Report - mrgsoft.ge/

Report Overview

Submitted URL
mrgsoft.ge/
IP
185.139.57.132
ASN
#203301 Datacenter Ltd
Submitted
2023-01-19 00:57:32
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
52

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.202.13.86
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	46 kB	34.120.237.76
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	379 B	45 kB	142.250.74.168
mrgwebstudio.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.4 kB	653 kB	185.139.57.132
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	702 B	173.194.222.156
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.8 kB	142.250.74.131
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	367 B	21 kB	142.250.74.110
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	12 kB	31.13.72.36
mrgsoft.ge	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	20 kB	1.9 MB	185.139.57.132
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
socialplugin.facebook.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	514 B	1.2 kB	31.13.72.8

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-19	medium	mrgsoft.ge/	Malware
2023-01-19	medium	mrgsoft.ge/	Malware
2023-01-19	medium	mrgsoft.ge/js/parallaxie.js	Malware
2023-01-19	medium	mrgsoft.ge/js/jquery.cubeportfolio.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/revolution/extensions/revolution.extension.navigation.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/revolution/extensions/revolution.extension.video.min.js	Malware
2023-01-19	medium	mrgsoft.ge/icofont/fonts/icofont.woff2	Malware
2023-01-19	medium	mrgsoft.ge/js/wow.js	Malware
2023-01-19	medium	mrgsoft.ge/js/revolution/extensions/revolution.extension.kenburn.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/revolution/extensions/revolution.extension.parallax.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/functions.js	Malware
2023-01-19	medium	mrgsoft.ge/js/jquery.appear.js	Malware
2023-01-19	medium	mrgsoft.ge/js/revolution/extensions/revolution.extension.carousel.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/jquery.fancybox.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/revolution/extensions/revolution.extension.actions.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/bootstrap.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/revolution/extensions/revolution.extension.migration.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/propper.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/jquery-countTo.js	Malware
2023-01-19	medium	mrgsoft.ge/js/revolution/jquery.themepunch.revolution.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/owl.carousel.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/revolution/jquery.themepunch.tools.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/revolution/extensions/revolution.extension.slideanims.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/jquery-3.4.1.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/tooltipster.min.js	Malware
2023-01-19	medium	mrgsoft.ge/js/revolution/extensions/revolution.extension.layeranimation.min.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (26)

	URL	Size	First Seen	Last Seen
	mrgsoft.ge/js/functions.js	59 kB	2023-03-10	2023-03-13
Pretty URL mrgsoft.ge/js/functions.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:12:05 Last Seen2023-03-13 02:38:57 Times Seen1 Hash 8889079b4e8526753ff07da9ab3380d6 561ab64263459b4c81d6326370d122a02b7086c1 f63770a3db7060811ad74b8df087bb350f69b172c409a17d7f436619e23a5f58 Loading...

	mrgsoft.ge/js/revolution/jquery.themepunch.tools.min.js	110 kB	2023-03-07	2024-04-21
Pretty URL mrgsoft.ge/js/revolution/jquery.themepunch.tools.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:25 Last Seen2024-04-21 08:37:23 Times Seen984 Hash 19d4f48f4835f709ce89e903945463da da149c4015cbfcf532bd7d19171799fa45cec695 df9d8dd88e97a897d0be8ef27eb76357d276aeabb67320756b753e5e61eac5d4 Loading...

	mrgsoft.ge/js/revolution/extensions/revolution.extension.layeranimation.min.js	56 kB	2023-03-07	2024-04-07
Pretty URL mrgsoft.ge/js/revolution/extensions/revolution.extension.layeranimation.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:13 Last Seen2024-04-07 18:20:51 Times Seen388 Hash 8aed34e3462137b710b26c8703821f4a 95732aa10bc7492eb6a298630c7b882cc853e1b1 1a6c734eea2fc2873c7d9f116df64e8884458e07d1d459a32686358275044ce9 Loading...

	mrgsoft.ge/js/jquery.appear.js	1.3 kB	2023-03-07	2024-04-18
Pretty URL mrgsoft.ge/js/jquery.appear.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:41:09 Last Seen2024-04-18 23:00:16 Times Seen461 Hash 64531fe766285a4f78a602f316d52d48 9a0ace71a45e5546e2d3464f3439f563d865aed4 7212f627fb02a6e5780ddae7870b9b06906e322ba57b33a137444994f5fafb15 Loading...

	www.googletagmanager.com/gtag/js?id=UA-37790395-1	112 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=UA-37790395-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:38:57 Last Seen2023-03-13 02:38:57 Times Seen1 Hash a6a41dc3efc59f4c54a8e3c6a7759e15 d6d05d07b0be382a4d5895676f3500f7f6070840 82eb2f048741ff8475611e7d593ef44ba76eca174dbdd768dabdb66d163342ca Loading...

	mrgsoft.ge/js/owl.carousel.min.js	44 kB	2023-03-07	2024-03-26
Pretty URL mrgsoft.ge/js/owl.carousel.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:06 Last Seen2024-03-26 02:22:37 Times Seen133 Hash 5274afb2522b0f6f1b6a019949c3c104 b997b22b2c29b920c21f627418a205413f2e18da 1756fb46aa1a7fe26e8c57328db54497ef70236895be1a7160718bb772abe23b Loading...

	mrgsoft.ge/js/revolution/extensions/revolution.extension.migration.min.js	26 kB	2023-03-07	2024-04-07
Pretty URL mrgsoft.ge/js/revolution/extensions/revolution.extension.migration.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:13 Last Seen2024-04-07 18:20:51 Times Seen403 Hash 50e3b12080f2551d772e582a6c71a2d9 df0fc48c06090ba494a0a9bc364bcd45bf545d6a 3f7eff75a67d71ae3300496c253a27964922dbc2932f2f53ef3b8c5d253be7eb Loading...

	mrgsoft.ge/js/revolution/extensions/revolution.extension.parallax.min.js	11 kB	2023-03-07	2024-02-26
Pretty URL mrgsoft.ge/js/revolution/extensions/revolution.extension.parallax.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:13 Last Seen2024-02-26 04:16:02 Times Seen201 Hash 5aa9ba9b8fe8d9e36b1c5e12e6c6cf4b 8dece34b3209db885db5ed49bce35287a62f8aa1 33c1ae0142e84d8e6f37149c5e4dea55e958a4b2efed23aa71b3fa30b8b01f43 Loading...

	mrgsoft.ge/	162 B	2023-03-10	2023-03-13
Pretty URL mrgsoft.ge/ IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:12:05 Last Seen2023-03-13 02:38:57 Times Seen1 Hash 7fbafdd98a2bc85830a4085504b35f09 b796c0740a90d9fc2ae02fe31d7ec1909a1efe81 122a50a2a967ec9a1492ebe4b0ad2a70593327b1fc271f507b3e13560a1eeb4d Loading...

