mrgsoft.ge/
185.139.57.132301 Moved Permanently 162 B IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 19 Jan 2023 00:57:20 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://mrgsoft.ge/
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 37284a837312d6586460a3b86bbe7bd0
6ac0847abd48eb8607597218aaa2cb2d434c012b
6a0e11bb042555d72b397ae0cc3d5e242d3a3fe04418e28ffd222decca7d16ca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A0E11BB042555D72B397AE0CC3D5E242D3A3FE04418E28FFD222DECCA7D16CA"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16381
Expires: Thu, 19 Jan 2023 05:30:21 GMT
Date: Thu, 19 Jan 2023 00:57:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8095
Expires: Thu, 19 Jan 2023 03:12:15 GMT
Date: Thu, 19 Jan 2023 00:57:20 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 19 Jan 2023 00:49:23 GMT
content-type: application/json
age: 477
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7afaa97fbfa9baa1485c892eac8e114d
8c17c707c218e28ac14197ce8e5eef873207a732
59db16baacb452453dbf44fc2a24f25ab09c4dbaec3a9271fda84230d8f11925
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59DB16BAACB452453DBF44FC2A24F25AB09C4DBAEC3A9271FDA84230D8F11925"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15209
Expires: Thu, 19 Jan 2023 05:10:49 GMT
Date: Thu, 19 Jan 2023 00:57:20 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: HR4FgM/GIH+tnJZVA3n9tlkAxEVm9rgTq1uFzMja9w1OgqTWpz37dTKpZVLFWl26tVGgnsdmkSk=
x-amz-request-id: MAA1E0RW6FNZ1CZT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 19 Jan 2023 00:56:53 GMT
age: 27
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:20 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
mrgsoft.ge/
185.139.57.132200 OK 8.6 kB IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (800), with CRLF, LF line terminators
Hash 8a9b4f47ecf0f6af00d1bc45e6f8fb93
bfdd319874d930a6d38f8951397f8b7456e85210
eb1554abc44da7adbf304a344a62b38d30fe6c002295f1349021715def43844d
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:20 GMT
content-type: text/html; charset=UTF-8
content-length: 8572
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; path=/
name=564210299; expires=Sat, 18-Feb-2023 00:57:20 GMT; Max-Age=2592000; path=/
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 783c01fa14ade2316e22ead869b3dbf8
71e20a947b3a9e10cb2bf046e2ca3da294d97f70
9b0aee93ad83dd0c14a106a2514b86ab950b2fc679596fd621841242b5c7e95c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 00:57:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-37790395-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-37790395-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 6cb99c0fea73c3a4b806f0915390206c
cc5d0569b655e21849dfb55af1bd2ce150a0503f
e994c249e5cde769d5d95731949aa11cac823b8fde350ed0d18e58d25d3f7452
GET /gtag/js?id=UA-37790395-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 19 Jan 2023 00:57:21 GMT
expires: Thu, 19 Jan 2023 00:57:21 GMT
cache-control: private, max-age=900
last-modified: Thu, 19 Jan 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44087
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 783c01fa14ade2316e22ead869b3dbf8
71e20a947b3a9e10cb2bf046e2ca3da294d97f70
9b0aee93ad83dd0c14a106a2514b86ab950b2fc679596fd621841242b5c7e95c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 00:57:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 19 Jan 2023 00:17:25 GMT
age: 2396
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
mrgsoft.ge/images/de.png
185.139.57.132200 OK 15 kB IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type PNG image data, 21 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash f3677aa3ca479086333ff3e0f0c9a138
272b47ebe64ffb11332b857500898e2615baf765
a67ebc404e18c4de584f417ef4a3b565e53b5640b0d2bf77d0e39dd635088c09
GET /images/de.png HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/png
content-length: 15418
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-3c3a"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgsoft.ge/images/en.png
185.139.57.132200 OK 1.9 kB IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type PNG image data, 21 x 15, 8-bit/color RGB, non-interlaced\012- data
Hash 487afa028990b9abd7765ff60dc62449
5a24460c636728ba2c5f46151c0f46596188a669
cb45457ca31a6b79a26ed470c804f2740451962bdbe6a9cd320bb9904d48f7b5
GET /images/en.png HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/png
content-length: 1870
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-74e"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgsoft.ge/css/owl.carousel.min.css
185.139.57.132200 OK 1.3 kB URL HTTP/2 mrgsoft.ge/css/owl.carousel.min.css
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type ASCII text, with very long lines (2846)
Hash 6180df92b271476e0774a07494f7c4e9
58f7f6a32f44f13616309ce1ebadb7eb13c1ba4f
24cd606a11c820fee107a7362fd97094e5ffd45113925009453853110054ca95
GET /css/owl.carousel.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-b78"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/parallaxie.js
185.139.57.132200 OK 366 B URL HTTP/2 mrgsoft.ge/js/parallaxie.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type ASCII text, with very long lines (714), with no line terminators
Hash 66fee7ebe6ee6306b7250d8813f52243
c0c541954989f6b3d9a9ca6a0fb9bfd43f69c1b6
608431857fd841b42819f6a8f02e467bf37d67eb59602c39f30d0085bac662e3
Analyzer Verdict Alert fortinet Malware
GET /js/parallaxie.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
content-length: 366
x-accel-version: 0.01
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "2ca-5d4a9570fbbb8-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
X-Firefox-Spdy: h2
mrgsoft.ge/images/mrgwebstudio.png
185.139.57.132200 OK 58 kB URL HTTP/2 mrgsoft.ge/images/mrgwebstudio.png
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type PNG image data, 1553 x 369, 8-bit/color RGBA, non-interlaced\012- data
Hash 1d3776b01d35fc2796e2020546aa9ff1
df422cb8a9b88c43c76777266d9a0707e0f9c36c
396a0e797990655259ae16b047dd9ccad28b4ee285ee71b8693b296eadecda2d
GET /images/mrgwebstudio.png HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/png
content-length: 57586
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-e0f2"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgsoft.ge/images/ka.png
185.139.57.132200 OK 1.6 kB IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type PNG image data, 21 x 15, 8-bit/color RGB, non-interlaced\012- data
Hash 25afc5d6f8c739bd8a722840ac9d3638
8d72d0f3f7d276f806f74feb26b2983830de4d6e
d19eeb36e4f0f5bb9c15c294b3f1522c32dbf2949f9360ccc0043ca2b37b54d1
GET /images/ka.png HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/png
content-length: 1604
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-644"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgsoft.ge/images/ru.png
185.139.57.132200 OK 15 kB IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type PNG image data, 21 x 15, 8-bit/color RGB, non-interlaced\012- data
Hash 35ae8df4c0e0317203174e446a1ffc31
867e9f6ac178da86aa055b474919ea58c1029acc
9d736852098148326a2d1f11592ca1da679f4b3ef4ce5cb48a434f0c45a37dbd
GET /images/ru.png HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/png
content-length: 15184
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-3b50"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgsoft.ge/images/qr.png
185.139.57.132200 OK 40 kB IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type PNG image data, 1148 x 1148, 8-bit/color RGB, non-interlaced\012- data
Hash cd9305519cd4d57a17c6c561611eae48
680acc730c9f5fbb9ae4dc1541f2dc23bb7b91f8
dd19b87b12657d9556dd4da9423c52d2e755b44bd9fb96b44ead1197aa51cdf1
GET /images/qr.png HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/png
content-length: 40046
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-9c6e"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash da63a934cf5433b8e2e854c0163a7140
1f4e55308396375cfb0978f385b5a3de54ab2238
f31151e5a90c06ec9a1ac005faa6c903478c479a280ddbeb816473434a5ee31c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F31151E5A90C06EC9A1AC005FAA6C903478C479A280DDBEB816473434A5EE31C"
Last-Modified: Thu, 19 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21592
Expires: Thu, 19 Jan 2023 06:57:13 GMT
Date: Thu, 19 Jan 2023 00:57:21 GMT
Connection: keep-alive
mrgsoft.ge/js/jquery.cubeportfolio.min.js
185.139.57.132200 OK 18 kB URL HTTP/2 mrgsoft.ge/js/jquery.cubeportfolio.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type ASCII text, with very long lines (32038)
Hash b13f799c7317cf6359d03a93632d4e30
dc11d409b80c4a395282d95d70156035ef481767
977ba1ee11439ce4bcb5f560ac40fef888ac4d324945ed8b7969299a396db32a
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.cubeportfolio.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-1330d"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/css/cubeportfolio.min.css
185.139.57.132200 OK 13 kB URL HTTP/2 mrgsoft.ge/css/cubeportfolio.min.css
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type ASCII text, with very long lines (65256)
Hash c9b78c5b0ee7af9b43abbb07d31502ab
3fde27077ca4fd0e8741c338b133fa4185ee6edc
c843760664107891b18562522af5159424d2ad140b349ab30d1af7f52b1c21c0
GET /css/cubeportfolio.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-18d59"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/css/revolution/navigation.css
185.139.57.132200 OK 850 B URL HTTP/2 mrgsoft.ge/css/revolution/navigation.css
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Hash f199570eea671ed2c742ec5941c94cf9
ac6a7fd4d3733c42acff63c17a7f3fc2219bfcd4
55108082c6c24db9aba5536790195449197a09c7185c1fdd51cbfb82d13a6753
GET /css/revolution/navigation.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-5fc"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/css/tooltipster.min.css
185.139.57.132200 OK 1.7 kB URL HTTP/2 mrgsoft.ge/css/tooltipster.min.css
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type ASCII text, with very long lines (6495)
Hash 89eddc6362e0106fd7424d43bfce4265
5d10ffd6cd428716881566349c659cba045ae3ad
1234bbd160399ca09ed36e4efc56d36487096692aa3f8bb3e1402cf81442d50d
GET /css/tooltipster.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-1d76"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/revolution/extensions/revolution.extension.navigation.min.js
