Report - renovasi99.com/online1/update/web/login.php?web/auth/signon=

Report Overview

Submitted URL

renovasi99.com/online1/update/web/login.php?web/auth/signon=
IP

139.162.6.196

ASN

#63949 Linode, LLC
Submitted

2022-10-05T15:47:07Z

Access
Website Title
Final URL
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

25

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org (5)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1630	4431	23.36.76.226
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401	5846	54.230.111.64
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321	229	34.117.237.239
renovasi99.com (39)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14531	2608715	139.162.6.196
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3174	50689	34.120.237.76
region1.google-analytics.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	807	560	216.239.32.36
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758	2662	54.230.111.65
ocsp.digicert.com (1)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329	737	93.184.220.29
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594	127	54.189.157.130
ocsp.pki.goog (3)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	993	2097	142.250.74.3
www.googletagmanager.com (2)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	740	118861	142.250.74.168
www.google-analytics.com (1)	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	358	20685	142.250.74.174

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-05	medium	renovasi99.com/online1/update/web/login.php?web/auth/signon=	Phishing
2022-10-05	medium	renovasi99.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2	Phishing
2022-10-05	medium	renovasi99.com/online1/update/web/1_files/a_002.htm	Phishing
2022-10-05	medium	renovasi99.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.2	Phishing
2022-10-05	medium	renovasi99.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3	Phishing
2022-10-05	medium	renovasi99.com/wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.2	Phishing
2022-10-05	medium	renovasi99.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.12.2	Phishing
2022-10-05	medium	renovasi99.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.5	Phishing
2022-10-05	medium	renovasi99.com/online1/update/web/assets/css/css/wellsfargosans-sbd.woff2	Phishing
2022-10-05	medium	renovasi99.com/wp-content/themes/gillion/css/plugins/bootstrap.min.css?ver=3.3.4	Phishing
2022-10-05	medium	renovasi99.com/online1/update/web/assets/css/css/wellsfargosans-rg.woff2	Phishing
2022-10-05	medium	renovasi99.com/online1/update/web/assets/css/css/wellsfargoserif-rg.woff2	Phishing
2022-10-05	medium	renovasi99.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	Phishing
2022-10-05	medium	renovasi99.com/wp-content/themes/gillion/js/plugins.js?ver=6.0.2	Phishing
2022-10-05	medium	renovasi99.com/wp-content/themes/gillion/js/scripts.js?ver=6.0.2	Phishing
2022-10-05	medium	renovasi99.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3	Phishing
2022-10-05	medium	renovasi99.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3	Phishing
2022-10-05	medium	renovasi99.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.5	Phishing
2022-10-05	medium	renovasi99.com/wp-content/plugins/super-progressive-web-apps/public/js/register-sw.js	Phishing
2022-10-05	medium	renovasi99.com/online1/update/web/assets/css/css/wellsfargosans-sbd.woff	Phishing
2022-10-05	medium	renovasi99.com/online1/update/web/assets/css/css/wellsfargoserif-rg.woff	Phishing
2022-10-05	medium	renovasi99.com/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10	Phishing
2022-10-05	medium	renovasi99.com/superpwa-manifest.json	Phishing
2022-10-05	medium	renovasi99.com/online1/update/web/assets/css/css/wellsfargosans-rg.woff	Phishing
2022-10-05	medium	renovasi99.com/wp-content/uploads/gillion-dynamic-styles.css?ver=226670583	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

HTTP Transactions (63)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

54.230.111.65

200 OK

939

URL HTTP/1.1

firefox.settings.services.mozilla.com/v1/
IP

54.230.111.65:0
ASN

#16509 AMAZON-02

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

1b3053fa528e28810f8a2cc9284cc921

cca9eb471d941881a6b9a1793aecb6c281908f6a

a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 14:47:16 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mjaazc5PkaRdua-drjmy9INRkq-87lxtVjM2O-Lec5gYU85_-3JWdg==
Age: 3579

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

282f6e1328452c1cb41f6a6272fff757

20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262

6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5279
Expires: Wed, 05 Oct 2022 17:14:54 GMT
Date: Wed, 05 Oct 2022 15:46:55 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

54.230.111.64

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP

54.230.111.64:0
ASN

#16509 AMAZON-02

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

67d5a988edcda47bc3b3b3f65d32b4b6

d4f0e0da8b3690cc7da925026d3414b68c7d954f

55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 05 Oct 2022 04:02:33 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
x-cache: Hit from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aDX4dFgzoFAEDXWwH3DlT88ORWCTEAQXdP7O5fSx8HI1Z2X9I3SxNA==
age: 42263
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 15:46:56 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

renovasi99.com/online1/update/web/login.php?web/auth/signon=

139.162.6.196

200 OK

7681

URL HTTP/1.1

renovasi99.com/online1/update/web/login.php?web/auth/signon=
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3101), with CRLF line terminators

Size

7681
Hash

809e92096c5c4f891e00f0094bb124f6

ce31c6c04c36e9c08c162ad2b7ddf504388c9a62

b072dcc43d4bcc4de979e5e8676e290e3cf9b9f3e03d2b61a83ef3413950b407

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /online1/update/web/login.php?web/auth/signon= HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:46:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: DomaiNesia
DN-Request-Id: fcebc5c33502ef961aeeb209fd7c0f8d
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload always
Dynamic-Cache-Status: BYPASS
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

54.230.111.65

200 OK

329

URL HTTP/1.1

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

54.230.111.65:0
ASN

#16509 AMAZON-02

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Wed, 05 Oct 2022 15:30:28 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 05 Oct 2022 15:46:42 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PcVTtcvD29tuQmOvdTuSEhs4FVoQ2fZOztqphERUjCIOCLszEyfclg==
Age: 1043

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

1561c6be7c89d1357a80d12de47b6e74

9a705277922ecca583c867af58b3efce099f83bd

e33dc034dbf4b3b627cd3c1af2d942e2ca5704ec9a4aad5c46ad39eb070e82ab

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6077
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:46:56 GMT
Last-Modified: Wed, 05 Oct 2022 14:05:39 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

renovasi99.com/online1/update/web/assets/css/one.css

139.162.6.196

200 OK

21223

URL HTTP/1.1

renovasi99.com/online1/update/web/assets/css/one.css
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with CRLF line terminators

Size

21223
Hash

dab515cdf11c571903c73c917a7f305e

1d7cc4778f69699d00b9c81bc94aef8b3393f5df

a9c43d16507078690a92e9faca71dbd079fb1bd33338dcd91ec09185a78e8407

HTTP Headers

                                        GET /online1/update/web/assets/css/one.css HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/login.php?web/auth/signon=
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:46:56 GMT
Content-Type: text/css
Last-Modified: Mon, 13 Jun 2022 03:05:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62a6a984-2bd0b"
Server: DomaiNesia
DN-Request-Id: bcc48d758e956b78ceacfce0befe7ffb
Content-Encoding: gzip
Cache-Control: s-maxage=10

push.services.mozilla.com/

54.189.157.130

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

54.189.157.130:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Nuk5cQH8/jPpPAEnhxuNVQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RqlSja/+lQUEXb9teL4tJU3Ei9Y=

renovasi99.com/online1/update/web/assets/favicon.ico

139.162.6.196

200 OK

512

URL HTTP/1.1

renovasi99.com/online1/update/web/assets/favicon.ico
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data