	mrgsoft.ge/js/jquery-3.4.1.min.js	88 kB	2023-03-07	2024-04-26
Pretty URL mrgsoft.ge/js/jquery-3.4.1.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:01 Last Seen2024-04-26 19:21:22 Times Seen7632 Hash f832e36068ab203a3f89b1795480d0d7 2115753ca5fb7032aec498db7bb5dca624dbe6be 4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf Loading...

	mrgsoft.ge/js/jquery.fancybox.min.js	68 kB	2023-03-08	2024-04-05
Pretty URL mrgsoft.ge/js/jquery.fancybox.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:37:36 Last Seen2024-04-05 22:47:03 Times Seen98 Hash 29e78ab266dce3b1608d77bc533c0752 2bdabe920a06f15478524b68a9223effd7f37bdd 7997e379ebf70e0477a8f4b4af3d12ffbe25726b7edcdbcaf51008b27edf4f09 Loading...

	mrgsoft.ge/js/revolution/extensions/revolution.extension.kenburn.min.js	3.7 kB	2023-03-07	2024-02-26
Pretty URL mrgsoft.ge/js/revolution/extensions/revolution.extension.kenburn.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:13 Last Seen2024-02-26 04:16:02 Times Seen117 Hash 48b60f3a0b3076e91b42f9e80a885194 9ecba475905e50294fc65f01d64dd7226d24e4f4 5b216777bef9d5365556f248f4315edddf50d41ecd482b0540afc6889c20ad11 Loading...

	mrgsoft.ge/js/revolution/extensions/revolution.extension.slideanims.min.js	29 kB	2023-03-07	2024-04-07
Pretty URL mrgsoft.ge/js/revolution/extensions/revolution.extension.slideanims.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:13 Last Seen2024-04-07 18:20:51 Times Seen404 Hash 72c040d18f4fa55041e4e12465b93d71 1c6c111ab7f353174d6b748a4dbcfda7c7581f51 f95451484140b43477703ccc877417090750af44578456326f8cfc2de4a86c57 Loading...

	mrgsoft.ge/js/revolution/extensions/revolution.extension.carousel.min.js	7.6 kB	2023-03-07	2024-04-11
Pretty URL mrgsoft.ge/js/revolution/extensions/revolution.extension.carousel.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:13 Last Seen2024-04-11 14:49:28 Times Seen103 Hash bbebd66e64af7b23800e33b5bab40cb5 dc3feac0d2e1068e05bd5aa93774e1547b6fbd35 cfcc1e6ae537c0ab1eb3a57581b45c6f435c50927899da8166defa129ae60282 Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 00:25:24 Times Seen37106282 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	mrgsoft.ge/js/bootstrap.min.js	49 kB	2023-03-07	2024-04-26
Pretty URL mrgsoft.ge/js/bootstrap.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-26 22:55:05 Times Seen137276 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	mrgsoft.ge/js/revolution/extensions/revolution.extension.video.min.js	26 kB	2023-03-07	2024-02-25
Pretty URL mrgsoft.ge/js/revolution/extensions/revolution.extension.video.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:38:59 Last Seen2024-02-25 19:42:04 Times Seen95 Hash d376e3e1a90d66c70b68b358348f104a 62a2745cacf3dfa645b5f6819951ff7aef9b27bc 0b5f8f515082abc99d0c4519c9589cec392230052d80a76cb42eab7085fa1139 Loading...

	mrgsoft.ge/js/jquery-countTo.js	2.6 kB	2023-03-08	2024-04-24
Pretty URL mrgsoft.ge/js/jquery-countTo.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:37:36 Last Seen2024-04-24 05:55:15 Times Seen37 Hash 039cb6b0c57100a2c8b624b6ed045805 c2a82e1684e620d4205c206bcea1a6f2adacfb3f b4f450da7d01c9f1d499528fd5d4407bdbc19723a70d8ff1feb85f23358f0149 Loading...

	mrgsoft.ge/js/parallaxie.js	714 B	2023-03-08	2024-02-17
Pretty URL mrgsoft.ge/js/parallaxie.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:37:36 Last Seen2024-02-17 09:13:43 Times Seen93 Hash ad4cb3a8c7ec5f55365210bf6953ec81 61cd81474e7526b4d2dd3a3619ae20c2f497bf5d 2c72543080d3623bc00e4edd662a43345f1a8503df9d5ccee1d456f78a5a8909 Loading...

	mrgsoft.ge/js/propper.min.js	19 kB	2023-03-07	2024-04-26
Pretty URL mrgsoft.ge/js/propper.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-26 22:55:05 Times Seen111975 Hash 70d3fda195602fe8b75e0097eed74dde c3b977aa4b8dfb69d651e07015031d385ded964b a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Loading...

	mrgsoft.ge/	665 B	2023-03-10	2023-03-13
Pretty URL mrgsoft.ge/ IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:12:05 Last Seen2023-03-13 02:38:58 Times Seen1 Hash 8c66e64a05116ba1536799fc829a3f16 697ae3fd9d1a630d8c19403ec37f138bb79c430e 4d0083c2de961d25392790670c15b89582e7f45009270a3f5350aa30351b47be Loading...

	mrgsoft.ge/js/tooltipster.min.js	47 kB	2023-03-08	2023-10-27
Pretty URL mrgsoft.ge/js/tooltipster.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:37:36 Last Seen2023-10-27 14:24:32 Times Seen7 Hash 1d66693eee03076d150048d5b30be515 5dcaf449a35e880e45cd8a6047ad0e6405fe9b99 c0321a2e8bc7b426ee995c2e7dee4555c2a8c43c12b53a88a7abeca960a64be8 Loading...

	mrgsoft.ge/js/wow.js	8.5 kB	2023-03-08	2024-02-17
Pretty URL mrgsoft.ge/js/wow.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:37:36 Last Seen2024-02-17 09:13:43 Times Seen67 Hash a9e0c5b812dcb9decbd3e8992843200e d015615d003cffa14aee5022b6824e205514f16a 2f770da1025db133154e19d0c47e09f0a0ac2405672d11a9d0874d741c6cbafd Loading...

	mrgsoft.ge/js/revolution/extensions/revolution.extension.actions.min.js	8.3 kB	2023-03-07	2024-04-07
Pretty URL mrgsoft.ge/js/revolution/extensions/revolution.extension.actions.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:13 Last Seen2024-04-07 18:20:51 Times Seen191 Hash 4b0a675a4f3fd7e8d40c9bc91b4bdc19 24a36b77e53ce1b686d5fde81739ce515a95f431 336117be1a08c493220a52d0a0dcb4abdc1aa611091694e814cbafdde54b4257 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	mrgsoft.ge/js/revolution/jquery.themepunch.revolution.min.js	65 kB	2023-03-07	2024-04-21
Pretty URL mrgsoft.ge/js/revolution/jquery.themepunch.revolution.min.js IP 185.139.57.132 ASN #203301 Datacenter Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:13 Last Seen2024-04-21 08:37:23 Times Seen691 Hash 1e25707220e95e3ebf632ac9c6436d48 f82e0ebf0bf55f3fddea61980fcac5995652a2c1 608a972e8527f7911c8002d3e9375b7ee25e2b850f0b0d42b1ed8417b1bb841b Loading...

HTTP Transactions (87)

URL IP Response Size

mrgsoft.ge/

185.139.57.132

301 Moved Permanently

162 B

URL HTTP/1.1
mrgsoft.ge/
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 19 Jan 2023 00:57:20 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://mrgsoft.ge/

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
37284a837312d6586460a3b86bbe7bd0
6ac0847abd48eb8607597218aaa2cb2d434c012b
6a0e11bb042555d72b397ae0cc3d5e242d3a3fe04418e28ffd222decca7d16ca

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A0E11BB042555D72B397AE0CC3D5E242D3A3FE04418E28FFD222DECCA7D16CA"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16381
Expires: Thu, 19 Jan 2023 05:30:21 GMT
Date: Thu, 19 Jan 2023 00:57:20 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8095
Expires: Thu, 19 Jan 2023 03:12:15 GMT
Date: Thu, 19 Jan 2023 00:57:20 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 19 Jan 2023 00:49:23 GMT
content-type: application/json
age: 477
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7afaa97fbfa9baa1485c892eac8e114d
8c17c707c218e28ac14197ce8e5eef873207a732
59db16baacb452453dbf44fc2a24f25ab09c4dbaec3a9271fda84230d8f11925

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59DB16BAACB452453DBF44FC2A24F25AB09C4DBAEC3A9271FDA84230D8F11925"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15209
Expires: Thu, 19 Jan 2023 05:10:49 GMT
Date: Thu, 19 Jan 2023 00:57:20 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: HR4FgM/GIH+tnJZVA3n9tlkAxEVm9rgTq1uFzMja9w1OgqTWpz37dTKpZVLFWl26tVGgnsdmkSk=
x-amz-request-id: MAA1E0RW6FNZ1CZT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 19 Jan 2023 00:56:53 GMT
age: 27
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:20 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

mrgsoft.ge/

185.139.57.132

200 OK

8.6 kB

URL HTTP/2
mrgsoft.ge/
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (800), with CRLF, LF line terminators
Size
8.6 kB (8572 bytes)
Hash
8a9b4f47ecf0f6af00d1bc45e6f8fb93
bfdd319874d930a6d38f8951397f8b7456e85210
eb1554abc44da7adbf304a344a62b38d30fe6c002295f1349021715def43844d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:20 GMT
content-type: text/html; charset=UTF-8
content-length: 8572
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; path=/
name=564210299; expires=Sat, 18-Feb-2023 00:57:20 GMT; Max-Age=2592000; path=/
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
783c01fa14ade2316e22ead869b3dbf8
71e20a947b3a9e10cb2bf046e2ca3da294d97f70
9b0aee93ad83dd0c14a106a2514b86ab950b2fc679596fd621841242b5c7e95c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 00:57:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-37790395-1

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-37790395-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (44087 bytes)
Hash
6cb99c0fea73c3a4b806f0915390206c
cc5d0569b655e21849dfb55af1bd2ce150a0503f
e994c249e5cde769d5d95731949aa11cac823b8fde350ed0d18e58d25d3f7452

HTTP Headers

GET /gtag/js?id=UA-37790395-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 19 Jan 2023 00:57:21 GMT
expires: Thu, 19 Jan 2023 00:57:21 GMT
cache-control: private, max-age=900
last-modified: Thu, 19 Jan 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44087
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
783c01fa14ade2316e22ead869b3dbf8
71e20a947b3a9e10cb2bf046e2ca3da294d97f70
9b0aee93ad83dd0c14a106a2514b86ab950b2fc679596fd621841242b5c7e95c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 00:57:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 19 Jan 2023 00:17:25 GMT
age: 2396
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

mrgsoft.ge/images/de.png

185.139.57.132

200 OK

15 kB

URL HTTP/2
mrgsoft.ge/images/de.png
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
PNG image data, 21 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
15 kB (15418 bytes)
Hash
f3677aa3ca479086333ff3e0f0c9a138
272b47ebe64ffb11332b857500898e2615baf765
a67ebc404e18c4de584f417ef4a3b565e53b5640b0d2bf77d0e39dd635088c09

HTTP Headers

GET /images/de.png HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/png
content-length: 15418
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-3c3a"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgsoft.ge/images/en.png

185.139.57.132

200 OK

1.9 kB

URL HTTP/2
mrgsoft.ge/images/en.png
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
PNG image data, 21 x 15, 8-bit/color RGB, non-interlaced\012- data
Size
1.9 kB (1870 bytes)
Hash
487afa028990b9abd7765ff60dc62449
5a24460c636728ba2c5f46151c0f46596188a669
cb45457ca31a6b79a26ed470c804f2740451962bdbe6a9cd320bb9904d48f7b5

HTTP Headers

GET /images/en.png HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/png
content-length: 1870
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-74e"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgsoft.ge/css/owl.carousel.min.css

185.139.57.132

200 OK

1.3 kB

URL HTTP/2
mrgsoft.ge/css/owl.carousel.min.css
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text, with very long lines (2846)
Size
1.3 kB (1257 bytes)
Hash
6180df92b271476e0774a07494f7c4e9
58f7f6a32f44f13616309ce1ebadb7eb13c1ba4f
24cd606a11c820fee107a7362fd97094e5ffd45113925009453853110054ca95

HTTP Headers

GET /css/owl.carousel.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-b78"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/parallaxie.js

185.139.57.132

200 OK

366 B

URL HTTP/2
mrgsoft.ge/js/parallaxie.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text, with very long lines (714), with no line terminators
Size
366 B (366 bytes)
Hash
66fee7ebe6ee6306b7250d8813f52243
c0c541954989f6b3d9a9ca6a0fb9bfd43f69c1b6
608431857fd841b42819f6a8f02e467bf37d67eb59602c39f30d0085bac662e3