185.139.57.132200 OK 812 kB URL HTTP/2 mrgsoft.ge/js/revolution/extensions/revolution.extension.navigation.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type ASCII text, with very long lines (25862)
Size 812 kB (811540 bytes)
Hash 2282a92c1a3cad851926c30277a50fca
7b1a0e9de44efb72bf363dc794e4fb34ed763334
683159716dbfb958e34c91cea8ab1358769d9ff481cd00e68438b2c0359a1ccb
Analyzer Verdict Alert fortinet Malware
GET /js/revolution/extensions/revolution.extension.navigation.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-65f1"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/revolution/extensions/revolution.extension.video.min.js
185.139.57.132200 OK 35 kB URL HTTP/2 mrgsoft.ge/js/revolution/extensions/revolution.extension.video.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type ASCII text, with very long lines (25833)
Hash 97121647f36b97e45b70f4216fe527fa
48d07aa0ab3121ee624c01bf2c8f4dc984aee082
67fca20ff8a4a43ce3bd0159ca02183f07bab1e630b56881d99a38e3a4bf318f
Analyzer Verdict Alert fortinet Malware
GET /js/revolution/extensions/revolution.extension.video.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-65d9"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/css/bootstrap.min.css
185.139.57.132200 OK 95 kB URL HTTP/2 mrgsoft.ge/css/bootstrap.min.css
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type ASCII text, with very long lines (65324)
Hash c5fd4fc4ac7c6257f642307f4ae0a897
5f9d85e741a903959a3f3525bc340cce6f025c5f
c57250018bc8d41cccc650ea009d1d32f54bfa8f76dc3f7290d75916cd85eb78
GET /css/bootstrap.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-2606e"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/boxicons/css/boxicons.min.css
185.139.57.132200 OK 86 kB URL HTTP/2 mrgsoft.ge/boxicons/css/boxicons.min.css
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type ASCII text, with very long lines (63235), with no line terminators
Hash 8e95a3bb1ebb241bebd1f5f62ddb9acb
7f5c23ff5d8f8a435b392cb71d1c0cea673cfb96
252ccff9525a4c6c89153860c49335fc23d63684fcc3fe769ec0b0dab3a1e0c4
GET /boxicons/css/boxicons.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-f703"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/icofont/fonts/icofont.woff2
185.139.57.132200 OK 538 kB URL HTTP/2 mrgsoft.ge/icofont/fonts/icofont.woff2
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type Web Open Font Format (Version 2), TrueType, length 537868, version 1.0\012- data
Size 538 kB (537868 bytes)
Hash 50a4ab76e700a83e649be213f820fbbd
28ad9e9ac82f86c50eb4dd3d713a0698473bdbb3
242e542871bd77c8ff6375418e349ef6b3a32a208e15ca1441166641d212a6a1
Analyzer Verdict Alert fortinet Malware
GET /icofont/fonts/icofont.woff2 HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://mrgsoft.ge/icofont/icofont.min.css
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: font/woff2
content-length: 537868
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-8350c"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.202.13.86101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.202.13.86:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sr8O28v6ghKQEoRBFKeabg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cV78K06iFKVWd4vseM/7c4ghGcA=
mrgwebstudio.com/photos/1636725095Capture.JPG
185.139.57.132200 OK 36 kB URL HTTP/2 mrgwebstudio.com/photos/1636725095Capture.JPG
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Hash 1340206fcc8ca38017b39f1f39c9539b
6fdcd142eaf25337a31e703eb6da4509500ca533
daf6647e267e4d3a99386cc1abe9c19584a7a0aacd3ca5bc9b80426444106ecc
GET /photos/1636725095Capture.JPG HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 35736
last-modified: Mon, 03 Jan 2022 08:31:01 GMT
etag: "61d2b445-8b98"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgwebstudio.com/photos/1659632068Capture.JPG
185.139.57.132200 OK 51 kB URL HTTP/2 mrgwebstudio.com/photos/1659632068Capture.JPG
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Hash 78c04021b7eb2498a734030d4eea1d52
9b24d632211a2309d0bdf342b9c4f6fc3052a7cf
37ce0a8a2d778aed2141ff10446a1eef6198f97d95970884a5442d7e06205995
GET /photos/1659632068Capture.JPG HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 51043
last-modified: Thu, 04 Aug 2022 16:54:29 GMT
etag: "62ebf9c5-c763"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgwebstudio.com/photos/1630107199Capture.JPG
185.139.57.132200 OK 31 kB URL HTTP/2 mrgwebstudio.com/photos/1630107199Capture.JPG
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Hash 493b1eb4741eecc2bbcabd93c47a7092
666aef966b772a3a1d3edf09fb3c5641b5a7a824
196b2e481722d000b070eba3802e4ee1df4354ec3327c0d0098cef1fb2464fd4
GET /photos/1630107199Capture.JPG HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 30596
last-modified: Mon, 03 Jan 2022 08:31:01 GMT
etag: "61d2b445-7784"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgwebstudio.com/photos/1646341993Capture.JPG
185.139.57.132200 OK 41 kB URL HTTP/2 mrgwebstudio.com/photos/1646341993Capture.JPG
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Hash e18c9777431e781bae70864ff12ad4fd
a27a02b0b6efcef4b102d72cf4098cf83b384bd2
63e00227e8cdfe210f862692128bfbc2d917e089d682d1ce09a6846978dc6af2
GET /photos/1646341993Capture.JPG HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 40602
last-modified: Thu, 03 Mar 2022 21:13:13 GMT
etag: "62212f69-9e9a"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgwebstudio.com/photos/1670353396ss.jpg
185.139.57.132200 OK 92 kB URL HTTP/2 mrgwebstudio.com/photos/1670353396ss.jpg
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Hash 566686c2b19b9ef2bbc3ba1d6af88ab1
19768a6a0a184b080e94178d77cd6c214e95c3d9
2d7423340a118c7853f46039883819c4a0c544506a2bb51437f3b856e041e65e
GET /photos/1670353396ss.jpg HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 92192
last-modified: Tue, 06 Dec 2022 19:03:16 GMT
etag: "638f91f4-16820"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgwebstudio.com/photos/1630017894office.jpg
185.139.57.132200 OK 49 kB URL HTTP/2 mrgwebstudio.com/photos/1630017894office.jpg
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 800x600, components 3\012- data
Hash f8ad337327de483d6065d3d05b5e4571
bff2c2dc467a3576f691fb03bb9f10c19bab3804
7416beb5f307aae611465ee1daa19e008e54eaa49f85d97659270d7f4f2fbee6
GET /photos/1630017894office.jpg HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 49147
last-modified: Mon, 03 Jan 2022 08:31:01 GMT
etag: "61d2b445-bffb"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgwebstudio.com/photos/16668483062.jpg
185.139.57.132200 OK 38 kB URL HTTP/2 mrgwebstudio.com/photos/16668483062.jpg
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Hash 4a0a1e9d11a247366c01394ff44099d9
f04ed33192fe5c6c3f5f1d3f8878ec1d4fffb50b
847f22db08fb252aa3fa65da0a90f378b8f8e9f00a3a9933b5cd19d9878b89bb
GET /photos/16668483062.jpg HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 37856
last-modified: Thu, 27 Oct 2022 05:25:06 GMT
etag: "635a1632-93e0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgwebstudio.com//photos/1629838638banner1-1.jpg
185.139.57.132200 OK 69 kB URL HTTP/2 mrgwebstudio.com//photos/1629838638banner1-1.jpg
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 1920x900, components 3\012- data
Hash 3ed76bd68ff2084747d577027df1797f
5b42410facf276d7a68a818a6da87ae2079d98e8
dd18c0e3397efd7e072e554deb73b0cee155b004b711b6420878b738215bfb64
GET //photos/1629838638banner1-1.jpg HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 69221
last-modified: Mon, 03 Jan 2022 08:31:01 GMT
etag: "61d2b445-10e65"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgwebstudio.com/photos/1630098889Capture.JPG
185.139.57.132200 OK 61 kB URL HTTP/2 mrgwebstudio.com/photos/1630098889Capture.JPG
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Hash 053184ca0b08dc43a4b40ad3e2bd387b
4ad9ca535a60ae5a8943f38a0272aa382bf16b25
f075f0478080c7806430a071b945f71c5f6e077bdfa1e529325c96256f52bca7
GET /photos/1630098889Capture.JPG HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 60954
last-modified: Mon, 03 Jan 2022 08:31:01 GMT
etag: "61d2b445-ee1a"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgwebstudio.com/photos/166357023511.jpg
185.139.57.132200 OK 50 kB URL HTTP/2 mrgwebstudio.com/photos/166357023511.jpg
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Hash e6d19473c1bf5cd12972032b31732006
2b86c72cb0e76404f40c9f5ebf99079eba0d8b8e
bb63f50aca53fe0d5d1e406a0e1f5b1c5d7801c0f912d1fe4cbc3a6cc2d8401b
GET /photos/166357023511.jpg HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 50040
last-modified: Mon, 19 Sep 2022 06:50:35 GMT
etag: "6328113b-c378"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
mrgwebstudio.com//photos/1656274905111.jpg
185.139.57.132200 OK 133 kB URL HTTP/2 mrgwebstudio.com//photos/1656274905111.jpg
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 50", baseline, precision 8, 1920x900, components 3\012- data
Size 133 kB (132841 bytes)
Hash 174dc62be8b1b4fe92b36742c698f318
23ea8d8ef00ed3b1bbeac0c491e3868ac9658f58
cbdaf936d4a283cc2da1f80f73b35a6004b375032550823e35375a7e3d891205
GET //photos/1656274905111.jpg HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 132841
last-modified: Sun, 26 Jun 2022 20:21:46 GMT
etag: "62b8bfda-206e9"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 948e6eab4e0fbb57ec991519b205a62b
d85968f393cf652627a14b5afd00e17d46bdfa13
4b1931c60a3b716142ac04c9b573f15dc7cef2297b62c1fad93d132cc6c05391
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2669
Cache-Control: max-age=114858
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 00:57:22 GMT
Etag: "63c7a8af-1d7"
Expires: Fri, 20 Jan 2023 08:51:40 GMT
Last-Modified: Wed, 18 Jan 2023 08:07:11 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 19 Jan 2023 00:41:07 GMT
expires: Thu, 19 Jan 2023 02:41:07 GMT
cache-control: public, max-age=7200
age: 975
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mrgsoft.ge/js/wow.js
185.139.57.132200 OK 94 kB IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type ASCII text, with very long lines (8443)
Hash b5d8349ba30cf7df171ef36ef83006f1
dd24f2e1692bfd10fced36e36c4ad2c221b8fda8
9d696cfa7391f0eac6fbc6471ec805f3517d2aa7ef72de4cedd4959a024c2368
Analyzer Verdict Alert fortinet Malware
GET /js/wow.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-2119"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 948e6eab4e0fbb57ec991519b205a62b
d85968f393cf652627a14b5afd00e17d46bdfa13
4b1931c60a3b716142ac04c9b573f15dc7cef2297b62c1fad93d132cc6c05391
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2669
Cache-Control: max-age=114858
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 00:57:22 GMT
Etag: "63c7a8af-1d7"
Expires: Fri, 20 Jan 2023 08:51:40 GMT
Last-Modified: Wed, 18 Jan 2023 08:07:11 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
mrgsoft.ge/js/revolution/extensions/revolution.extension.kenburn.min.js
185.139.57.132200 OK 1.4 kB URL HTTP/2 mrgsoft.ge/js/revolution/extensions/revolution.extension.kenburn.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type ASCII text, with very long lines (3515)
Hash 2ce74258ce107355cbd4be6da804c79c
0c32f6c0c2db547f15f49d657747792bb7d25b61
776742c52900547e5e0406b32b403eba7de67f0981a44091c8aa03bc279fd320
Analyzer Verdict Alert fortinet Malware
GET /js/revolution/extensions/revolution.extension.kenburn.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-ea4"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash efac8d32469e6807b1b1f2916a47edf1
68d91e7af565f1cf6597bcdd642a78dbada50a8d
22639289563bb576a7c20b9c733bdd7f98c41519fdddeef0d710f0d058c5bf88
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 00:57:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-37790395-1&cid=752063057.1674089842&jid=593095921&gjid=428345014&_gid=1108835119.1674089842&_u=YEBAAUAAAAAAACAAI~&z=1319397163
173.194.222.156200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-37790395-1&cid=752063057.1674089842&jid=593095921&gjid=428345014&_gid=1108835119.1674089842&_u=YEBAAUAAAAAAACAAI~&z=1319397163
IP 173.194.222.156:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-37790395-1&cid=752063057.1674089842&jid=593095921&gjid=428345014&_gid=1108835119.1674089842&_u=YEBAAUAAAAAAACAAI~&z=1319397163 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://mrgsoft.ge
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://mrgsoft.ge
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 19 Jan 2023 00:57:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash efac8d32469e6807b1b1f2916a47edf1
68d91e7af565f1cf6597bcdd642a78dbada50a8d
22639289563bb576a7c20b9c733bdd7f98c41519fdddeef0d710f0d058c5bf88
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 00:57:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent¤t_url=https%3A%2F%2Fmrgsoft.ge%2F&event_name=chat_plugin_sdk_facade_create&is_loaded_by_facade=true&loading_time=0&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842095&sdk=joey&should_use_new_domain=false&suppress_http_code=1
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent¤t_url=https%3A%2F%2Fmrgsoft.ge%2F&event_name=chat_plugin_sdk_facade_create&is_loaded_by_facade=true&loading_time=0&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842095&sdk=joey&should_use_new_domain=false&suppress_http_code=1
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent¤t_url=https%3A%2F%2Fmrgsoft.ge%2F&event_name=chat_plugin_sdk_facade_create&is_loaded_by_facade=true&loading_time=0&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842095&sdk=joey&should_use_new_domain=false&suppress_http_code=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Origin: https://mrgsoft.ge
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: https://mrgsoft.ge
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: BL4CLFUoDRKbnRqTiAVeHnXPLcuIYTNPtiQ0VNh+NWTyW028JI7YSpQ43v/4cxJlmp2FsypksYsgIORdt6lQHA==
content-length: 0
date: Thu, 19 Jan 2023 00:57:22 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent¤t_url=https%3A%2F%2Fmrgsoft.ge%2F&event_name=chat_plugin_sdk_facade_load&is_loaded_by_facade=true&loading_time=463&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842558&sdk=joey&should_use_new_domain=false&suppress_http_code=1
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent¤t_url=https%3A%2F%2Fmrgsoft.ge%2F&event_name=chat_plugin_sdk_facade_load&is_loaded_by_facade=true&loading_time=463&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842558&sdk=joey&should_use_new_domain=false&suppress_http_code=1
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent¤t_url=https%3A%2F%2Fmrgsoft.ge%2F&event_name=chat_plugin_sdk_facade_load&is_loaded_by_facade=true&loading_time=463&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842558&sdk=joey&should_use_new_domain=false&suppress_http_code=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Origin: https://mrgsoft.ge
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: https://mrgsoft.ge
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: kUZU28k02mX8mjPAH0FJAvm0UsGytxaYXR7SmqXM4EdmMA2O+tX/hwdCUCPoEwzgu+w95lcXWUEJzchSnwccSg==
content-length: 0
date: Thu, 19 Jan 2023 00:57:22 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4105
Expires: Thu, 19 Jan 2023 02:05:47 GMT
Date: Thu, 19 Jan 2023 00:57:22 GMT
Connection: keep-alive
mrgsoft.ge/js/revolution/extensions/revolution.extension.parallax.min.js
185.139.57.132200 OK 3.5 kB URL HTTP/2 mrgsoft.ge/js/revolution/extensions/revolution.extension.parallax.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
File type ASCII text, with very long lines (10692)
Hash 4b90b2b8e6977a88bdcffb5795a2aa41
5112fcfbbf821bdacac1b32288538929c0be5838
16cbd4962d2f42d059e3e7431aca2fb9b58623a10d8c104fc464c21bf688cfc9
Analyzer Verdict Alert fortinet Malware
GET /js/revolution/extensions/revolution.extension.parallax.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-2aad"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4105
Expires: Thu, 19 Jan 2023 02:05:47 GMT
Date: Thu, 19 Jan 2023 00:57:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4105
Expires: Thu, 19 Jan 2023 02:05:47 GMT
Date: Thu, 19 Jan 2023 00:57:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4105
Expires: Thu, 19 Jan 2023 02:05:47 GMT
Date: Thu, 19 Jan 2023 00:57:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5e839b2-9887-4705-93dd-351351c5f612.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5e839b2-9887-4705-93dd-351351c5f612.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dca732f3b0a525c0689d566633effb47
9b12e4ce9f936ccb2203807886765e5b0c6e0339
cb5b0faffd9a609aa7f9af0458d032b30d32894b412ecd6d8aa18c90dc0448bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5e839b2-9887-4705-93dd-351351c5f612.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6489
x-amzn-requestid: 8290bd7c-4fb9-4149-b82a-dde38ba2afca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ewag5H5EoAMFV-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c33e05-6ad6ec63583c8d511f1b6425;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 23:43:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: splv2LTI5lvHrhvTcF5T0t15iXeLQ2FFZ5uPopDoYxFaa8LE5U9uxA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 10:58:17 GMT
age: 50345
etag: "9b12e4ce9f936ccb2203807886765e5b0c6e0339"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1eff6cdee4c98a6f806c5b417b12cdf2
4b4b817055dc2c0699c6e01d85841638e63d9c0e
2f2fdd1e829e4175e8cf915794ffc16e24dac72ab425448cd0ac5165b1b87b2f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5351
x-amzn-requestid: 86ba43bc-0b0f-40ba-9015-463371baf673
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foQFg_IAMFSZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61301-0c1461622a361a5d0ab35cbb;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -mbHxl4DLZkERC2UDDAc2uOtx4kTzqdcgwWxs93CROmqzmbwAU-P6w==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 03:33:22 GMT
age: 77040
etag: "4b4b817055dc2c0699c6e01d85841638e63d9c0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa848e8c9-5ea8-4948-a3e7-109001ff6cba.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa848e8c9-5ea8-4948-a3e7-109001ff6cba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13457311f170ebcd637e77aa48873488
a51ef5eb01736824f382541c5a4ad025ae35c09e
f57f95cc9f18b2e41951f1fcd9c278ca0f522e98dbf57aeb4c59b4b59deeb605
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa848e8c9-5ea8-4948-a3e7-109001ff6cba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6235
x-amzn-requestid: 919a5e9d-11c0-4b12-a718-f5a256f4fda2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3RXBG8xoAMFW1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5fc2c-2398fc8910eb707e4c15b416;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 01:38:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WwmWT7zXborrCF7_Ul5LFV1EboOT5KBXf9TSATbFi01dpip5BGSQNQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 21:50:00 GMT
age: 11242
etag: "a51ef5eb01736824f382541c5a4ad025ae35c09e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F358af8d7-be1d-4bbe-ab3e-a9efaf49e1ac.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F358af8d7-be1d-4bbe-ab3e-a9efaf49e1ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2b8f931fb5afe958e67fce9e1822dac4
5732887999b819f6facc6f4608a407b5a09adf75
3c6c787e700f8139ec0eeaad93923f647f9efa5ce60120fc0aab52fa9588efaf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F358af8d7-be1d-4bbe-ab3e-a9efaf49e1ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5005
x-amzn-requestid: 647dd62e-6b47-4298-9457-c7f37e653e0e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e5qLKEX6IAMFX0g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c6f0ad-3dc1396c1b3662fa4ec5f1fa;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 19:02:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ge_XozSe44BAhC-fFiu-u8Oa4jd8Uctn4O3fmdLCavhYpcSVrhNMww==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 17:42:33 GMT
age: 26089
etag: "5732887999b819f6facc6f4608a407b5a09adf75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4d15f9a-9958-436b-ac3e-167b5a6563ea.jpeg
34.120.237.76200 OK 3.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4d15f9a-9958-436b-ac3e-167b5a6563ea.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b1b47910c4f71976f73a884bcae6f9bc
26c0d42fddb2a02d9878c34a76874710c92a9d30
9c5ce4945939b126cd36202f5afb8009ce790a792270ec31cc22099e4cd12a24
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4d15f9a-9958-436b-ac3e-167b5a6563ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3861
x-amzn-requestid: c8fbb2e1-9ec6-42c0-8030-9be785e8913e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9TegFNEoAMFwqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c865f6-04a9e7db684e88ed69e1bd43;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:34:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: wTiBoiSa1euVzUKPwlAWWZD-fYwMQGxgvRRzr1ALkrFY5VV3zeL9Jg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 21:52:42 GMT
age: 11080
etag: "26c0d42fddb2a02d9878c34a76874710c92a9d30"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03bd9522-eeb8-49fc-b9be-5881b7bc5ce5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03bd9522-eeb8-49fc-b9be-5881b7bc5ce5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eeb5713ea23c36906255e88dc10eadbf
896d92a22f676b5946004feb723b094a8a36e09c
eb75a6fcc83d5134137caa6aa110e284a93149faab9557aea8853f9d63f82bc8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03bd9522-eeb8-49fc-b9be-5881b7bc5ce5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12174
x-amzn-requestid: 79fee0c7-be5a-4467-b351-aeb8a7e7d19f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e7ULMH_noAMF77g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c79a47-7d7d140511fbcb6063868fd3;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 07:05:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VL7g5MbOqAMyRbpSLbv3GseRY4zBNF22AZ_am4KpDyQqbb0Vp6AL-Q==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 07:26:24 GMT
age: 63058
etag: "896d92a22f676b5946004feb723b094a8a36e09c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mrgsoft.ge/js/functions.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/functions.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/functions.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-e4ec"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/css/style.css
0 B IP :0
GET /css/style.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
mrgsoft.ge/js/jquery.appear.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/jquery.appear.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.appear.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-4f2"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/css/all.min.css
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/css/all.min.css
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
GET /css/all.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-dcc5"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/revolution/extensions/revolution.extension.carousel.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/revolution/extensions/revolution.extension.carousel.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/revolution/extensions/revolution.extension.carousel.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-1db1"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/jquery.fancybox.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/jquery.fancybox.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.fancybox.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-10aa9"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/revolution/extensions/revolution.extension.actions.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/revolution/extensions/revolution.extension.actions.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/revolution/extensions/revolution.extension.actions.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-2082"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/bootstrap.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/bootstrap.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/bootstrap.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-bf30"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/icofont/icofont.min.css
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/icofont/icofont.min.css
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
GET /icofont/icofont.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-16830"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/css/animate.min.css
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/css/animate.min.css
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
GET /css/animate.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-4238"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.facebook.com/plugins/customer_chat/facade/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent¤t_url=https%3A%2F%2Fmrgsoft.ge%2F&is_loaded_by_facade=true&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842095&sdk=joey&should_use_new_domain=false&suppress_http_code=1
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/plugins/customer_chat/facade/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent¤t_url=https%3A%2F%2Fmrgsoft.ge%2F&is_loaded_by_facade=true&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842095&sdk=joey&should_use_new_domain=false&suppress_http_code=1
IP 31.13.72.36:0
GET /plugins/customer_chat/facade/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent¤t_url=https%3A%2F%2Fmrgsoft.ge%2F&is_loaded_by_facade=true&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842095&sdk=joey&should_use_new_domain=false&suppress_http_code=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Origin: https://mrgsoft.ge
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
content-type: application/json; charset=utf-8
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: https://mrgsoft.ge
strict-transport-security: max-age=15552000; preload
x-fb-debug: /Sa7W1gn3zS59MeL4smB0rDO0k5krBhCXZiis9qSZ2gbErwgzfvXfxNzcanfCVwEo/hVAO46jH8KNGjtH7GKaA==
date: Thu, 19 Jan 2023 00:57:22 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
mrgsoft.ge/js/revolution/extensions/revolution.extension.migration.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/revolution/extensions/revolution.extension.migration.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/revolution/extensions/revolution.extension.migration.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-65f1"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/css/revolution/settings.css
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/css/revolution/settings.css
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
GET /css/revolution/settings.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-756c"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/css/jquery.fancybox.min.css
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/css/jquery.fancybox.min.css
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
GET /css/jquery.fancybox.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-31fb"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/propper.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/propper.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/propper.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-4af4"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/jquery-countTo.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/jquery-countTo.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/jquery-countTo.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-a29"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
socialplugin.facebook.net/new_domain_gating/?endpoint=customerchat&page_id=725184574313954&suppress_http_code=1
31.13.72.8200 OK 0 B URL HTTP/2 socialplugin.facebook.net/new_domain_gating/?endpoint=customerchat&page_id=725184574313954&suppress_http_code=1
IP 31.13.72.8:0
GET /new_domain_gating/?endpoint=customerchat&page_id=725184574313954&suppress_http_code=1 HTTP/1.1
Host: socialplugin.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Origin: https://mrgsoft.ge
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
content-type: application/json; charset=utf-8
x-fb-rlafr: 0
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: https://mrgsoft.ge
x-fb-debug: xR+9Bt7hhCFUgAT8PsC/5zuI7eT4SlkwdQePWqdOUgqa+EvvFDlv0zpb+I50jNIUpv8IsVYMDTgE2X7Iu7sq8Q==
date: Thu, 19 Jan 2023 00:57:22 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
mrgsoft.ge/js/revolution/jquery.themepunch.revolution.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/revolution/jquery.themepunch.revolution.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/revolution/jquery.themepunch.revolution.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-fdaf"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/owl.carousel.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/owl.carousel.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/owl.carousel.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-ad3a"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/revolution/jquery.themepunch.tools.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/revolution/jquery.themepunch.tools.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/revolution/jquery.themepunch.tools.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-1af53"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/revolution/extensions/revolution.extension.slideanims.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/revolution/extensions/revolution.extension.slideanims.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/revolution/extensions/revolution.extension.slideanims.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-7188"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/jquery-3.4.1.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/jquery-3.4.1.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/jquery-3.4.1.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-15850"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/tooltipster.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/tooltipster.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/tooltipster.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-b66f"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
mrgsoft.ge/js/revolution/extensions/revolution.extension.layeranimation.min.js
185.139.57.132200 OK 0 B URL HTTP/2 mrgsoft.ge/js/revolution/extensions/revolution.extension.layeranimation.min.js
IP 185.139.57.132:0
ASN #203301 Datacenter Ltd
Analyzer Verdict Alert fortinet Malware
GET /js/revolution/extensions/revolution.extension.layeranimation.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-d9fb"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2