor/fontawesome/css/all.css
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/vendor/fontawesome/css/all.css HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
viec.in/123/css/style.css
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/css/style.css
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/css/style.css HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
viec.in/123/css/responsive.css
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/css/responsive.css
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/css/responsive.css HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
viec.in/123/js/jquery-2.min.js
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/js/jquery-2.min.js
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/js/jquery-2.min.js HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
viec.in/123/vendor/smoothscroll/smooth-scroll.js
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/vendor/smoothscroll/smooth-scroll.js
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/vendor/smoothscroll/smooth-scroll.js HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
viec.in/123/js/bootstrap.bundle.js
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/js/bootstrap.bundle.js
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/js/bootstrap.bundle.js HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
viec.in/123/vendor/popup/jquery.magnific-popup.min.js
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/vendor/popup/jquery.magnific-popup.min.js
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/vendor/popup/jquery.magnific-popup.min.js HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
viec.in/123/vendor/navigation/menumaker.js
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/vendor/navigation/menumaker.js
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/vendor/navigation/menumaker.js HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 12:35:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maps.gstatic.com/maps-api-v3/embed/js/52/6/init_embed.js
142.250.74.3200 OK 66 kB URL HTTP/2 maps.gstatic.com/maps-api-v3/embed/js/52/6/init_embed.js
IP 142.250.74.3:0
File type ASCII text, with very long lines (2647)
Hash 3ef6dfbf3b57ddb1cffb291af4dffe5f
0dab8207dfa5a5fedeaa7a959028d574f0773542
15ca67d70d885130a772bff2c7dbc797d48f657e745871d8acedba5e46b12e59
GET /maps-api-v3/embed/js/52/6/init_embed.js HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 66148
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Mar 2023 19:33:44 GMT
expires: Thu, 21 Mar 2024 19:33:44 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 20 Mar 2023 21:47:34 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 579708
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
viec.in/123/vendor/mailchimp/jquery.ajaxchimp.js
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/vendor/mailchimp/jquery.ajaxchimp.js
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/vendor/mailchimp/jquery.ajaxchimp.js HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 12:35:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
viec.in/123/vendor/counter/waypoints.min.js
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/vendor/counter/waypoints.min.js
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/vendor/counter/waypoints.min.js HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/vendor/counter/jquery.counterup.js
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/vendor/counter/jquery.counterup.js
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/vendor/counter/jquery.counterup.js HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/js/theme.js
103.117.212.145200 OK 11 kB IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/js/theme.js HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/image/slider/sunderland_slider.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/image/slider/sunderland_slider.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/image/slider/sunderland_slider.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
fonts.googleapis.com/css?family=Poppins:300,400,500,600,700
142.250.74.106200 OK 12 kB URL HTTP/2 fonts.googleapis.com/css?family=Poppins:300,400,500,600,700
IP 142.250.74.106:0
File type Unicode text, UTF-8 text, with very long lines (456)
Hash caade8edf511002c4e45b2eaf2a816b5
9acaff12d5fdc1020c5993562ac281c0bc80bfcd
03645cb2f8c533c84131758908044d446bee92b4a8c43952a53d42c52b5de7f8
GET /css?family=Poppins:300,400,500,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://viec.in/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 29 Mar 2023 12:35:32 GMT
date: Wed, 29 Mar 2023 12:35:32 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
viec.in/123/image/slider/london%20southbank.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/image/slider/london%20southbank.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/image/slider/london%20southbank.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/image/slider/canadawest.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/image/slider/canadawest.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/image/slider/canadawest.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/image/slider/yorkville_slider.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/image/slider/yorkville_slider.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/image/slider/yorkville_slider.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/bg/about-bg.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/bg/about-bg.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/bg/about-bg.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/bg/country-bg.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/bg/country-bg.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/bg/country-bg.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/bg/best-bg.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/bg/best-bg.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/bg/best-bg.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/image/VIEC%20Logo%20Final.png
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/image/VIEC%20Logo%20Final.png
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/image/VIEC%20Logo%20Final.png HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/icons/about-01.png
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/icons/about-01.png
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/icons/about-01.png HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/icons/about-02.png
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/icons/about-02.png
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/icons/about-02.png HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/icons/uk_flag.png
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/icons/uk_flag.png
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/icons/uk_flag.png HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/icons/canada-flag.png
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/icons/canada-flag.png
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/icons/canada-flag.png HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/best/02.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/best/02.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/best/02.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/best/03.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/best/03.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/best/03.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3286
Expires: Wed, 29 Mar 2023 13:30:19 GMT
Date: Wed, 29 Mar 2023 12:35:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3286
Expires: Wed, 29 Mar 2023 13:30:19 GMT
Date: Wed, 29 Mar 2023 12:35:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3286
Expires: Wed, 29 Mar 2023 13:30:19 GMT
Date: Wed, 29 Mar 2023 12:35:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 253f48aa7cbf667d52cb37fda10cdb1f
e29478b866f90402b48d2b516d01d60a863c9cf9
b4a73ab71250b9e4a3f95e28dbf50dd000e1f338c7c3ac9f3351c1f6d6d3bfff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6049
x-amzn-requestid: 2d1a2a66-8b63-44f0-83ec-10628a5fcac6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CgvBFFMGIAMFhCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235ed3-2a90bf0365925acb3b348489;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:40:35 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: bXiCIy2ZqOyLvougeQikdsmaIJ9BfMPpOO4oU-3nEGY33FQGCm0ZoQ==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:44:35 GMT
age: 53458
etag: "e29478b866f90402b48d2b516d01d60a863c9cf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
viec.in/123/vendor/owl/js/owl.carousel.min.js
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/vendor/owl/js/owl.carousel.min.js
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/vendor/owl/js/owl.carousel.min.js HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:28 GMT
server: LiteSpeed
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef54a1ed997cc09495edb102ccdf6803
f5637efb37b5eecff77e60e6bcf5f599991f334f
fa76d7a82dc15baf02b207cea874d1332c20a0ebe1eea99929a6f2746608412c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8745
x-amzn-requestid: e1d8dab6-4c15-4752-b528-21854c93a11c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguJ5Hy5oAMFyAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235d72-4bd62c8472f7257a155b2a80;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:34:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: LAAUFZcFBIpdMUkaDQXGW1sdwLK9c_uhQQHLiJHGF7dEvfJ0KX7MaA==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:37:00 GMT
age: 53913
etag: "f5637efb37b5eecff77e60e6bcf5f599991f334f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb4ab271-45be-41d0-93c0-528d0d9367e3.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb4ab271-45be-41d0-93c0-528d0d9367e3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8afbc872d18847aaed67054dbfc2d31b
6eb894c4aa4fa53d9a3d4b948b5e65b7e9a76d5b
65c2b5fe2a3df654cfed7e7721b2d8f08665a72bb358b4d6e30e7cba853336e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb4ab271-45be-41d0-93c0-528d0d9367e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5414
x-amzn-requestid: b6795b2f-1460-4516-bac0-9148e9868fa1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguaYF5jIAMFmiQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235ddb-42762e4f0aa5e6050f82d138;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:27 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 2uZtp6TgGSem59CZMyKKtawyKTmNiLyj5wu7RXTGq04n2tN_gefzsw==
via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:43:08 GMT
age: 53545
etag: "6eb894c4aa4fa53d9a3d4b948b5e65b7e9a76d5b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: 7571f483-0d57-4f3f-9d86-2f18175cc0b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CRP5DG2BoAMFrdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641d2d06-400180d700df598366b8b16f;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 04:54:30 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 8LzPrLvhUnXntYPNCg_QN2LFUvQ-4FL4SMyYBxPOwlGd1sgL3j-Znw==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 23:09:21 GMT
age: 48372
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fd1bc71c7e9eed7c086d752ea8b4b992
02a74cf88501d65b3dfcceb5adc79fd93ce785ed
a9a423d347533322d4d3ba90ee5fca5ca32f8d540f744ea2621deeda46df89f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7605
x-amzn-requestid: b7628073-4eb3-4ef6-b7d0-0224e0a75601
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguY8GFPoAMFebQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235dd2-445041c74356c54053f772a1;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: npXnMYBUM1bcf7FQIJEHng73EkILWwM0Jvey0QDUvmln0kAJUG_Rpw==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:43:57 GMT
age: 53496
etag: "02a74cf88501d65b3dfcceb5adc79fd93ce785ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a2aaf12-7288-4e10-bed8-65836cbed913.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a2aaf12-7288-4e10-bed8-65836cbed913.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2394b226089edf57c8c93fc84a8ff22a
2355df6a75778a70b2d02c7ee2d0a806ea853c9b
740427ed96cddadf8ae6ed0870fdb1539e9a0acddcfa23a3d2b380bf6d527e38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a2aaf12-7288-4e10-bed8-65836cbed913.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8316
x-amzn-requestid: 92761f26-4140-4d25-aa3f-077a57af32e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CYJXGEA_IAMFuQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641fef60-08d1f401009579c10eb1ffe7;Sampled=0
x-amzn-remapped-date: Sun, 26 Mar 2023 07:08:16 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: BaispgHU5-kNaJT-ZEKFy8zR4yY7vHjCbqZweafYyYSFsanQZ7LEbA==
via: 1.1 ba490acb2ea716cd57876286ed686786.cloudfront.net (CloudFront), 1.1 6a6653dfb47ccc5082f2a5b9d0d168ce.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 07:52:17 GMT
age: 16996
etag: "2355df6a75778a70b2d02c7ee2d0a806ea853c9b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
viec.in/123/image/brigadevisas_banner.png
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/image/brigadevisas_banner.png
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/image/brigadevisas_banner.png HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/map.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/map.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/map.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/image/india-flag-256.png
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/image/india-flag-256.png
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/image/india-flag-256.png HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/image/g.webp
103.117.212.145200 OK 11 kB IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/image/g.webp HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/blog/02.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/blog/02.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/blog/02.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/visa-type/type_icon_01.png
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/visa-type/type_icon_01.png
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/visa-type/type_icon_01.png HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/image/DNWEB_man_Beard.png
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/image/DNWEB_man_Beard.png
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/image/DNWEB_man_Beard.png HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
viec.in/123/images/visa-type/type_icon_02.png
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/visa-type/type_icon_02.png
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/visa-type/type_icon_02.png HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:30 GMT
server: LiteSpeed
viec.in/123/images/bg/service-bg.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/bg/service-bg.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/bg/service-bg.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:30 GMT
server: LiteSpeed
viec.in/123/images/visa-type/type_01.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/visa-type/type_01.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/visa-type/type_01.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:30 GMT
server: LiteSpeed
viec.in/123/images/visa-type/type_02.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/visa-type/type_02.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/visa-type/type_02.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:30 GMT
server: LiteSpeed
viec.in/123/images/bg/consult-bg.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/bg/consult-bg.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/bg/consult-bg.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:30 GMT
server: LiteSpeed
viec.in/123/images/bg/testimonial-bg.jpg
103.117.212.145200 OK 11 kB URL HTTP/1.1 viec.in/123/images/bg/testimonial-bg.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (456)
Hash e4347899b874cf2f30d4e9d8f9911c40
13d057ad62eb95d3b40be68cf0b2cc4ec98aea9c
892d42044197ed66a90b9e04a625a5c8d59c8e63e3de07ac6c5963b63c173989
NIDS Severity Alert suricata high ET PHISHING Possible Phish - Mirrored Website Comment Observed
GET /123/images/bg/testimonial-bg.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:30 GMT
server: LiteSpeed
viec.in/123/images/blog/01.jpg
103.117.212.145200 OK 15 kB URL HTTP/1.1 viec.in/123/images/blog/01.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
Hash e70bbf8335a2c5958f39436975b9573a
0deead8aa4e89a4694a89e3006f181983943178c
8ace323fc9823d2728374493048faa950e95d633ce3c78fd820c1b159ab75288
GET /123/images/blog/01.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
vsb68.tawk.to/s/?k=642430983a6a4684573f123d&cver=0&pop=false&asver=14&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1ZGEwNjFkYmY4MjUyMzIxM2RjNmM2M2QiLCJ2aWQiOiI1ZGEwNjFkYmY4MjUyMzIxM2RjNmM2M2QtR0NNNlFXNjAwRGxLNURDWXJCNUFlIiwic2lkIjoiNjQyNDMwOTgzYTZhNDY4NDU3M2YxMjNkIiwiaWF0IjoxNjgwMDkzMzM2LCJleHAiOjE2ODAwOTUxMzYsImp0aSI6Ilk4VDMwajVfVDVmdExDQldwVENLcSJ9.txgObYYs6T-v4AIWEuv0eAxmrIxradIPJdCq2fIakooeZeNcVCb2VSkDOH9Rx7qaNOrhbTkfe38IwEDX-A7ElA&EIO=3&transport=websocket&__t=OSjNYrQ
172.67.38.66101 Switching Protocols 0 B URL HTTP/1.1 vsb68.tawk.to/s/?k=642430983a6a4684573f123d&cver=0&pop=false&asver=14&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1ZGEwNjFkYmY4MjUyMzIxM2RjNmM2M2QiLCJ2aWQiOiI1ZGEwNjFkYmY4MjUyMzIxM2RjNmM2M2QtR0NNNlFXNjAwRGxLNURDWXJCNUFlIiwic2lkIjoiNjQyNDMwOTgzYTZhNDY4NDU3M2YxMjNkIiwiaWF0IjoxNjgwMDkzMzM2LCJleHAiOjE2ODAwOTUxMzYsImp0aSI6Ilk4VDMwajVfVDVmdExDQldwVENLcSJ9.txgObYYs6T-v4AIWEuv0eAxmrIxradIPJdCq2fIakooeZeNcVCb2VSkDOH9Rx7qaNOrhbTkfe38IwEDX-A7ElA&EIO=3&transport=websocket&__t=OSjNYrQ
IP 172.67.38.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s/?k=642430983a6a4684573f123d&cver=0&pop=false&asver=14&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1ZGEwNjFkYmY4MjUyMzIxM2RjNmM2M2QiLCJ2aWQiOiI1ZGEwNjFkYmY4MjUyMzIxM2RjNmM2M2QtR0NNNlFXNjAwRGxLNURDWXJCNUFlIiwic2lkIjoiNjQyNDMwOTgzYTZhNDY4NDU3M2YxMjNkIiwiaWF0IjoxNjgwMDkzMzM2LCJleHAiOjE2ODAwOTUxMzYsImp0aSI6Ilk4VDMwajVfVDVmdExDQldwVENLcSJ9.txgObYYs6T-v4AIWEuv0eAxmrIxradIPJdCq2fIakooeZeNcVCb2VSkDOH9Rx7qaNOrhbTkfe38IwEDX-A7ElA&EIO=3&transport=websocket&__t=OSjNYrQ HTTP/1.1
Host: vsb68.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://viec.in
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QEhW7EUOg9X9+OStyhcIBQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 29 Mar 2023 12:35:37 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: xoryMUUliHIUKh0nik13dYKW7Fo=
sec-websocket-extensions: permessage-deflate
strict-transport-security: max-age=0; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 7af82758ed34fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
fonts.googleapis.com/css?family=Roboto:400,500,700
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400,500,700
IP 142.250.74.106:0
GET /css?family=Roboto:400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://viec.in/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 29 Mar 2023 12:35:32 GMT
date: Wed, 29 Mar 2023 12:35:32 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
viec.in/123/images/best/01.jpg
103.117.212.145200 OK 0 B URL HTTP/1.1 viec.in/123/images/best/01.jpg
IP 103.117.212.145:0
ASN #133296 Web Werks India Pvt. Ltd.
GET /123/images/best/01.jpg HTTP/1.1
Host: viec.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://viec.in/123/RobCleanerInstlr2715.exe
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
content-length: 11286
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 29 Mar 2023 12:35:29 GMT
server: LiteSpeed
embed.tawk.to/5da061dbf82523213dc6c63d/default
104.22.25.131200 OK 0 B URL HTTP/2 embed.tawk.to/5da061dbf82523213dc6c63d/default
IP 104.22.25.131:0
GET /5da061dbf82523213dc6c63d/default HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://viec.in
Connection: keep-alive
Referer: http://viec.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 12:35:34 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, s-maxage=3600
etag: W/"stable-v4-641d54f6f05"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7af8274809690b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/641d54f6f05/js/twk-main.js
104.22.25.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/641d54f6f05/js/twk-main.js
IP 104.22.25.131:0
GET /_s/v4/app/641d54f6f05/js/twk-main.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://viec.in
Connection: keep-alive
Referer: http://viec.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 12:35:34 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 07:45:38 GMT
etag: W/"da5bb1dc647470204df0e49f5afac2de"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7af8274bdfe70b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/641d54f6f05/js/twk-vendor.js
104.22.25.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/641d54f6f05/js/twk-vendor.js
IP 104.22.25.131:0
GET /_s/v4/app/641d54f6f05/js/twk-vendor.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://viec.in
Connection: keep-alive
Referer: http://viec.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 12:35:34 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 07:45:38 GMT
etag: W/"7dcb496e4882926f93f2e73fa87062c0"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7af8274bdfeb0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js
104.16.89.20200 OK 0 B URL HTTP/2 cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js
IP 104.16.89.20:0
GET /emojione/2.2.7/lib/js/emojione.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://viec.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 29 Mar 2023 12:35:36 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
etag: W/"49dda-cp9vjKV4fYl0Ow7X6yf9dkBr+YU"
x-served-by: cache-fra-eddf8230136-FRA, cache-yyz4541-YYZ
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 3038514
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2Bfceu8sMhoaTUxdwuTOOxy4W%2Fov%2BT2uAAIO3jA5l0MS1v3UR931Kn0EZpLQ3j5gD4bfOkj2YcjErnZkaH3iRR%2B0rdK3zLmCr1IdZOSQaCOXg5fDdXOSFL19p4HRbVdR0rE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af82759db2fb527-OSL
content-encoding: br
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/641d54f6f05/js/twk-app.js
104.22.25.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/641d54f6f05/js/twk-app.js
IP 104.22.25.131:0
GET /_s/v4/app/641d54f6f05/js/twk-app.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://viec.in
Connection: keep-alive
Referer: http://viec.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 12:35:34 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 07:45:38 GMT
etag: W/"e736e189edb5d0d9d5b8e7f23dd9114a"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7af8274bdffe0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/641d54f6f05/js/twk-runtime.js
104.22.25.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/641d54f6f05/js/twk-runtime.js
IP 104.22.25.131:0
GET /_s/v4/app/641d54f6f05/js/twk-runtime.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://viec.in
Connection: keep-alive
Referer: http://viec.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 12:35:34 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 07:45:38 GMT
etag: W/"234fe193835e24a0ad4c0d85695425e6"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7af8274bdff60b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/641d54f6f05/js/twk-chunk-vendors.js
104.22.25.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/641d54f6f05/js/twk-chunk-vendors.js
IP 104.22.25.131:0
GET /_s/v4/app/641d54f6f05/js/twk-chunk-vendors.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://viec.in
Connection: keep-alive
Referer: http://viec.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 12:35:34 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 07:45:38 GMT
etag: W/"27a109773b0fdd12c9737166eb5719c2"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7af8274bdfef0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/641d54f6f05/js/twk-chunk-common.js
104.22.25.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/641d54f6f05/js/twk-chunk-common.js
IP 104.22.25.131:0
GET /_s/v4/app/641d54f6f05/js/twk-chunk-common.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://viec.in
Connection: keep-alive
Referer: http://viec.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 12:35:34 GMT
content-type: application/javascript
last-modified: Fri, 24 Mar 2023 07:45:38 GMT
etag: W/"34b3755e7183b5d96d52ff1e2232e16c"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7af8274bdff40b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2