Size

512
Hash

4d70e78f66f5d331ee836936fb0bc80e

555113641f93b76732fd95f951e1eeb26d04cb37

051f2b8d90adea5e391589d119ac85db7079084e032cd1941cf627429a48a55b

HTTP Headers

                                        GET /online1/update/web/assets/favicon.ico HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/login.php?web/auth/signon=
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:46:57 GMT
Content-Type: image/x-icon
Last-Modified: Sat, 13 Nov 2021 11:17:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"618f9ed2-47e"
Server: DomaiNesia
DN-Request-Id: da6fe3216d342629b9f176cf5ebe4548
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/online1/update/web/assets/img/1.jpg

139.162.6.196

200 OK

625433

URL HTTP/1.1

renovasi99.com/online1/update/web/assets/img/1.jpg
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 2400x1600, components 3\012- data

Size

625433
Hash

a7beec55acf059f8f2e69b35fd93a671

e3c3d2cc20962e77be670f7f7e9f08d855f9feba

b8325d272c72a041414d9fb349e9d4bca5e7fc8ad66f47a719e491960afa5683

HTTP Headers

                                        GET /online1/update/web/assets/img/1.jpg HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/login.php?web/auth/signon=
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:46:56 GMT
Content-Type: image/jpeg
Content-Length: 625433
Last-Modified: Sat, 14 May 2022 14:56:44 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "627fc32c-98b19"
Server: DomaiNesia
DN-Request-Id: 1b2c47f9234df90dc7ab9395da2f640d
Cache-Control: s-maxage=10
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e825fc3ba1ec6c169fbc10ffef8dffb0

6bf9cffa8468b37068aebed5a43dbc911086fc84

b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4257
Expires: Wed, 05 Oct 2022 16:57:55 GMT
Date: Wed, 05 Oct 2022 15:46:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e825fc3ba1ec6c169fbc10ffef8dffb0

6bf9cffa8468b37068aebed5a43dbc911086fc84

b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4257
Expires: Wed, 05 Oct 2022 16:57:55 GMT
Date: Wed, 05 Oct 2022 15:46:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e825fc3ba1ec6c169fbc10ffef8dffb0

6bf9cffa8468b37068aebed5a43dbc911086fc84

b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4257
Expires: Wed, 05 Oct 2022 16:57:55 GMT
Date: Wed, 05 Oct 2022 15:46:58 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg

34.120.237.76

200 OK

3585

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

3585
Hash

5d7d7df8d4c440f9db445c3d99e818d6

612b6dbd4ba895c167964ff7e6d9263013b52b0a

bf527a814c78f9e010cce4ba593c9146d54a2137d1f147f7a6250fbad81956ac

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 3585
x-amzn-requestid: 43c510d4-d87c-4665-a132-d798b836d415
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaJbLHEOoAMFfxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a55e0-614faff31425ff183b7ca4dd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:24:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: d1LCc44Gj_0Je8adu7Iv3I9MwkaDPgWqlNHI96UAtZub22l210J65A==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:53:07 GMT
age: 39231
etag: "612b6dbd4ba895c167964ff7e6d9263013b52b0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5832

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5832
Hash

3257b782efae9b64e6e18a547866ec50

4daf0c001e86af8477fb097e8ca932edb8e5f981

899f9692e86405aa288d88dd285a6fe26bedab1a2ca4693212476063890b01a5

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5832
x-amzn-requestid: c4427edd-3d71-47d0-a2d3-b3bfed089535
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1FuUoAMFhBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-46ddff150da4141d23fc0d8a;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iR82CJ6A06dpqy_nm6JrmjeUJT-uhI5rr0dr6ZnhrQQo9Jqxh10qRQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:43:43 GMT
age: 64995
etag: "4daf0c001e86af8477fb097e8ca932edb8e5f981"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10158

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10158
Hash

4fc2ddd86450d64d3fb659ab4e78be58

bbe71936b78a8c34d03ab87948dc840b35c6948f

84a760397a5912bd05f61bc8a953c13a88a677e2d17fbbf74bdf7d7ff4d3942f

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10158
x-amzn-requestid: def1fc7e-8008-466f-9271-20fa1ab0fa5a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaqZCH7doAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a8aa0-7fd2fb1249366f2277d719d6;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 07:09:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aeOU8fGkf5uHuYZ79k17EzxiFnwm0_z7SeZJElgwECzRyhR2N_SYJA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:06:09 GMT
age: 42049
etag: "bbe71936b78a8c34d03ab87948dc840b35c6948f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8816

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8816
Hash

100559d746bedd7c3802661c875c35ee

5261a6c2ee6d6cc87e91ee82e32d8be234db393e

ff06f31267ddcc9a0d84ddc68932872bfed29d072783c3a1dd3790d41c280aec

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8816
x-amzn-requestid: b9f3ec8a-f478-4405-b275-e21f2d7d89d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKK7gFPJIAMF-7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f1e3-250348e6140f3c74762263ea;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:04:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8f83Wv7OrO7NOd1y1LXjfphRmJjdwrkcAxrxUN4A4qSgsEzIQMq81g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 22:38:40 GMT
age: 61698
etag: "5261a6c2ee6d6cc87e91ee82e32d8be234db393e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8926

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8926
Hash

1de7c17a0ba9295135e7f8b490b6a8d3

70e8d1589f3daf71378965dd197934e220fb6aa4

ee559ce3166479e2b930be7d18525f5c2d164aed8ca005302ddaf3bfe37eec24

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8926
x-amzn-requestid: 27fc8976-af8d-40a3-b701-0642fa135ec4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1GSbIAMFTiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-4d4c7837576e0fdb5828fe3b;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YzVofPSJC-YVU1Q1V9AnjNeQTa1BQEh6ZiH2HjSeeX5RygysFP7oAA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:43:25 GMT
age: 65013
etag: "70e8d1589f3daf71378965dd197934e220fb6aa4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7021

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7021
Hash

229c99cfb655a8c9f1a22de69fdff73c

6b5db8fbfb56f083d54b13e7660d0e4bc866aa00

f4099e9153c3dc481add95b0f24dbb8f6d65cc74ad5631d9cb6c6f2a0351843d

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7021
x-amzn-requestid: 2e30bdac-360e-4d0a-8bb7-c3144e074abe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8ucHb1oAMFjYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7f5-18ba6bc50cb32b1e14c882bd;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: UPEhTwAYEIRy-Cnb0ITefEotLyg3rFe_NaGy92xwWe_7hrdo6UQLwQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:56:53 GMT
age: 64205
etag: "6b5db8fbfb56f083d54b13e7660d0e4bc866aa00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

f763a685d14b05b6ced9792151da30b8

b25be5359245be857ffa1bddcb197cb771a36a45

505ad6dc6417d58207f0d68862c4423f4611660ccc6afe165fd3ec2ccb1c893d

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:46:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

f763a685d14b05b6ced9792151da30b8

b25be5359245be857ffa1bddcb197cb771a36a45

505ad6dc6417d58207f0d68862c4423f4611660ccc6afe165fd3ec2ccb1c893d

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:46:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-215293659-1

142.250.74.168

200 OK

42373

URL HTTP/2

www.googletagmanager.com/gtag/js?id=UA-215293659-1
IP

142.250.74.168:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (2039)

Size

42373
Hash

db632fb6813502008f42190b713e777f

8a59f8a1a8efa9c6f6d73c8af5ff3fe5bdf53ad7

e2ef2e8cb481dbc189f47bad5c78e1f307fd3d0b1d805c209ea98f00b772d587

HTTP Headers

                                        GET /gtag/js?id=UA-215293659-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://renovasi99.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 05 Oct 2022 15:46:59 GMT
expires: Wed, 05 Oct 2022 15:46:59 GMT
cache-control: private, max-age=900
last-modified: Wed, 05 Oct 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42373
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-RWLV354VGW

142.250.74.168

200 OK

75008

URL HTTP/2

www.googletagmanager.com/gtag/js?id=G-RWLV354VGW
IP

142.250.74.168:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (18991)

Size

75008
Hash

97b851bd86567e2938856fd57a7be9bf

d102c993b577afc70353db1eeb537356fc896a4e

cc089de29558f503f121c92a607394199c683fdd49adb2384443a48675e504df

HTTP Headers

                                        GET /gtag/js?id=G-RWLV354VGW HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://renovasi99.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 05 Oct 2022 15:46:59 GMT
expires: Wed, 05 Oct 2022 15:46:59 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75008
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

f763a685d14b05b6ced9792151da30b8

b25be5359245be857ffa1bddcb197cb771a36a45

505ad6dc6417d58207f0d68862c4423f4611660ccc6afe165fd3ec2ccb1c893d

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:46:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

renovasi99.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2

139.162.6.196

200 OK

11574

URL HTTP/1.1

renovasi99.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (43771)

Size

11574
Hash

7ef2470d5341507cfc2adcf0a6fafe30

b26bf6bd306bf9746432fcd529ec000b7feac34a

e48a40b05c22a2f0ed4b7ab9231bc43a6f3d549d32ea07fbac905998cee99d22

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Content-Type: text/css
Connection: keep-alive
Last-Modified: Wed, 28 Sep 2022 08:46:23 GMT
Vary: Accept-Encoding
ETag: "633409df-15b64"
Server: DomaiNesia
DN-Request-Id: 5b1b32dcccf80e7e6270aad704a36290
Accept-Ranges: bytes
X-Original-Content-Length: 88932
Content-Encoding: gzip
Content-Length: 11574
Date: Wed, 05 Oct 2022 15:46:59 GMT
Expires: Wed, 05 Oct 2022 15:51:59 GMT
Cache-Control: max-age=300, s-maxage=10

renovasi99.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2

139.162.6.196

200 OK

5021

URL HTTP/1.1

renovasi99.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (15660)

Size

5021
Hash

848f9aadf194f3d024a2a90dbd11e3b5

aecd4b03b5a7829c6ca015d926798dc95e4fa912

36ff79b2f6827e46be1df95ff739e536718c0ee4fc09462678b32d7abd60fc6c

HTTP Headers

                                        GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:46:59 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 28 Sep 2022 08:46:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633409df-48b9"
Server: DomaiNesia
DN-Request-Id: cd08384f5d8f77771c80b6426ca857b6
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/online1/update/web/1_files/a_002.htm

139.162.6.196

404 Not Found

19982

URL HTTP/1.1

renovasi99.com/online1/update/web/1_files/a_002.htm
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8645), with CRLF, LF line terminators

Size

19982
Hash

da3f5cba963868f48d8b3ef27f224db2

09a6f52baf5d4ecf607a86a0e00c437e8d7ff635

17b1ef5c74b60a0a7f3c13516db8e2854aade83c08b7f685f7110b7b43a27d5a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /online1/update/web/1_files/a_002.htm HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/login.php?web/auth/signon=
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Link: <https://renovasi99.com/wp-json/>; rel="https://api.w.org/", </wp-includes/js/wp-emoji-release.min.js?ver=6.0.2>; rel=preload; as=script, </wp-includes/css/dist/block-library/style.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins/bootstrap.min.css?ver=3.3.4>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/style.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/responsive.css?ver=6.0.2>; rel=preload; as=style, </wp-includes/js/jquery/jquery.min.js?ver=3.6.0>; rel=preload; as=script, </wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2>; rel=preload; as=script, </wp-content/themes/gillion/js/plugins.js?ver=6.0.2>; rel=preload; as=script, </wp-content/themes/gillion/js/scripts.js?ver=6.0.2>; rel=preload; as=script
Server: DomaiNesia
DN-Request-Id: 424d10efc49b98d1ca233479b5a03f19
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload always
Static-Cache-Status: MISS
Date: Wed, 05 Oct 2022 15:46:59 GMT
X-Page-Speed: DomaiNesia
Cache-Control: max-age=0, no-cache
Content-Encoding: gzip

renovasi99.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.2

139.162.6.196

200 OK

6846

URL HTTP/1.1

renovasi99.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (30449)

Size

6846
Hash

267360f786ce49458cfcac0886e92a8d

418b50e00bcf4e9651aece9a12b5335c0023cc60

59b7f31efe0e32c86820674638f71020ced2cb616eaaa03823508d0313bfb752

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Content-Type: text/css
Connection: keep-alive
Last-Modified: Tue, 16 Nov 2021 09:55:50 GMT
Vary: Accept-Encoding
ETag: "61938026-7793"
Server: DomaiNesia
DN-Request-Id: c3b2ac72f848df4965f697e7fd5f162b
Accept-Ranges: bytes
X-Original-Content-Length: 30611
Content-Encoding: gzip
Content-Length: 6846
Date: Wed, 05 Oct 2022 15:46:59 GMT
Expires: Wed, 05 Oct 2022 15:51:59 GMT
Cache-Control: max-age=300, s-maxage=10

renovasi99.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3

139.162.6.196

200 OK

968

URL HTTP/1.1

renovasi99.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text

Size

968
Hash

449df335acdba2569792f10b08f377ce

7bdfe28e574129b44f6f001cb8818e8905be9f60

16157f832ff40641a3682fe14286783e2754a18a8199eea811e98621b84f1742

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Content-Type: text/css
Connection: keep-alive
Last-Modified: Thu, 01 Sep 2022 11:27:24 GMT
Vary: Accept-Encoding
ETag: "6310971c-aab"
Server: DomaiNesia
DN-Request-Id: ea6965720b34d4a19af94af92cea8e2f
Accept-Ranges: bytes
Date: Wed, 05 Oct 2022 15:46:59 GMT
Expires: Wed, 05 Oct 2022 15:51:59 GMT
X-Original-Content-Length: 2731
Content-Encoding: gzip
Content-Length: 968
Cache-Control: max-age=300, s-maxage=10

renovasi99.com/wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.2

139.162.6.196

200 OK

543

URL HTTP/1.1

renovasi99.com/wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (1823)

Size

543
Hash

b654e67184fabe792fa805e8669b6e5a

8c3a93eded4867e602218535cec79c1e44a70fb4

ce957666c9ba0b594da74bf39088c4f33e25f51f5566139a5d3be4cadcb1870d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:00 GMT
Content-Type: text/css
Last-Modified: Tue, 16 Nov 2021 09:55:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"61938026-7d1"
Server: DomaiNesia
DN-Request-Id: f395bb4f28b692d9782e506eb1284ff9
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.12.2

139.162.6.196

200 OK

2015

URL HTTP/1.1

renovasi99.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.12.2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (6020), with no line terminators

Size

2015
Hash

a0f6a5eb0cb91d0daad74b8328222380

6c695dc5449c5bd5db56e6e5c57af90cb2b072b8

32c212e90d76ac2533099cfe43e95a3c75c9af2bd6726f2817cc9647a6e4be6e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.12.2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:00 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 14 Sep 2022 05:27:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6321662e-1784"
Server: DomaiNesia
DN-Request-Id: 60f6683fb32305a8350949441291df34
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.5

139.162.6.196

200 OK

12324

URL HTTP/1.1

renovasi99.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.5
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

Unicode text, UTF-8 text, with very long lines (12602), with CRLF line terminators

Size

12324
Hash

3fe5371898ed117dae4bdd37632939c8

3784bc7b37d06f8df476d8d337d6a91a58a44a58

9260143db7e880989c118da6a6eb46a273b1be80c4be8cf8201caeb778e06bf5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.5 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Content-Type: text/css
Connection: keep-alive
Last-Modified: Tue, 16 Nov 2021 10:01:07 GMT
Vary: Accept-Encoding
ETag: "61938163-e6df"
Server: DomaiNesia
DN-Request-Id: 3ef784c0e69f89c03099e80d28a2d49c
Accept-Ranges: bytes
X-Original-Content-Length: 59103
Content-Encoding: gzip
Content-Length: 12324
Date: Wed, 05 Oct 2022 15:46:59 GMT
Expires: Wed, 05 Oct 2022 15:51:59 GMT
Cache-Control: max-age=300, s-maxage=10

renovasi99.com/online1/update/web/assets/css/css/wellsfargosans-sbd.woff2

139.162.6.196

404 Not Found

70493

URL HTTP/1.1

renovasi99.com/online1/update/web/assets/css/css/wellsfargosans-sbd.woff2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8667), with CRLF, LF line terminators

Size

70493
Hash

ef0d89dda1e6a73a9781cf86c689eaf3

0174cb557976effec2f8f76081bcdc3f3340d316

b94f028e0e8a2c2dfea4ee899d711ba862fffa9769088d7a41fed9c6aa658f5a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /online1/update/web/assets/css/css/wellsfargosans-sbd.woff2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://renovasi99.com/online1/update/web/assets/css/one.css

                                        HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Link: <https://renovasi99.com/wp-json/>; rel="https://api.w.org/", </wp-includes/js/wp-emoji-release.min.js?ver=6.0.2>; rel=preload; as=script, </wp-includes/css/dist/block-library/style.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins/bootstrap.min.css?ver=3.3.4>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/style.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/responsive.css?ver=6.0.2>; rel=preload; as=style, </wp-includes/js/jquery/jquery.min.js?ver=3.6.0>; rel=preload; as=script, </wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2>; rel=preload; as=script, </wp-content/themes/gillion/js/plugins.js?ver=6.0.2>; rel=preload; as=script, </wp-content/themes/gillion/js/scripts.js?ver=6.0.2>; rel=preload; as=script
Server: DomaiNesia
DN-Request-Id: aa5c58c548380df90e2a8fbadf0ad429
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload always
Static-Cache-Status: MISS
Date: Wed, 05 Oct 2022 15:46:59 GMT
X-Page-Speed: DomaiNesia
Cache-Control: max-age=0, no-cache

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

d69d7d7defed2f6ee3fcbd4e488000b3

01b7054ea9162b020487023abc9e66e92052abee

969922f003954a541c67d2ee9b8f93f255c63dc60dc31d6b3e9e460adbd020cb

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "969922F003954A541C67D2EE9B8F93F255C63DC60DC31D6B3E9E460ADBD020CB"
Last-Modified: Wed, 05 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 05 Oct 2022 21:47:00 GMT
Date: Wed, 05 Oct 2022 15:47:00 GMT
Connection: keep-alive

renovasi99.com/wp-content/themes/gillion/css/plugins/bootstrap.min.css?ver=3.3.4

139.162.6.196

200 OK

19586

URL HTTP/1.1

renovasi99.com/wp-content/themes/gillion/css/plugins/bootstrap.min.css?ver=3.3.4
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (65367), with CRLF line terminators

Size

19586
Hash

c4663fbb2b4563caa191069564c2a0a4

571784ad0f24bab05db270444a40aa9d96c520f3

fdee22aa72f93d104bb3033125518c71f2029de49821b86d26bbacd7c2ae18e7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/themes/gillion/css/plugins/bootstrap.min.css?ver=3.3.4 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Content-Type: text/css
Connection: keep-alive
Last-Modified: Tue, 14 May 2019 08:00:18 GMT
Vary: Accept-Encoding
ETag: "5cda7592-1d975"
Server: DomaiNesia
DN-Request-Id: 2fbb3b8d17fb2af39cf015d19bf1885f
Accept-Ranges: bytes
X-Original-Content-Length: 121205
Content-Encoding: gzip
Content-Length: 19586
Date: Wed, 05 Oct 2022 15:46:59 GMT
Expires: Wed, 05 Oct 2022 15:51:59 GMT
Cache-Control: max-age=300, s-maxage=10

renovasi99.com/wp-content/themes/gillion/css/plugins.css?ver=6.0.2

139.162.6.196

200 OK

13443

URL HTTP/1.1

renovasi99.com/wp-content/themes/gillion/css/plugins.css?ver=6.0.2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (16772), with CRLF line terminators

Size

13443
Hash

613fc3eee7e4841f45356c3de83d1d7c

26932320cbb7e1c5f92852769a6aafc3023ccfe8

587a27e0fb6710b19998ba521382cf34ad61a19f579104091db1bf02da77163f

HTTP Headers

                                        GET /wp-content/themes/gillion/css/plugins.css?ver=6.0.2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Content-Type: text/css
Connection: keep-alive
Last-Modified: Tue, 14 May 2019 08:00:18 GMT
Vary: Accept-Encoding
ETag: "5cda7592-1302b"
Server: DomaiNesia
DN-Request-Id: 82f41f84805f7270b52aa8b00d314517
Accept-Ranges: bytes
X-Original-Content-Length: 77867
Content-Encoding: gzip
Content-Length: 13443
Date: Wed, 05 Oct 2022 15:46:59 GMT
Expires: Wed, 05 Oct 2022 15:51:59 GMT
Cache-Control: max-age=300, s-maxage=10

renovasi99.com/wp-content/themes/gillion/style.css?ver=6.0.2

139.162.6.196

200 OK

45475

URL HTTP/1.1

renovasi99.com/wp-content/themes/gillion/style.css?ver=6.0.2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF, CR line terminators

Size

45475
Hash

ae4c88752550f70cac8775cb71028e61

afdfe7d5c1c5ce851fa94bd1a73c144c4f688aae

7cfd92c52271587e106256ab457884bb6dd098ef9cf80aa792a5283a47adbbe2

HTTP Headers

                                        GET /wp-content/themes/gillion/style.css?ver=6.0.2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Content-Type: text/css
Connection: keep-alive
Last-Modified: Thu, 06 Jun 2019 09:01:14 GMT
Vary: Accept-Encoding
ETag: "5cf8d65a-472aa"
Server: DomaiNesia
DN-Request-Id: 9d6deacd425867e4aa5e05d24fcbae00
Accept-Ranges: bytes
X-Original-Content-Length: 291498
Content-Encoding: gzip
Content-Length: 45475
Date: Wed, 05 Oct 2022 15:46:59 GMT
Expires: Wed, 05 Oct 2022 15:51:59 GMT
Cache-Control: max-age=300, s-maxage=10

renovasi99.com/wp-content/themes/gillion/css/responsive.css?ver=6.0.2

139.162.6.196

200 OK

1045

URL HTTP/1.1

renovasi99.com/wp-content/themes/gillion/css/responsive.css?ver=6.0.2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with CRLF line terminators

Size

1045
Hash

396ad0f9b71a8e4968e8cfa485e843c9

ababd0ee8620f7e0385b4da4bec717489195add8

ba78257f6bdec1a2138fe3cc761259721bb1219ba4dad1265cca09016f7343ee

HTTP Headers

                                        GET /wp-content/themes/gillion/css/responsive.css?ver=6.0.2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Content-Type: text/css
Connection: keep-alive
Last-Modified: Tue, 14 May 2019 08:00:18 GMT
Vary: Accept-Encoding
ETag: "5cda7592-f85"
Server: DomaiNesia
DN-Request-Id: 3e9930089630e38e61a89a2b51d21898
Accept-Ranges: bytes
Date: Wed, 05 Oct 2022 15:46:59 GMT
Expires: Wed, 05 Oct 2022 15:51:59 GMT
X-Original-Content-Length: 3973
Content-Encoding: gzip
Content-Length: 1045
Cache-Control: max-age=300, s-maxage=10

renovasi99.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

139.162.6.196

200 OK

30969

URL HTTP/1.1

renovasi99.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (65447)

Size

30969
Hash

554969c8ed0e4b5eece1261c4e1e9cd0

3b514b21c2e26b2caa15054e43ed00184a8ebc38

4a10709ca76c5112fbaf69e065b4ef93dd37bcffd4ae39b351e56d40c9322123

HTTP Headers

                                        GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:00 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 28 Sep 2022 08:46:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633409df-15db1"
Server: DomaiNesia
DN-Request-Id: 5f69dd0325da8824f70600164b1528f5
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.5

139.162.6.196

200 OK

98405

URL HTTP/1.1

renovasi99.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.5
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (64288)

Size

98405
Hash

ae018bb5d4c24667507736ff63fd08d5

b5d43aa755cd1588c0160031e8e453ae83a4ab15

b5b88eb327ec1e620a43beae8019edfce988885a1226d3ad5dc7c6fc01696a83

HTTP Headers

                                        GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.5 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:00 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 16 Nov 2021 10:01:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"61938163-5bc43"
Server: DomaiNesia
DN-Request-Id: 27597ca03209073242d67ec125cfc4ea
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/online1/update/web/assets/css/css/wellsfargosans-rg.woff2

139.162.6.196

404 Not Found

277830

URL HTTP/1.1

renovasi99.com/online1/update/web/assets/css/css/wellsfargosans-rg.woff2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8666), with CRLF, LF line terminators

Size

277830
Hash

f4892a3264986ada3336e457d8ef0c82

2e7130f707cfff77f9f63943d3e28d079c000198

36ebffd3844b66f7adda8947c589b634ec1f1db129ba9914ff902b0650c2b57c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /online1/update/web/assets/css/css/wellsfargosans-rg.woff2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://renovasi99.com/online1/update/web/assets/css/one.css

                                        HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Link: <https://renovasi99.com/wp-json/>; rel="https://api.w.org/", </wp-includes/js/wp-emoji-release.min.js?ver=6.0.2>; rel=preload; as=script, </wp-includes/css/dist/block-library/style.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins/bootstrap.min.css?ver=3.3.4>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/style.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/responsive.css?ver=6.0.2>; rel=preload; as=style, </wp-includes/js/jquery/jquery.min.js?ver=3.6.0>; rel=preload; as=script, </wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2>; rel=preload; as=script, </wp-content/themes/gillion/js/plugins.js?ver=6.0.2>; rel=preload; as=script, </wp-content/themes/gillion/js/scripts.js?ver=6.0.2>; rel=preload; as=script
Server: DomaiNesia
DN-Request-Id: 6f6e490c82b1b573d087a5b0d73e53d9
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload always
Static-Cache-Status: MISS
Date: Wed, 05 Oct 2022 15:46:59 GMT
X-Page-Speed: DomaiNesia
Cache-Control: max-age=0, no-cache

renovasi99.com/online1/update/web/assets/css/css/wellsfargoserif-rg.woff2

139.162.6.196

404 Not Found

277833

URL HTTP/1.1

renovasi99.com/online1/update/web/assets/css/css/wellsfargoserif-rg.woff2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8667), with CRLF, LF line terminators

Size

277833
Hash

9fba8969fd86a46a1b56cf3ea5549c69

a613cd86c3037b66e012250c3201ad9b582d68cd

53fe7fc8015ed363f82036c18a069ab3404b5ed63c24c44834fdc788f64ac3b0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /online1/update/web/assets/css/css/wellsfargoserif-rg.woff2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://renovasi99.com/online1/update/web/assets/css/one.css

                                        HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Link: <https://renovasi99.com/wp-json/>; rel="https://api.w.org/", </wp-includes/js/wp-emoji-release.min.js?ver=6.0.2>; rel=preload; as=script, </wp-includes/css/dist/block-library/style.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins/bootstrap.min.css?ver=3.3.4>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/style.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/responsive.css?ver=6.0.2>; rel=preload; as=style, </wp-includes/js/jquery/jquery.min.js?ver=3.6.0>; rel=preload; as=script, </wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2>; rel=preload; as=script, </wp-content/themes/gillion/js/plugins.js?ver=6.0.2>; rel=preload; as=script, </wp-content/themes/gillion/js/scripts.js?ver=6.0.2>; rel=preload; as=script
Server: DomaiNesia
DN-Request-Id: 70335ae7c86db6bfa878c9073528a937
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload always
Static-Cache-Status: MISS
Date: Wed, 05 Oct 2022 15:46:59 GMT
X-Page-Speed: DomaiNesia
Cache-Control: max-age=0, no-cache

renovasi99.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

139.162.6.196

200 OK

4168

URL HTTP/1.1

renovasi99.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (11126)

Size

4168
Hash

c41f3a82e911de81a1817131069bc7d2

1e883290a0b794916cead41e5f0705716fd77b89

e9791f24770f098ea30bb4d25e2e10bdedb97132d0bbf7d2bd79eedac22efa27

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:00 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 28 Sep 2022 08:46:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633409df-2bd8"
Server: DomaiNesia
DN-Request-Id: 44392ffd423f53ad553f9724a6a28d8f
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/wp-content/themes/gillion/js/plugins.js?ver=6.0.2

139.162.6.196

200 OK

74192

URL HTTP/1.1

renovasi99.com/wp-content/themes/gillion/js/plugins.js?ver=6.0.2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (40655), with CRLF, LF line terminators

Size

74192
Hash

bc0e4a8298e079cdf9e0974b773a8c16

a0ee96103233a23d1c955848784e2173a1e94854

a2a29cbef99fbf988e519db259dc4f58c5891e4d772b812e19d94a70abd00f04

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/themes/gillion/js/plugins.js?ver=6.0.2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:00 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 14 May 2019 08:00:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cda7594-474fd"
Server: DomaiNesia
DN-Request-Id: 0660f12f2a97847bfbb5772332e82b6f
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/wp-content/themes/gillion/js/scripts.js?ver=6.0.2

139.162.6.196

200 OK

10846

URL HTTP/1.1

renovasi99.com/wp-content/themes/gillion/js/scripts.js?ver=6.0.2
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

HTML document, ASCII text, with very long lines (333), with CRLF line terminators

Size

10846
Hash

cea425edfdfe9e57a8b325ac42ea5099

d0095a868a04d2de0c7652b5e413c13bd3011c9c

7b94950e33d79c0c2b1953520f150ec52fe4bc1de0a0c63fb79e201faa0ec962

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/themes/gillion/js/scripts.js?ver=6.0.2 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:01 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 14 May 2019 08:00:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cda7594-e310"
Server: DomaiNesia
DN-Request-Id: 918cec0843306f8ddc9869118b2b8bfc
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/wp-content/uploads/sass/a3_lazy_load.min.css?ver=1661354187

139.162.6.196

200 OK

112

URL HTTP/1.1

renovasi99.com/wp-content/uploads/sass/a3_lazy_load.min.css?ver=1661354187
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with no line terminators

Size

112
Hash

c6f5d6962e2e1e536e1eb378647ce271

570956fd7abe9d7fbd87b35da4830ce199a77310

4776c737a0d1715f075dd3a7c738da32fb0510abc7d5b05efbeedc8e2409e7f2

HTTP Headers

                                        GET /wp-content/uploads/sass/a3_lazy_load.min.css?ver=1661354187 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Content-Type: text/css
Connection: keep-alive
Last-Modified: Wed, 24 Aug 2022 15:16:27 GMT
Vary: Accept-Encoding
ETag: "630640cb-7f"
Server: DomaiNesia
DN-Request-Id: 8a4861519e33bc4d33014204be49d86e
Accept-Ranges: bytes
Date: Wed, 05 Oct 2022 15:46:59 GMT
Expires: Wed, 05 Oct 2022 15:51:59 GMT
X-Original-Content-Length: 127
Content-Encoding: gzip
Content-Length: 112
Cache-Control: max-age=300, s-maxage=10

renovasi99.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3

139.162.6.196

200 OK

2929

URL HTTP/1.1

renovasi99.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (9680), with no line terminators

Size

2929
Hash

be8270d30953f83f3137e2c7121e3656

1bbc1d1a19f27b4dd66c838214bf196862307078

9506efdf97a3132894069273b42fff14928e25579be11b57b3ab03aa426e1e23

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:01 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 01 Sep 2022 11:27:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6310971c-25d0"
Server: DomaiNesia
DN-Request-Id: 7127b3dc5e5fd456cb73eafe5a8582f5
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3

139.162.6.196

200 OK

3925

URL HTTP/1.1

renovasi99.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

HTML document, ASCII text, with very long lines (12211), with no line terminators

Size

3925
Hash

a71f31ad8ab59495c235f70e11af94d5

dd92f0033787042cdc33b4f7a738cc1a8f1aaea2

02de035caef83e16f5631660c82c3c61e69e4a919f32552131136b5762dbe846

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:01 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 01 Sep 2022 11:27:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6310971c-2fb3"
Server: DomaiNesia
DN-Request-Id: ae81891e8fa761fd9e443a6f64dac0b9
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.5

139.162.6.196

200 OK

47189

URL HTTP/1.1

renovasi99.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.5
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (42889), with CRLF line terminators

Size

47189
Hash

095d789ae9a7f50f218858fa8e37007c

dcbaed314da92376f076b19924756a515d13955c

76611aa34b0c1edc490795ebbcd8c73d9ff8e7ab63a817308308c1789bb62a6f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.5 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:01 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 16 Nov 2021 10:01:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"61938163-1e570"
Server: DomaiNesia
DN-Request-Id: 2932a65111b0ec61a098e9d3158d1c26
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/wp-content/plugins/super-progressive-web-apps/public/js/register-sw.js

139.162.6.196

200 OK

2341

URL HTTP/1.1

renovasi99.com/wp-content/plugins/super-progressive-web-apps/public/js/register-sw.js
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (2043), with CRLF line terminators

Size

2341
Hash

f46883a8aa282b61795fc1041f5463f8

fb32a825a761c671269e4c47801e89602d237206

cc3d3131390c179f6cd2b9855d341bbec77b5b3573d07ed5927f5eb4c9cc5c58

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/plugins/super-progressive-web-apps/public/js/register-sw.js HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:01 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 22 Jul 2022 09:37:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62da6fc0-139d"
Server: DomaiNesia
DN-Request-Id: debd822b973b0c00b65815f221529789
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/online1/update/web/assets/css/css/wellsfargosans-sbd.woff

139.162.6.196

404 Not Found

277830

URL HTTP/1.1

renovasi99.com/online1/update/web/assets/css/css/wellsfargosans-sbd.woff
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8666), with CRLF, LF line terminators

Size

277830
Hash

779620c5397fbd97aed8aea801a97c77

664444b810bb1e7fd2836aa3f6cb18a9ec5191b6

189df0559e91662ee68746e939c59534597c7fdf7834605f46e37f1b467b700c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /online1/update/web/assets/css/css/wellsfargosans-sbd.woff HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://renovasi99.com/online1/update/web/assets/css/one.css

                                        HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Link: <https://renovasi99.com/wp-json/>; rel="https://api.w.org/", </wp-includes/js/wp-emoji-release.min.js?ver=6.0.2>; rel=preload; as=script, </wp-includes/css/dist/block-library/style.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins/bootstrap.min.css?ver=3.3.4>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/style.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/responsive.css?ver=6.0.2>; rel=preload; as=style, </wp-includes/js/jquery/jquery.min.js?ver=3.6.0>; rel=preload; as=script, </wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2>; rel=preload; as=script, </wp-content/themes/gillion/js/plugins.js?ver=6.0.2>; rel=preload; as=script, </wp-content/themes/gillion/js/scripts.js?ver=6.0.2>; rel=preload; as=script
Server: DomaiNesia
DN-Request-Id: 28c04d48d1d924d4236bec9320f41ce4
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload always
Static-Cache-Status: MISS
Date: Wed, 05 Oct 2022 15:47:00 GMT
X-Page-Speed: DomaiNesia
Cache-Control: max-age=0, no-cache

renovasi99.com/wp-includes/js/jquery/ui/effect.min.js?ver=1.13.1

139.162.6.196

200 OK

6518

URL HTTP/1.1

renovasi99.com/wp-includes/js/jquery/ui/effect.min.js?ver=1.13.1
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (15439)

Size

6518
Hash

02bbe1afbabda1f9fa6832c8ab7e500f

e2db6712347e6611a8cb0b4bfca80e6aeae3b372

3aa1b0ea23c076c802de5db3bc25f79410dc7ca1f119f9fda82ff9b83fddc4a5

HTTP Headers

                                        GET /wp-includes/js/jquery/ui/effect.min.js?ver=1.13.1 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:01 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 28 Sep 2022 08:46:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"633409df-43b3"
Server: DomaiNesia
DN-Request-Id: 6e5fe5c5a92a047b9138bd8907faac08
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/wp-content/themes/gillion/js/plugins/bootstrap.min.js?ver=3.3.4

139.162.6.196

200 OK

9865

URL HTTP/1.1

renovasi99.com/wp-content/themes/gillion/js/plugins/bootstrap.min.js?ver=3.3.4
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (32033), with CRLF line terminators

Size

9865
Hash

e42c0f4352dd49c793f2af0257a81a01

135b88571e4d4c7ce64ca1dcd0448e658dc66954

378b8aa9c30834557f5398c44126a1314056c1f1b78117d9e28470bca4272a94

HTTP Headers

                                        GET /wp-content/themes/gillion/js/plugins/bootstrap.min.js?ver=3.3.4 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:01 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 14 May 2019 08:00:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5cda7594-90bb"
Server: DomaiNesia
DN-Request-Id: 02fe00abc3116b006f8a64f38d5d7e91
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/online1/update/web/assets/css/css/wellsfargoserif-rg.woff

139.162.6.196

404 Not Found

277830

URL HTTP/1.1

renovasi99.com/online1/update/web/assets/css/css/wellsfargoserif-rg.woff
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8666), with CRLF, LF line terminators

Size

277830
Hash

18369a2b3587e35a444597aab3d1de66

3cdeb03a57a15c1e5a6e1aff416a1cfc11e17557

9d7a8ec45bae2c2d355ecf3328cd3baf628f67a4a3b5b588395bc217f1039322

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /online1/update/web/assets/css/css/wellsfargoserif-rg.woff HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://renovasi99.com/online1/update/web/assets/css/one.css

                                        HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Link: <https://renovasi99.com/wp-json/>; rel="https://api.w.org/", </wp-includes/js/wp-emoji-release.min.js?ver=6.0.2>; rel=preload; as=script, </wp-includes/css/dist/block-library/style.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins/bootstrap.min.css?ver=3.3.4>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/style.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/responsive.css?ver=6.0.2>; rel=preload; as=style, </wp-includes/js/jquery/jquery.min.js?ver=3.6.0>; rel=preload; as=script, </wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2>; rel=preload; as=script, </wp-content/themes/gillion/js/plugins.js?ver=6.0.2>; rel=preload; as=script, </wp-content/themes/gillion/js/scripts.js?ver=6.0.2>; rel=preload; as=script
Server: DomaiNesia
DN-Request-Id: f80d32502ab988d1ea515be951d5f3cf
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload always
Static-Cache-Status: MISS
Date: Wed, 05 Oct 2022 15:47:01 GMT
X-Page-Speed: DomaiNesia
Cache-Control: max-age=0, no-cache

renovasi99.com/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10

139.162.6.196

200 OK

2540

URL HTTP/1.1

renovasi99.com/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

ASCII text, with very long lines (6210), with no line terminators

Size

2540
Hash

1f5e86516d633808727b14aa23a2ccb9

3c1009b87e109a76cec6aa9290d1045ab8b39557

15948d6228b98c36ea6d5290df20bb0c7cefbf1a5914f874e0770bd3662502aa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:01 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 05:26:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"632bf20a-1842"
Server: DomaiNesia
DN-Request-Id: e0f582c8ec1721a038ccc7a9d4932e1e
Content-Encoding: gzip
Cache-Control: s-maxage=10

renovasi99.com/wp-content/uploads/2021/11/1.png

139.162.6.196

200 OK

33508

URL HTTP/1.1

renovasi99.com/wp-content/uploads/2021/11/1.png
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

PNG image data, 1200 x 628, 8-bit/color RGBA, non-interlaced\012- data

Size

33508
Hash

6c02a2070a691f13d98c5ecc98059e0d

461a078fc3081baaf4432cc76dd31e40ba914b84

43e48d9b3414b68ccd42993665c5abca66eaef7ece0c9255c98963b26ad6f7f7

HTTP Headers

                                        GET /wp-content/uploads/2021/11/1.png HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
Connection: keep-alive

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:01 GMT
Content-Type: image/png
Content-Length: 33508
Last-Modified: Wed, 17 Nov 2021 10:06:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "6194d42b-82e4"
Server: DomaiNesia
DN-Request-Id: e02d265f0115724c7b7612236b6bdaf8
Cache-Control: s-maxage=10
Accept-Ranges: bytes

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20039

URL HTTP/2

www.google-analytics.com/analytics.js
IP

142.250.74.174:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (1325)

Size

20039
Hash

47e6f374ca946fddd5b59871b325736c

baa9282efc8785e84d247c3bff518eaa45f101c4

16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

                                        GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://renovasi99.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 05 Oct 2022 14:41:09 GMT
expires: Wed, 05 Oct 2022 16:41:09 GMT
cache-control: public, max-age=7200
age: 3953
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-RWLV354VGW&gtm=2oea30&_p=1447824130&gdid=dZTNiMT&cid=2113189714.1664984822&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664984821&sct=1&seg=0&dl=http%3A%2F%2Frenovasi99.com%2Fonline1%2Fupdate%2Fweb%2F1_files%2Fa_002.htm&dr=http%3A%2F%2Frenovasi99.com%2Fonline1%2Fupdate%2Fweb%2Flogin.php%3Fweb%2Fauth%2Fsignon%3D&dt=Page%20not%20found%20-%20Renovasi99&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.32.36

204 No Content

URL HTTP/2

region1.google-analytics.com/g/collect?v=2&tid=G-RWLV354VGW&gtm=2oea30&_p=1447824130&gdid=dZTNiMT&cid=2113189714.1664984822&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664984821&sct=1&seg=0&dl=http%3A%2F%2Frenovasi99.com%2Fonline1%2Fupdate%2Fweb%2F1_files%2Fa_002.htm&dr=http%3A%2F%2Frenovasi99.com%2Fonline1%2Fupdate%2Fweb%2Flogin.php%3Fweb%2Fauth%2Fsignon%3D&dt=Page%20not%20found%20-%20Renovasi99&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP

216.239.32.36:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        POST /g/collect?v=2&tid=G-RWLV354VGW&gtm=2oea30&_p=1447824130&gdid=dZTNiMT&cid=2113189714.1664984822&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664984821&sct=1&seg=0&dl=http%3A%2F%2Frenovasi99.com%2Fonline1%2Fupdate%2Fweb%2F1_files%2Fa_002.htm&dr=http%3A%2F%2Frenovasi99.com%2Fonline1%2Fupdate%2Fweb%2Flogin.php%3Fweb%2Fauth%2Fsignon%3D&dt=Page%20not%20found%20-%20Renovasi99&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://renovasi99.com/
Origin: http://renovasi99.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                        HTTP/2 204 No Content
access-control-allow-origin: http://renovasi99.com
date: Wed, 05 Oct 2022 15:47:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

renovasi99.com/superpwa-manifest.json

139.162.6.196

200 OK

789

URL HTTP/1.1

renovasi99.com/superpwa-manifest.json
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

JSON data\012- , ASCII text, with very long lines (789), with no line terminators

Size

789
Hash

cf5ee796b0fd3d2a970a737a018a2f13

29b4df6450edf1bcd0273ed65ab17078925ce70f

c7f6ea43b1921a0ba57464286845f4c17ee6dde2b8f4105496a75df3e67e5d82

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /superpwa-manifest.json HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/1_files/a_002.htm
X-Moz: prefetch
Connection: keep-alive
Cookie: _ga_RWLV354VGW=GS1.1.1664984821.1.0.1664984821.0.0.0; _ga=GA1.2.2113189714.1664984822; _gid=GA1.2.2072996925.1664984822; _gat_gtag_UA_215293659_1=1

                                        HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:47:02 GMT
Content-Type: application/json
Content-Length: 789
Connection: keep-alive
Last-Modified: Wed, 24 Aug 2022 04:05:44 GMT
Server: DomaiNesia
DN-Request-Id: 280dd29cb3cbd11358db98e80824ec89
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload always
Dynamic-Cache-Status: MISS
Cache-Control: s-maxage=10
Accept-Ranges: bytes

renovasi99.com/online1/update/web/assets/css/css/wellsfargosans-rg.woff

139.162.6.196

404 Not Found

277827

URL HTTP/1.1

renovasi99.com/online1/update/web/assets/css/css/wellsfargosans-rg.woff
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8665), with CRLF, LF line terminators

Size

277827
Hash

b1979f2149c0803307cbf759f1390b51

174f6db12c8d05497e4f251500046c7fd9125563

bd270ad790197a44f004e0b38a43d86273a23f6bf199d569d0bbeb72ad5086da

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /online1/update/web/assets/css/css/wellsfargosans-rg.woff HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://renovasi99.com/online1/update/web/assets/css/one.css

                                        HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Link: <https://renovasi99.com/wp-json/>; rel="https://api.w.org/", </wp-includes/js/wp-emoji-release.min.js?ver=6.0.2>; rel=preload; as=script, </wp-includes/css/dist/block-library/style.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins/bootstrap.min.css?ver=3.3.4>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/style.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/responsive.css?ver=6.0.2>; rel=preload; as=style, </wp-includes/js/jquery/jquery.min.js?ver=3.6.0>; rel=preload; as=script, </wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2>; rel=preload; as=script, </wp-content/themes/gillion/js/plugins.js?ver=6.0.2>; rel=preload; as=script, </wp-content/themes/gillion/js/scripts.js?ver=6.0.2>; rel=preload; as=script
Server: DomaiNesia
DN-Request-Id: 52d25301d2cc953459dd5290270c8266
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload always
Static-Cache-Status: MISS
Date: Wed, 05 Oct 2022 15:47:01 GMT
X-Page-Speed: DomaiNesia
Cache-Control: max-age=0, no-cache

renovasi99.com/wp-content/uploads/gillion-dynamic-styles.css?ver=226670583

139.162.6.196

200 OK

URL HTTP/2

renovasi99.com/wp-content/uploads/gillion-dynamic-styles.css?ver=226670583
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

Size

0
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/uploads/gillion-dynamic-styles.css?ver=226670583 HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://renovasi99.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Wed, 05 Oct 2022 15:47:00 GMT
content-type: text/css
last-modified: Mon, 25 Jul 2022 06:25:31 GMT
vary: Accept-Encoding
etag: W/"62de375b-2b6b"
server: DomaiNesia
dn-request-id: e0a423286bf3a2ca27b1ae7478d668ba
content-encoding: br
cache-control: s-maxage=10
X-Firefox-Spdy: h2

renovasi99.com/online1/update/web/img/3.jpg

139.162.6.196

404 Not Found

URL HTTP/1.1

renovasi99.com/online1/update/web/img/3.jpg
IP

139.162.6.196:0
ASN

#63949 Linode, LLC

Magic

Size

0
Hash

HTTP Headers

                                        GET /online1/update/web/img/3.jpg HTTP/1.1
Host: renovasi99.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://renovasi99.com/online1/update/web/login.php?web/auth/signon=
Connection: keep-alive

                                        HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Link: <https://renovasi99.com/wp-json/>; rel="https://api.w.org/", </wp-includes/js/wp-emoji-release.min.js?ver=6.0.2>; rel=preload; as=script, </wp-includes/css/dist/block-library/style.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins/bootstrap.min.css?ver=3.3.4>; rel=preload; as=style, </wp-content/themes/gillion/css/plugins.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/style.css?ver=6.0.2>; rel=preload; as=style, </wp-content/themes/gillion/css/responsive.css?ver=6.0.2>; rel=preload; as=style, </wp-includes/js/jquery/jquery.min.js?ver=3.6.0>; rel=preload; as=script, </wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2>; rel=preload; as=script, </wp-content/themes/gillion/js/plugins.js?ver=6.0.2>; rel=preload; as=script, </wp-content/themes/gillion/js/scripts.js?ver=6.0.2>; rel=preload; as=script
Server: DomaiNesia
DN-Request-Id: 20db62003b09d52548dd1bb895189fef
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload always
Static-Cache-Status: MISS
Date: Wed, 05 Oct 2022 15:46:59 GMT
X-Page-Speed: DomaiNesia
Cache-Control: max-age=0, no-cache
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (41)

#1 JS:Script (size: 2158)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#2 JS:Script (size: 695)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#3 JS:Script (size: 141)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#4 JS:Script (size: 12211)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#5 JS:Script (size: 5021)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#6 JS:Script (size: 3800)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#7 JS:Script (size: 215)

URL

IP

ASN

Introduced by

Inline HTML

Observations