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/parallaxie.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
content-length: 366
x-accel-version: 0.01
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "2ca-5d4a9570fbbb8-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
X-Firefox-Spdy: h2

mrgsoft.ge/images/mrgwebstudio.png

185.139.57.132

200 OK

58 kB

URL HTTP/2
mrgsoft.ge/images/mrgwebstudio.png
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
PNG image data, 1553 x 369, 8-bit/color RGBA, non-interlaced\012- data
Size
58 kB (57586 bytes)
Hash
1d3776b01d35fc2796e2020546aa9ff1
df422cb8a9b88c43c76777266d9a0707e0f9c36c
396a0e797990655259ae16b047dd9ccad28b4ee285ee71b8693b296eadecda2d

HTTP Headers

GET /images/mrgwebstudio.png HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/png
content-length: 57586
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-e0f2"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgsoft.ge/images/ka.png

185.139.57.132

200 OK

1.6 kB

URL HTTP/2
mrgsoft.ge/images/ka.png
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
PNG image data, 21 x 15, 8-bit/color RGB, non-interlaced\012- data
Size
1.6 kB (1604 bytes)
Hash
25afc5d6f8c739bd8a722840ac9d3638
8d72d0f3f7d276f806f74feb26b2983830de4d6e
d19eeb36e4f0f5bb9c15c294b3f1522c32dbf2949f9360ccc0043ca2b37b54d1

HTTP Headers

GET /images/ka.png HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/png
content-length: 1604
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-644"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgsoft.ge/images/ru.png

185.139.57.132

200 OK

15 kB

URL HTTP/2
mrgsoft.ge/images/ru.png
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
PNG image data, 21 x 15, 8-bit/color RGB, non-interlaced\012- data
Size
15 kB (15184 bytes)
Hash
35ae8df4c0e0317203174e446a1ffc31
867e9f6ac178da86aa055b474919ea58c1029acc
9d736852098148326a2d1f11592ca1da679f4b3ef4ce5cb48a434f0c45a37dbd

HTTP Headers

GET /images/ru.png HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/png
content-length: 15184
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-3b50"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgsoft.ge/images/qr.png

185.139.57.132

200 OK

40 kB

URL HTTP/2
mrgsoft.ge/images/qr.png
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
PNG image data, 1148 x 1148, 8-bit/color RGB, non-interlaced\012- data
Size
40 kB (40046 bytes)
Hash
cd9305519cd4d57a17c6c561611eae48
680acc730c9f5fbb9ae4dc1541f2dc23bb7b91f8
dd19b87b12657d9556dd4da9423c52d2e755b44bd9fb96b44ead1197aa51cdf1

HTTP Headers

GET /images/qr.png HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/png
content-length: 40046
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-9c6e"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
da63a934cf5433b8e2e854c0163a7140
1f4e55308396375cfb0978f385b5a3de54ab2238
f31151e5a90c06ec9a1ac005faa6c903478c479a280ddbeb816473434a5ee31c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F31151E5A90C06EC9A1AC005FAA6C903478C479A280DDBEB816473434A5EE31C"
Last-Modified: Thu, 19 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21592
Expires: Thu, 19 Jan 2023 06:57:13 GMT
Date: Thu, 19 Jan 2023 00:57:21 GMT
Connection: keep-alive

mrgsoft.ge/js/jquery.cubeportfolio.min.js

185.139.57.132

200 OK

18 kB

URL HTTP/2
mrgsoft.ge/js/jquery.cubeportfolio.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text, with very long lines (32038)
Size
18 kB (18191 bytes)
Hash
b13f799c7317cf6359d03a93632d4e30
dc11d409b80c4a395282d95d70156035ef481767
977ba1ee11439ce4bcb5f560ac40fef888ac4d324945ed8b7969299a396db32a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/jquery.cubeportfolio.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-1330d"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/css/cubeportfolio.min.css

185.139.57.132

200 OK

13 kB

URL HTTP/2
mrgsoft.ge/css/cubeportfolio.min.css
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text, with very long lines (65256)
Size
13 kB (12859 bytes)
Hash
c9b78c5b0ee7af9b43abbb07d31502ab
3fde27077ca4fd0e8741c338b133fa4185ee6edc
c843760664107891b18562522af5159424d2ad140b349ab30d1af7f52b1c21c0

HTTP Headers

GET /css/cubeportfolio.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-18d59"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/css/revolution/navigation.css

185.139.57.132

200 OK

850 B

URL HTTP/2
mrgsoft.ge/css/revolution/navigation.css
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text
Size
850 B (850 bytes)
Hash
f199570eea671ed2c742ec5941c94cf9
ac6a7fd4d3733c42acff63c17a7f3fc2219bfcd4
55108082c6c24db9aba5536790195449197a09c7185c1fdd51cbfb82d13a6753

HTTP Headers

GET /css/revolution/navigation.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-5fc"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/css/tooltipster.min.css

185.139.57.132

200 OK

1.7 kB

URL HTTP/2
mrgsoft.ge/css/tooltipster.min.css
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text, with very long lines (6495)
Size
1.7 kB (1673 bytes)
Hash
89eddc6362e0106fd7424d43bfce4265
5d10ffd6cd428716881566349c659cba045ae3ad
1234bbd160399ca09ed36e4efc56d36487096692aa3f8bb3e1402cf81442d50d

HTTP Headers

GET /css/tooltipster.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-1d76"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/revolution/extensions/revolution.extension.navigation.min.js

185.139.57.132

200 OK

812 kB

URL HTTP/2
mrgsoft.ge/js/revolution/extensions/revolution.extension.navigation.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text, with very long lines (25862)
Size
812 kB (811540 bytes)
Hash
2282a92c1a3cad851926c30277a50fca
7b1a0e9de44efb72bf363dc794e4fb34ed763334
683159716dbfb958e34c91cea8ab1358769d9ff481cd00e68438b2c0359a1ccb

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/revolution/extensions/revolution.extension.navigation.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-65f1"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/revolution/extensions/revolution.extension.video.min.js

185.139.57.132

200 OK

35 kB

URL HTTP/2
mrgsoft.ge/js/revolution/extensions/revolution.extension.video.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text, with very long lines (25833)
Size
35 kB (34570 bytes)
Hash
97121647f36b97e45b70f4216fe527fa
48d07aa0ab3121ee624c01bf2c8f4dc984aee082
67fca20ff8a4a43ce3bd0159ca02183f07bab1e630b56881d99a38e3a4bf318f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/revolution/extensions/revolution.extension.video.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-65d9"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/css/bootstrap.min.css

185.139.57.132

200 OK

95 kB

URL HTTP/2
mrgsoft.ge/css/bootstrap.min.css
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text, with very long lines (65324)
Size
95 kB (95118 bytes)
Hash
c5fd4fc4ac7c6257f642307f4ae0a897
5f9d85e741a903959a3f3525bc340cce6f025c5f
c57250018bc8d41cccc650ea009d1d32f54bfa8f76dc3f7290d75916cd85eb78

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-2606e"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/boxicons/css/boxicons.min.css

185.139.57.132

200 OK

86 kB

URL HTTP/2
mrgsoft.ge/boxicons/css/boxicons.min.css
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text, with very long lines (63235), with no line terminators
Size
86 kB (85641 bytes)
Hash
8e95a3bb1ebb241bebd1f5f62ddb9acb
7f5c23ff5d8f8a435b392cb71d1c0cea673cfb96
252ccff9525a4c6c89153860c49335fc23d63684fcc3fe769ec0b0dab3a1e0c4

HTTP Headers

GET /boxicons/css/boxicons.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-f703"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/icofont/fonts/icofont.woff2

185.139.57.132

200 OK

538 kB

URL HTTP/2
mrgsoft.ge/icofont/fonts/icofont.woff2
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
Web Open Font Format (Version 2), TrueType, length 537868, version 1.0\012- data
Size
538 kB (537868 bytes)
Hash
50a4ab76e700a83e649be213f820fbbd
28ad9e9ac82f86c50eb4dd3d713a0698473bdbb3
242e542871bd77c8ff6375418e349ef6b3a32a208e15ca1441166641d212a6a1

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /icofont/fonts/icofont.woff2 HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://mrgsoft.ge/icofont/icofont.min.css
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: font/woff2
content-length: 537868
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: "61d2b442-8350c"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.202.13.86

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.202.13.86:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sr8O28v6ghKQEoRBFKeabg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cV78K06iFKVWd4vseM/7c4ghGcA=

mrgwebstudio.com/photos/1636725095Capture.JPG

185.139.57.132

200 OK

36 kB

URL HTTP/2
mrgwebstudio.com/photos/1636725095Capture.JPG
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Size
36 kB (35736 bytes)
Hash
1340206fcc8ca38017b39f1f39c9539b
6fdcd142eaf25337a31e703eb6da4509500ca533
daf6647e267e4d3a99386cc1abe9c19584a7a0aacd3ca5bc9b80426444106ecc

HTTP Headers

GET /photos/1636725095Capture.JPG HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 35736
last-modified: Mon, 03 Jan 2022 08:31:01 GMT
etag: "61d2b445-8b98"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgwebstudio.com/photos/1659632068Capture.JPG

185.139.57.132

200 OK

51 kB

URL HTTP/2
mrgwebstudio.com/photos/1659632068Capture.JPG
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Size
51 kB (51043 bytes)
Hash
78c04021b7eb2498a734030d4eea1d52
9b24d632211a2309d0bdf342b9c4f6fc3052a7cf
37ce0a8a2d778aed2141ff10446a1eef6198f97d95970884a5442d7e06205995

HTTP Headers

GET /photos/1659632068Capture.JPG HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 51043
last-modified: Thu, 04 Aug 2022 16:54:29 GMT
etag: "62ebf9c5-c763"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgwebstudio.com/photos/1630107199Capture.JPG

185.139.57.132

200 OK

31 kB

URL HTTP/2
mrgwebstudio.com/photos/1630107199Capture.JPG
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Size
31 kB (30596 bytes)
Hash
493b1eb4741eecc2bbcabd93c47a7092
666aef966b772a3a1d3edf09fb3c5641b5a7a824
196b2e481722d000b070eba3802e4ee1df4354ec3327c0d0098cef1fb2464fd4

HTTP Headers

GET /photos/1630107199Capture.JPG HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 30596
last-modified: Mon, 03 Jan 2022 08:31:01 GMT
etag: "61d2b445-7784"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgwebstudio.com/photos/1646341993Capture.JPG

185.139.57.132

200 OK

41 kB

URL HTTP/2
mrgwebstudio.com/photos/1646341993Capture.JPG
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Size
41 kB (40602 bytes)
Hash
e18c9777431e781bae70864ff12ad4fd
a27a02b0b6efcef4b102d72cf4098cf83b384bd2
63e00227e8cdfe210f862692128bfbc2d917e089d682d1ce09a6846978dc6af2

HTTP Headers

GET /photos/1646341993Capture.JPG HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 40602
last-modified: Thu, 03 Mar 2022 21:13:13 GMT
etag: "62212f69-9e9a"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgwebstudio.com/photos/1670353396ss.jpg

185.139.57.132

200 OK

92 kB

URL HTTP/2
mrgwebstudio.com/photos/1670353396ss.jpg
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Size
92 kB (92192 bytes)
Hash
566686c2b19b9ef2bbc3ba1d6af88ab1
19768a6a0a184b080e94178d77cd6c214e95c3d9
2d7423340a118c7853f46039883819c4a0c544506a2bb51437f3b856e041e65e

HTTP Headers

GET /photos/1670353396ss.jpg HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 92192
last-modified: Tue, 06 Dec 2022 19:03:16 GMT
etag: "638f91f4-16820"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgwebstudio.com/photos/1630017894office.jpg

185.139.57.132

200 OK

49 kB

URL HTTP/2
mrgwebstudio.com/photos/1630017894office.jpg
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 800x600, components 3\012- data
Size
49 kB (49147 bytes)
Hash
f8ad337327de483d6065d3d05b5e4571
bff2c2dc467a3576f691fb03bb9f10c19bab3804
7416beb5f307aae611465ee1daa19e008e54eaa49f85d97659270d7f4f2fbee6

HTTP Headers

GET /photos/1630017894office.jpg HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 49147
last-modified: Mon, 03 Jan 2022 08:31:01 GMT
etag: "61d2b445-bffb"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgwebstudio.com/photos/16668483062.jpg

185.139.57.132

200 OK

38 kB

URL HTTP/2
mrgwebstudio.com/photos/16668483062.jpg
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Size
38 kB (37856 bytes)
Hash
4a0a1e9d11a247366c01394ff44099d9
f04ed33192fe5c6c3f5f1d3f8878ec1d4fffb50b
847f22db08fb252aa3fa65da0a90f378b8f8e9f00a3a9933b5cd19d9878b89bb

HTTP Headers

GET /photos/16668483062.jpg HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 37856
last-modified: Thu, 27 Oct 2022 05:25:06 GMT
etag: "635a1632-93e0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgwebstudio.com//photos/1629838638banner1-1.jpg

185.139.57.132

200 OK

69 kB

URL HTTP/2
mrgwebstudio.com//photos/1629838638banner1-1.jpg
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 1920x900, components 3\012- data
Size
69 kB (69221 bytes)
Hash
3ed76bd68ff2084747d577027df1797f
5b42410facf276d7a68a818a6da87ae2079d98e8
dd18c0e3397efd7e072e554deb73b0cee155b004b711b6420878b738215bfb64

HTTP Headers

GET //photos/1629838638banner1-1.jpg HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 69221
last-modified: Mon, 03 Jan 2022 08:31:01 GMT
etag: "61d2b445-10e65"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgwebstudio.com/photos/1630098889Capture.JPG

185.139.57.132

200 OK

61 kB

URL HTTP/2
mrgwebstudio.com/photos/1630098889Capture.JPG
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v90), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Size
61 kB (60954 bytes)
Hash
053184ca0b08dc43a4b40ad3e2bd387b
4ad9ca535a60ae5a8943f38a0272aa382bf16b25
f075f0478080c7806430a071b945f71c5f6e077bdfa1e529325c96256f52bca7

HTTP Headers

GET /photos/1630098889Capture.JPG HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 60954
last-modified: Mon, 03 Jan 2022 08:31:01 GMT
etag: "61d2b445-ee1a"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgwebstudio.com/photos/166357023511.jpg

185.139.57.132

200 OK

50 kB

URL HTTP/2
mrgwebstudio.com/photos/166357023511.jpg
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 50", baseline, precision 8, 1000x490, components 3\012- data
Size
50 kB (50040 bytes)
Hash
e6d19473c1bf5cd12972032b31732006
2b86c72cb0e76404f40c9f5ebf99079eba0d8b8e
bb63f50aca53fe0d5d1e406a0e1f5b1c5d7801c0f912d1fe4cbc3a6cc2d8401b

HTTP Headers

GET /photos/166357023511.jpg HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 50040
last-modified: Mon, 19 Sep 2022 06:50:35 GMT
etag: "6328113b-c378"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

mrgwebstudio.com//photos/1656274905111.jpg

185.139.57.132

200 OK

133 kB

URL HTTP/2
mrgwebstudio.com//photos/1656274905111.jpg
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 50", baseline, precision 8, 1920x900, components 3\012- data
Size
133 kB (132841 bytes)
Hash
174dc62be8b1b4fe92b36742c698f318
23ea8d8ef00ed3b1bbeac0c491e3868ac9658f58
cbdaf936d4a283cc2da1f80f73b35a6004b375032550823e35375a7e3d891205

HTTP Headers

GET //photos/1656274905111.jpg HTTP/1.1
Host: mrgwebstudio.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: image/jpeg
content-length: 132841
last-modified: Sun, 26 Jun 2022 20:21:46 GMT
etag: "62b8bfda-206e9"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
948e6eab4e0fbb57ec991519b205a62b
d85968f393cf652627a14b5afd00e17d46bdfa13
4b1931c60a3b716142ac04c9b573f15dc7cef2297b62c1fad93d132cc6c05391

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2669
Cache-Control: max-age=114858
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 00:57:22 GMT
Etag: "63c7a8af-1d7"
Expires: Fri, 20 Jan 2023 08:51:40 GMT
Last-Modified: Wed, 18 Jan 2023 08:07:11 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 19 Jan 2023 00:41:07 GMT
expires: Thu, 19 Jan 2023 02:41:07 GMT
cache-control: public, max-age=7200
age: 975
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

mrgsoft.ge/js/wow.js

185.139.57.132

200 OK

94 kB

URL HTTP/2
mrgsoft.ge/js/wow.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text, with very long lines (8443)
Size
94 kB (93495 bytes)
Hash
b5d8349ba30cf7df171ef36ef83006f1
dd24f2e1692bfd10fced36e36c4ad2c221b8fda8
9d696cfa7391f0eac6fbc6471ec805f3517d2aa7ef72de4cedd4959a024c2368

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/wow.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-2119"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
948e6eab4e0fbb57ec991519b205a62b
d85968f393cf652627a14b5afd00e17d46bdfa13
4b1931c60a3b716142ac04c9b573f15dc7cef2297b62c1fad93d132cc6c05391

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2669
Cache-Control: max-age=114858
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 00:57:22 GMT
Etag: "63c7a8af-1d7"
Expires: Fri, 20 Jan 2023 08:51:40 GMT
Last-Modified: Wed, 18 Jan 2023 08:07:11 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

mrgsoft.ge/js/revolution/extensions/revolution.extension.kenburn.min.js

185.139.57.132

200 OK

1.4 kB

URL HTTP/2
mrgsoft.ge/js/revolution/extensions/revolution.extension.kenburn.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text, with very long lines (3515)
Size
1.4 kB (1438 bytes)
Hash
2ce74258ce107355cbd4be6da804c79c
0c32f6c0c2db547f15f49d657747792bb7d25b61
776742c52900547e5e0406b32b403eba7de67f0981a44091c8aa03bc279fd320

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/revolution/extensions/revolution.extension.kenburn.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-ea4"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
efac8d32469e6807b1b1f2916a47edf1
68d91e7af565f1cf6597bcdd642a78dbada50a8d
22639289563bb576a7c20b9c733bdd7f98c41519fdddeef0d710f0d058c5bf88

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 00:57:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-37790395-1&cid=752063057.1674089842&jid=593095921&gjid=428345014&_gid=1108835119.1674089842&_u=YEBAAUAAAAAAACAAI~&z=1319397163

173.194.222.156

200 OK

1 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-37790395-1&cid=752063057.1674089842&jid=593095921&gjid=428345014&_gid=1108835119.1674089842&_u=YEBAAUAAAAAAACAAI~&z=1319397163
IP
173.194.222.156:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-37790395-1&cid=752063057.1674089842&jid=593095921&gjid=428345014&_gid=1108835119.1674089842&_u=YEBAAUAAAAAAACAAI~&z=1319397163 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://mrgsoft.ge
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://mrgsoft.ge
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 19 Jan 2023 00:57:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
efac8d32469e6807b1b1f2916a47edf1
68d91e7af565f1cf6597bcdd642a78dbada50a8d
22639289563bb576a7c20b9c733bdd7f98c41519fdddeef0d710f0d058c5bf88

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2023 00:57:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent&current_url=https%3A%2F%2Fmrgsoft.ge%2F&event_name=chat_plugin_sdk_facade_create&is_loaded_by_facade=true&loading_time=0&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842095&sdk=joey&should_use_new_domain=false&suppress_http_code=1

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent&current_url=https%3A%2F%2Fmrgsoft.ge%2F&event_name=chat_plugin_sdk_facade_create&is_loaded_by_facade=true&loading_time=0&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842095&sdk=joey&should_use_new_domain=false&suppress_http_code=1
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent&current_url=https%3A%2F%2Fmrgsoft.ge%2F&event_name=chat_plugin_sdk_facade_create&is_loaded_by_facade=true&loading_time=0&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842095&sdk=joey&should_use_new_domain=false&suppress_http_code=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Origin: https://mrgsoft.ge
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: https://mrgsoft.ge
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: BL4CLFUoDRKbnRqTiAVeHnXPLcuIYTNPtiQ0VNh+NWTyW028JI7YSpQ43v/4cxJlmp2FsypksYsgIORdt6lQHA==
content-length: 0
date: Thu, 19 Jan 2023 00:57:22 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent&current_url=https%3A%2F%2Fmrgsoft.ge%2F&event_name=chat_plugin_sdk_facade_load&is_loaded_by_facade=true&loading_time=463&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842558&sdk=joey&should_use_new_domain=false&suppress_http_code=1

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent&current_url=https%3A%2F%2Fmrgsoft.ge%2F&event_name=chat_plugin_sdk_facade_load&is_loaded_by_facade=true&loading_time=463&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842558&sdk=joey&should_use_new_domain=false&suppress_http_code=1
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /plugins/customer_chat/SDK/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent&current_url=https%3A%2F%2Fmrgsoft.ge%2F&event_name=chat_plugin_sdk_facade_load&is_loaded_by_facade=true&loading_time=463&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842558&sdk=joey&should_use_new_domain=false&suppress_http_code=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Origin: https://mrgsoft.ge
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: https://mrgsoft.ge
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: kUZU28k02mX8mjPAH0FJAvm0UsGytxaYXR7SmqXM4EdmMA2O+tX/hwdCUCPoEwzgu+w95lcXWUEJzchSnwccSg==
content-length: 0
date: Thu, 19 Jan 2023 00:57:22 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4105
Expires: Thu, 19 Jan 2023 02:05:47 GMT
Date: Thu, 19 Jan 2023 00:57:22 GMT
Connection: keep-alive

mrgsoft.ge/js/revolution/extensions/revolution.extension.parallax.min.js

185.139.57.132

200 OK

3.5 kB

URL HTTP/2
mrgsoft.ge/js/revolution/extensions/revolution.extension.parallax.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type
ASCII text, with very long lines (10692)
Size
3.5 kB (3506 bytes)
Hash
4b90b2b8e6977a88bdcffb5795a2aa41
5112fcfbbf821bdacac1b32288538929c0be5838
16cbd4962d2f42d059e3e7431aca2fb9b58623a10d8c104fc464c21bf688cfc9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/revolution/extensions/revolution.extension.parallax.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-2aad"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4105
Expires: Thu, 19 Jan 2023 02:05:47 GMT
Date: Thu, 19 Jan 2023 00:57:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4105
Expires: Thu, 19 Jan 2023 02:05:47 GMT
Date: Thu, 19 Jan 2023 00:57:22 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4105
Expires: Thu, 19 Jan 2023 02:05:47 GMT
Date: Thu, 19 Jan 2023 00:57:22 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5e839b2-9887-4705-93dd-351351c5f612.jpeg

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5e839b2-9887-4705-93dd-351351c5f612.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6489 bytes)
Hash
dca732f3b0a525c0689d566633effb47
9b12e4ce9f936ccb2203807886765e5b0c6e0339
cb5b0faffd9a609aa7f9af0458d032b30d32894b412ecd6d8aa18c90dc0448bf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5e839b2-9887-4705-93dd-351351c5f612.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6489
x-amzn-requestid: 8290bd7c-4fb9-4149-b82a-dde38ba2afca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ewag5H5EoAMFV-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c33e05-6ad6ec63583c8d511f1b6425;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 23:43:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: splv2LTI5lvHrhvTcF5T0t15iXeLQ2FFZ5uPopDoYxFaa8LE5U9uxA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 10:58:17 GMT
age: 50345
etag: "9b12e4ce9f936ccb2203807886765e5b0c6e0339"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5351 bytes)
Hash
1eff6cdee4c98a6f806c5b417b12cdf2
4b4b817055dc2c0699c6e01d85841638e63d9c0e
2f2fdd1e829e4175e8cf915794ffc16e24dac72ab425448cd0ac5165b1b87b2f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5351
x-amzn-requestid: 86ba43bc-0b0f-40ba-9015-463371baf673
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foQFg_IAMFSZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61301-0c1461622a361a5d0ab35cbb;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -mbHxl4DLZkERC2UDDAc2uOtx4kTzqdcgwWxs93CROmqzmbwAU-P6w==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 03:33:22 GMT
age: 77040
etag: "4b4b817055dc2c0699c6e01d85841638e63d9c0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa848e8c9-5ea8-4948-a3e7-109001ff6cba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6235 bytes)
Hash
13457311f170ebcd637e77aa48873488
a51ef5eb01736824f382541c5a4ad025ae35c09e
f57f95cc9f18b2e41951f1fcd9c278ca0f522e98dbf57aeb4c59b4b59deeb605

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa848e8c9-5ea8-4948-a3e7-109001ff6cba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6235
x-amzn-requestid: 919a5e9d-11c0-4b12-a718-f5a256f4fda2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3RXBG8xoAMFW1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5fc2c-2398fc8910eb707e4c15b416;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 01:38:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WwmWT7zXborrCF7_Ul5LFV1EboOT5KBXf9TSATbFi01dpip5BGSQNQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 21:50:00 GMT
age: 11242
etag: "a51ef5eb01736824f382541c5a4ad025ae35c09e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F358af8d7-be1d-4bbe-ab3e-a9efaf49e1ac.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (5005 bytes)
Hash
2b8f931fb5afe958e67fce9e1822dac4
5732887999b819f6facc6f4608a407b5a09adf75
3c6c787e700f8139ec0eeaad93923f647f9efa5ce60120fc0aab52fa9588efaf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F358af8d7-be1d-4bbe-ab3e-a9efaf49e1ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5005
x-amzn-requestid: 647dd62e-6b47-4298-9457-c7f37e653e0e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e5qLKEX6IAMFX0g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c6f0ad-3dc1396c1b3662fa4ec5f1fa;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 19:02:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ge_XozSe44BAhC-fFiu-u8Oa4jd8Uctn4O3fmdLCavhYpcSVrhNMww==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 17:42:33 GMT
age: 26089
etag: "5732887999b819f6facc6f4608a407b5a09adf75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4d15f9a-9958-436b-ac3e-167b5a6563ea.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.9 kB (3861 bytes)
Hash
b1b47910c4f71976f73a884bcae6f9bc
26c0d42fddb2a02d9878c34a76874710c92a9d30
9c5ce4945939b126cd36202f5afb8009ce790a792270ec31cc22099e4cd12a24

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4d15f9a-9958-436b-ac3e-167b5a6563ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3861
x-amzn-requestid: c8fbb2e1-9ec6-42c0-8030-9be785e8913e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9TegFNEoAMFwqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c865f6-04a9e7db684e88ed69e1bd43;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:34:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: wTiBoiSa1euVzUKPwlAWWZD-fYwMQGxgvRRzr1ALkrFY5VV3zeL9Jg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 21:52:42 GMT
age: 11080
etag: "26c0d42fddb2a02d9878c34a76874710c92a9d30"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03bd9522-eeb8-49fc-b9be-5881b7bc5ce5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12174 bytes)
Hash
eeb5713ea23c36906255e88dc10eadbf
896d92a22f676b5946004feb723b094a8a36e09c
eb75a6fcc83d5134137caa6aa110e284a93149faab9557aea8853f9d63f82bc8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03bd9522-eeb8-49fc-b9be-5881b7bc5ce5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12174
x-amzn-requestid: 79fee0c7-be5a-4467-b351-aeb8a7e7d19f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e7ULMH_noAMF77g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c79a47-7d7d140511fbcb6063868fd3;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 07:05:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VL7g5MbOqAMyRbpSLbv3GseRY4zBNF22AZ_am4KpDyQqbb0Vp6AL-Q==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 18 Jan 2023 07:26:24 GMT
age: 63058
etag: "896d92a22f676b5946004feb723b094a8a36e09c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

mrgsoft.ge/js/functions.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/functions.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/functions.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-e4ec"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/css/style.css

0 B

URL
mrgsoft.ge/css/style.css
IP
:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/style.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

mrgsoft.ge/js/jquery.appear.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/jquery.appear.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/jquery.appear.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-4f2"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/css/all.min.css

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/css/all.min.css
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/all.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-dcc5"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/revolution/extensions/revolution.extension.carousel.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/revolution/extensions/revolution.extension.carousel.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/revolution/extensions/revolution.extension.carousel.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-1db1"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/jquery.fancybox.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/jquery.fancybox.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/jquery.fancybox.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-10aa9"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/revolution/extensions/revolution.extension.actions.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/revolution/extensions/revolution.extension.actions.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/revolution/extensions/revolution.extension.actions.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-2082"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/bootstrap.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/bootstrap.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/bootstrap.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-bf30"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/icofont/icofont.min.css

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/icofont/icofont.min.css
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /icofont/icofont.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-16830"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/css/animate.min.css

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/css/animate.min.css
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/animate.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-4238"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

www.facebook.com/plugins/customer_chat/facade/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent&current_url=https%3A%2F%2Fmrgsoft.ge%2F&is_loaded_by_facade=true&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842095&sdk=joey&should_use_new_domain=false&suppress_http_code=1

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/plugins/customer_chat/facade/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent&current_url=https%3A%2F%2Fmrgsoft.ge%2F&is_loaded_by_facade=true&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842095&sdk=joey&should_use_new_domain=false&suppress_http_code=1
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /plugins/customer_chat/facade/?app_id=&attribution=biz_inbox&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df27fb9d8705184c%26domain%3Dmrgsoft.ge%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmrgsoft.ge%252Ff288a6eb235703a%26relation%3Dparent.parent&current_url=https%3A%2F%2Fmrgsoft.ge%2F&is_loaded_by_facade=true&locale=en_US&log_id=16af0bba-d47c-4b7c-9114-8e24a533a2b6&page_id=725184574313954&request_time=1674089842095&sdk=joey&should_use_new_domain=false&suppress_http_code=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Origin: https://mrgsoft.ge
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
content-type: application/json; charset=utf-8
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: https://mrgsoft.ge
strict-transport-security: max-age=15552000; preload
x-fb-debug: /Sa7W1gn3zS59MeL4smB0rDO0k5krBhCXZiis9qSZ2gbErwgzfvXfxNzcanfCVwEo/hVAO46jH8KNGjtH7GKaA==
date: Thu, 19 Jan 2023 00:57:22 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mrgsoft.ge/js/revolution/extensions/revolution.extension.migration.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/revolution/extensions/revolution.extension.migration.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/revolution/extensions/revolution.extension.migration.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-65f1"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/css/revolution/settings.css

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/css/revolution/settings.css
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/revolution/settings.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-756c"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/css/jquery.fancybox.min.css

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/css/jquery.fancybox.min.css
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/jquery.fancybox.min.css HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-31fb"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/propper.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/propper.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/propper.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-4af4"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/jquery-countTo.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/jquery-countTo.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/jquery-countTo.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-a29"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

socialplugin.facebook.net/new_domain_gating/?endpoint=customerchat&page_id=725184574313954&suppress_http_code=1

31.13.72.8

200 OK

0 B

URL HTTP/2
socialplugin.facebook.net/new_domain_gating/?endpoint=customerchat&page_id=725184574313954&suppress_http_code=1
IP
31.13.72.8:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /new_domain_gating/?endpoint=customerchat&page_id=725184574313954&suppress_http_code=1 HTTP/1.1
Host: socialplugin.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Origin: https://mrgsoft.ge
Connection: keep-alive
Referer: https://mrgsoft.ge/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
content-type: application/json; charset=utf-8
x-fb-rlafr: 0
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: https://mrgsoft.ge
x-fb-debug: xR+9Bt7hhCFUgAT8PsC/5zuI7eT4SlkwdQePWqdOUgqa+EvvFDlv0zpb+I50jNIUpv8IsVYMDTgE2X7Iu7sq8Q==
date: Thu, 19 Jan 2023 00:57:22 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mrgsoft.ge/js/revolution/jquery.themepunch.revolution.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/revolution/jquery.themepunch.revolution.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/revolution/jquery.themepunch.revolution.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-fdaf"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/owl.carousel.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/owl.carousel.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/owl.carousel.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-ad3a"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/revolution/jquery.themepunch.tools.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/revolution/jquery.themepunch.tools.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/revolution/jquery.themepunch.tools.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-1af53"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/revolution/extensions/revolution.extension.slideanims.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/revolution/extensions/revolution.extension.slideanims.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/revolution/extensions/revolution.extension.slideanims.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-7188"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/jquery-3.4.1.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/jquery-3.4.1.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/jquery-3.4.1.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-15850"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/tooltipster.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/tooltipster.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/tooltipster.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-b66f"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

mrgsoft.ge/js/revolution/extensions/revolution.extension.layeranimation.min.js

185.139.57.132

200 OK

0 B

URL HTTP/2
mrgsoft.ge/js/revolution/extensions/revolution.extension.layeranimation.min.js
IP
185.139.57.132:0
ASN
#203301 Datacenter Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/revolution/extensions/revolution.extension.layeranimation.min.js HTTP/1.1
Host: mrgsoft.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mrgsoft.ge/
Cookie: PHPSESSID=vpadiajj1vklu64656arp9ftrg; name=564210299
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jan 2023 00:57:21 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 08:30:58 GMT
etag: W/"61d2b442-d9fb"
strict-transport-security: max-age=63072000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML