Report - thewrightfinds.com/606/index.php?userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/

Report Overview

Visited public
2024-10-04 03:40:03
Tags
URL
thewrightfinds.com/606/index.php?userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Finishing URL
thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
pacoeng.co.kr/ Client

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-02 18:12:28	1.3 kB	3.6 kB	23.36.76.226
thewrightfinds.com	unknown	unknown	2015-07-24 06:05:12	2024-03-09 16:54:21	8.3 kB	52 kB	188.114.96.1
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-10-02 18:12:27	654 B	1.8 kB	23.36.77.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-03	medium	thewrightfinds.com	Sinkholed
2024-10-03	medium	thewrightfinds.com	Sinkholed
2024-10-03	medium	thewrightfinds.com	Sinkholed
2024-10-03	medium	thewrightfinds.com	Sinkholed
2024-10-03	medium	thewrightfinds.com	Sinkholed
2024-10-03	medium	thewrightfinds.com	Sinkholed
2024-10-03	medium	thewrightfinds.com	Sinkholed
2024-10-03	medium	thewrightfinds.com	Sinkholed
2024-10-03	medium	thewrightfinds.com	Sinkholed
2024-10-03	medium	thewrightfinds.com	Sinkholed
2024-10-03	medium	thewrightfinds.com	Sinkholed
2024-10-03	medium	thewrightfinds.com	Sinkholed
2024-10-03	medium	thewrightfinds.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/	ScriptElement	0 B	0001-01-01	2025-04-27
Pretty URL thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-04-27 06:43 Times Seen4549078 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	EventHandler	62 B	2023-05-02	2025-02-10
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-02 06:56 Last Seen2025-02-10 17:10 Times Seen1081 Hash c42e9e84aa78b7e76c66ce7c2a0671ae 82d0d6524a1cd466f04faa19dd653de57b793c13 5f5d964b95e5360fba8eb745c6335cddd256ddc33513db703b806810b934c5a8 Loading...

HTTP Transactions (19)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
291c0bfaa25266d48c16fa38a4a62b7b
483633beedec01aafe0b11575cc814705cf2c6f5
9a67108d7b1a75f9e4962d77ecc98677cab1105adb347c1d4c17239027b12af5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9A67108D7B1A75F9E4962D77ECC98677CAB1105ADB347C1D4C17239027B12AF5"
Last-Modified: Thu, 03 Oct 2024 04:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16585
Expires: Fri, 04 Oct 2024 08:16:02 GMT
Date: Fri, 04 Oct 2024 03:39:37 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
177d454dd0208d2334d0ea2bf8757116
879b2d1887fdcfff16a86a06329f5ac388e7c894
1f8e0abfdc44a19b72e21635726f9c6bf7dbddbaa9b32e69e7a7a33c4481b3a7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1F8E0ABFDC44A19B72E21635726F9C6BF7DBDDBAA9B32E69E7A7A33C4481B3A7"
Last-Modified: Thu, 03 Oct 2024 17:05:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3742
Expires: Fri, 04 Oct 2024 04:41:59 GMT
Date: Fri, 04 Oct 2024 03:39:37 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
70a94c83902f4fe10d6a333fa61dd9f6
d88a5f015cb1a8aa43cf9d9c8dff36da164e123a
27e611631228f6341ece9c9de774f153cb8db20062e6e71b4910316ddfa68e8d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "27E611631228F6341ECE9C9DE774F153CB8DB20062E6E71B4910316DDFA68E8D"
Last-Modified: Thu, 03 Oct 2024 20:09:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16548
Expires: Fri, 04 Oct 2024 08:15:25 GMT
Date: Fri, 04 Oct 2024 03:39:37 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c2bf1243295953fa31f9b48514d449a0
20c3a59859c63d531a77891c8281c01405d4ca7f
27aa562f9d2704b5305c2ec26bb6b501e743dbdbb6ef3b27f223b755bff5f7b3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "27AA562F9D2704B5305C2EC26BB6B501E743DBDBB6EF3B27F223B755BFF5F7B3"
Last-Modified: Thu, 03 Oct 2024 12:05:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16689
Expires: Fri, 04 Oct 2024 08:17:46 GMT
Date: Fri, 04 Oct 2024 03:39:37 GMT
Connection: keep-alive

thewrightfinds.com/606/index.php?userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/

188.114.96.1

302 Found

132 B

URL User Request GET HTTP/2
thewrightfinds.com/606/index.php?userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
gzip compressed data, from Unix
Size
132 B (132 bytes)
Hash
8bfd571db518af16c0efa654d6b9e622
33a21e247c3727bf5c3ba1999d2ecc5a8cfc717e
03d3ed03c29edb54d24487f5d1f53874d8a3713d6bd981b53eabe1bfc94c84b3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/index.php?userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.krcgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/ HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: text/html; charset=UTF-8
location: cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pMrzTu6xoP0GmPacaah40NUf4ZSo4bolaHR5PaReFgYvVRy6bMLKM8%2BS3CtCKhHCwDrSAwOIGELD%2F89%2BU8%2FZycr2%2FmmPuxXL%2Bi4UEbasDVPtmHiL34cErs4eqJ8ThxOJEtvoO8c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8cd22559faf3b4ed-OSL
X-Firefox-Spdy: h2

thewrightfinds.com/606/cgn-in/login_files/loginAdvanced.css

188.114.96.1

200 OK

736 B

URL GET HTTP/2
thewrightfinds.com/606/cgn-in/login_files/loginAdvanced.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
ASCII text, with CRLF line terminators
Size
736 B (736 bytes)
Hash
6f65ff42179a6b726d73fd73148e52c1
16f9599aaae13fca4c1855de9030798c79e92517
468daa1d727a90a0e1dd9f1d2e0298f22d5d973866ccc802cb7f5c7c95684b56

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/cgn-in/login_files/loginAdvanced.css HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: text/css
content-length: 736
last-modified: Tue, 27 Nov 2018 05:41:00 GMT
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aHQmlkSVUMo86e1mFHe0Tv9C%2FT4794VlCvczEW59wjU1p%2BvfoD%2BFxGWAkvyBBsHoXAtPP%2B6P9H2ylR8DE2pt2Dq4sgy1N5k7dHKC3nrDs4vIzGiJGxWQivBFzPl%2FMmieTwczfLU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd2255ddecab4ed-OSL
X-Firefox-Spdy: h2

thewrightfinds.com/606/cgn-in/login_files/logo.png

188.114.96.1

200 OK

930 B

URL GET HTTP/2
thewrightfinds.com/606/cgn-in/login_files/logo.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced
Size
930 B (930 bytes)
Hash
4070e765f512a9ce6be12d141237daca
ec0135f00de4ac2600360e052609fbfd3f6cabb0
74f16276d05ebc79ee7fbf56462451307491c08c6d4c1a2093b73afe40c95617

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/cgn-in/login_files/logo.png HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: image/png
content-length: 930
last-modified: Tue, 27 Nov 2018 05:38:48 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IpEtFjDBmAg1hBxb4NqJc%2FFsUP6ipMHrD%2BVkuLAx%2F2SEQWSYJyQR6j5iA3%2FjOtqGXEwpzEprLjAXi8taJQfRqi0l1hwAtqLyAWq9vSpd3XU73mTZlNtR7Ik6SuK66N0dqTVO0do%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd2255ddeceb4ed-OSL
X-Firefox-Spdy: h2

thewrightfinds.com/606/cgn-in/login_files/bottom.png

188.114.96.1

200 OK

1.8 kB

URL GET HTTP/2
thewrightfinds.com/606/cgn-in/login_files/bottom.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
PNG image data, 304 x 15, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1824 bytes)
Hash
a5f27369df1da9c58fab9d80e20a42fb
58a861a73e529d7532b509f7767ba34002c15313
7023708bfefd96e82a33ab788957f51abe998acc0193100e96db16cce9209583

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/cgn-in/login_files/bottom.png HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: image/png
content-length: 1824
last-modified: Tue, 27 Nov 2018 05:39:14 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2BvvvAAWv9CmVcJHDdcdFz7G9z9FbsRYGLVt9rN%2BVNUskcd8aW2A2hILxSPf5pFxrr8UJ2byZv8Ef%2FjrgKrcSH4XMl4KsttlWCVglfGK9WRFlmlicFJHhPDCO1GdJFPJ9y4dUxU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd2255dded1b4ed-OSL
X-Firefox-Spdy: h2

thewrightfinds.com/606/cgn-in/login_files/top.png

188.114.96.1

200 OK

1.7 kB

URL GET HTTP/2
thewrightfinds.com/606/cgn-in/login_files/top.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
PNG image data, 304 x 15, 8-bit/color RGBA, non-interlaced
Size
1.7 kB (1705 bytes)
Hash
3a518d602a65354ccbc27083cbfe959b
a2e0a751fa2cb17e5e525f5dc96e252d6244a691
21dacae4f28e0ccd1e08fb874451ef70fa9181389a3a082e1a07245315feb73f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/cgn-in/login_files/top.png HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: image/png
content-length: 1705
last-modified: Tue, 27 Nov 2018 05:39:08 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QyiG7SNAZMweiE%2Bv5bfxFgEDngVpczhlNx71QRQNMtF0GwOCwg8w2HjeAMi%2FJ3OmqclwtSdGyfhBPd0gE0U2ZOMhCVc15kZomB3ouIJygmEY4iJjTqFbFHFy32rSJWvFMnmeZNE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd2255dded0b4ed-OSL
X-Firefox-Spdy: h2

thewrightfinds.com/606/cgn-in/login_files/loginDialog.js

188.114.96.1

404 Not Found

4.2 kB

URL GET HTTP/2
thewrightfinds.com/606/cgn-in/login_files/loginDialog.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
HTML document, ASCII text, with very long lines (358)
Size
4.2 kB (4190 bytes)
Hash
03b6c6210297b34e2c630d712f778ca9
cba8f9d0435013e054937efe67847ea8ba40d40c
e2517881bcf4e7307097a3d143ffdfa218f1830c381347d746f06b1eb8a099bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/cgn-in/login_files/loginDialog.js HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: text/html
last-modified: Tue, 11 Oct 2022 11:48:46 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TDSudVfAm8kQxNYstdnZNFFaLvXdwlZJIZrW1gXcDaPeJAloMQSRwqyDpqMY1omAO9iJMlGXPCnKtILl%2F4916WvZ2Jl%2BMcz0Qw1bvDyGmEaX8pP3Ao%2B3zKOOEFMaUA7ka8dBWr4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8cd2255dcebfb4ed-OSL
content-encoding: br
X-Firefox-Spdy: h2

thewrightfinds.com/606/cgn-in/login_files/img/middle.png

188.114.96.1

200 OK

389 B

URL GET HTTP/2
thewrightfinds.com/606/cgn-in/login_files/img/middle.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
HTML document, ASCII text
Size
389 B (389 bytes)
Hash
a488348f72f211a0ea043a1498407234
1f878f73e1e038c733751819916450b6d905735b
7b24b0079c5c4f4998bf6201f7b23622921ade224beb44e7937aa0b6508bbecf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/cgn-in/login_files/img/middle.png HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thewrightfinds.com/606/cgn-in/login_files/loginAdvanced.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: image/png
content-length: 389
last-modified: Tue, 27 Nov 2018 05:39:10 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7CGUAYNP%2FkdjofHa6J9YxvWhAoG0HjZgLg9wHqA%2BXnt4fH7zD31bWnmsvCUDi1OqGY%2B1fjSNSBfqPCaZyvElUZpHTw9qbl5Botula9%2FHP27pnHthkNyqHNOCHyLAjHoxn1lwOhU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd2255fa8c4b4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

thewrightfinds.com/606/cgn-in/login_files/logo.png

188.114.96.1

200 OK

930 B

URL GET HTTP/2
thewrightfinds.com/606/cgn-in/login_files/logo.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
PNG image data, 45 x 45, 8-bit/color RGBA, non-interlaced
Size
930 B (930 bytes)
Hash
4070e765f512a9ce6be12d141237daca
ec0135f00de4ac2600360e052609fbfd3f6cabb0
74f16276d05ebc79ee7fbf56462451307491c08c6d4c1a2093b73afe40c95617

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/cgn-in/login_files/logo.png HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: image/png
content-length: 930
last-modified: Tue, 27 Nov 2018 05:38:48 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3YLKL2MTEr4selkC%2FuOzAgrcvZ4NNwshOu3BYm9IIfB1jPO95bb63ufrI0hfZOWC3HUl31d8gctwtcXuYDAND8unMTVuEh%2B4LqRn5lyA286MdmYHHyyvHW2693XfTjU3vE7fdDg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd2255fd8f5b4ed-OSL
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6c410e0fe14f406ed7ecac7422abd9f2
90e2a9be8b66acf40080a38ce4f914ac3c971805
b0aa4ad594cc7f7ed95f71dfd8d0861cb5af6a2f3171c55785e6918eb9bd477a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B0AA4AD594CC7F7ED95F71DFD8D0861CB5AF6A2F3171C55785E6918EB9BD477A"
Last-Modified: Fri, 04 Oct 2024 01:31:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14996
Expires: Fri, 04 Oct 2024 07:49:35 GMT
Date: Fri, 04 Oct 2024 03:39:39 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6c410e0fe14f406ed7ecac7422abd9f2
90e2a9be8b66acf40080a38ce4f914ac3c971805
b0aa4ad594cc7f7ed95f71dfd8d0861cb5af6a2f3171c55785e6918eb9bd477a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B0AA4AD594CC7F7ED95F71DFD8D0861CB5AF6A2F3171C55785E6918EB9BD477A"
Last-Modified: Fri, 04 Oct 2024 01:31:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14996
Expires: Fri, 04 Oct 2024 07:49:35 GMT
Date: Fri, 04 Oct 2024 03:39:39 GMT
Connection: keep-alive

thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/

188.114.96.1

200 OK

8.8 kB

URL User Request GET HTTP/2
thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
JavaScript source, ASCII text, with very long lines (10001), with no line terminators
Size
8.8 kB (8753 bytes)
Hash
a7bc9e84f25a07dc6741ca770d9a31a7
8936e69059648093150a15612016b770d11bc8dd
e32c9254bb3c196945d90cf318a047cf7e381126ff1c157bbc1a995afda772fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/ HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zkivbrtRYYXLyDE%2Fktaib1WVt4g%2BngQOpPZj8mbiS86Khd8lUBnfcQYbV%2Bqh6wbzpP2MhfeZ3nYc9UUjFL%2B%2B3fEJetk03Eoh08VY9N3tkuIwVNTWmyb2btkSupkmIsqMkEAcQKM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8cd2255bac8eb4ed-OSL
content-encoding: br
X-Firefox-Spdy: h2

thewrightfinds.com/606/cgn-in/login_files/loginBasic.css

188.114.96.1

200 OK

157 B

URL GET HTTP/2
thewrightfinds.com/606/cgn-in/login_files/loginBasic.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
ASCII text, with no line terminators
Size
157 B (157 bytes)
Hash
b043dd649447bddddea6d4c151901eff
840147816bb6d82517d83ceaa216da2d818b04a7
c60f314f5e680efcec715666b3ff4c483312851793df07462f3b7a0dbef59ded

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/cgn-in/login_files/loginBasic.css HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: text/css
content-length: 132
last-modified: Tue, 27 Nov 2018 05:40:46 GMT
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WSQYhxBgkWPB9tO%2FBQkNqcFvkyshLuzcZxEHcJrBbbF%2FUtRMDbvSCBqdqHEvliB5LhWKQ3YOKpFlTjRtkd2Rg4n8rl1jfjC0FSbE%2BhUKH9xYbWAEKwlnviYIHZhZjTpO5i1Dnq4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cd2255ddec9b4ed-OSL
X-Firefox-Spdy: h2

thewrightfinds.com/606/cgn-in/login_files/img/background.png

188.114.96.1

200 OK

393 B

URL GET HTTP/2
thewrightfinds.com/606/cgn-in/login_files/img/background.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
HTML document, ASCII text
Size
393 B (393 bytes)
Hash
36de1d9a04c84897aaee74b45ecc05fa
ab42e5e3bef742f10d7cfa36c7b0c13003a695a3
2e2a9b63438f66c2c112562946db160ed30eab6587e924b3e8db77ff91672139

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/cgn-in/login_files/img/background.png HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thewrightfinds.com/606/cgn-in/login_files/loginAdvanced.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: image/png
content-length: 393
last-modified: Tue, 27 Nov 2018 05:38:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=baTTqHx7kSewLAvKMK8eS4uENmNrWqUFTjTumpbRQ5qifvZ7bgFe4R0pbegol5QdP%2BNExAYJeEGCYmubAfudJe7O2SQcknFOj38T6XyBH%2FWJcCjlCFnjAINGD0K2QIRyNzpdHZs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8cd2255fa8c0b4ed-OSL
X-Firefox-Spdy: h2

thewrightfinds.com/606/cgn-in/login_files/generatedDefaults.js

188.114.96.1

404 Not Found

12 kB

URL GET HTTP/2
thewrightfinds.com/606/cgn-in/login_files/generatedDefaults.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
HTML document, ASCII text, with very long lines (358)
Size
12 kB (11817 bytes)
Hash
03b6c6210297b34e2c630d712f778ca9
cba8f9d0435013e054937efe67847ea8ba40d40c
e2517881bcf4e7307097a3d143ffdfa218f1830c381347d746f06b1eb8a099bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/cgn-in/login_files/generatedDefaults.js HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: text/html
last-modified: Tue, 11 Oct 2022 11:48:46 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ohcgQAkLqosXkd%2FIQo8xL7vdmdd93O2y2FnV17jW6wnTEMbA4S7Dfj%2BlqmSdCEeZb7yWbsFRqubRYORyN8tIowiqEXvj7B40Hcc2tjbfgfIouVdureiAvZldqkEebAOZJn3EDS0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8cd2255ddec1b4ed-OSL
content-encoding: br
X-Firefox-Spdy: h2

thewrightfinds.com/606/cgn-in/login_files/is

188.114.96.1

404 Not Found

12 kB

URL GET HTTP/2
thewrightfinds.com/606/cgn-in/login_files/is
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Certificate
IssuerGoogle Trust Services
Subjectthewrightfinds.com
Fingerprint78:4A:D6:35:BB:82:4D:D2:6E:8C:8C:F3:6D:A2:E9:5D:9F:0B:02:62
ValidityMon, 02 Sep 2024 21:15:08 GMT - Sun, 01 Dec 2024 21:15:07 GMT

File type
HTML document, ASCII text, with very long lines (358)
Size
12 kB (11817 bytes)
Hash
03b6c6210297b34e2c630d712f778ca9
cba8f9d0435013e054937efe67847ea8ba40d40c
e2517881bcf4e7307097a3d143ffdfa218f1830c381347d746f06b1eb8a099bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /606/cgn-in/login_files/is HTTP/1.1
Host: thewrightfinds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thewrightfinds.com/606/cgn-in/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=chungsik-choi@pacoeng.co.kr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Fri, 04 Oct 2024 03:39:38 GMT
content-type: text/html
cf-cache-status: DYNAMIC
last-modified: Tue, 11 Oct 2022 11:48:46 GMT
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eHkmIzRxVvmd7XshiIc2drg1NNUAHtP1%2BQkJD00ECls%2BJVoEW8TrHd%2FKkxAJTz%2Fzb%2Fke2p0zAO2aKZg%2FoGurwJSVygLTejDPp7P8TvPq3Ux4kQch0KRNjODIyYOLPOUeO4VaT%2Bw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8cd2255ddec6b4ed-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash