Report - mail.grop-wavgxkwhy.zxz1.my.id/download/

Report Overview

Visited public
2023-12-11 13:25:31
Tags
Submit Tags
URL
mail.grop-wavgxkwhy.zxz1.my.id/download/
Finishing URL
mail.grop-wavgxkwhy.zxz1.my.id/download/
IP / ASN
104.21.48.196
#13335 CLOUDFLARENET
Title

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-11 07:13:18	435 B	32 kB	151.101.194.137
bagasarya.xyz	unknown	2022-06-30	2022-07-01 13:55:00	2023-12-11 02:57:34	909 B	42 kB	104.21.81.99
i.postimg.cc	23840	2016-06-11	2018-04-11 12:01:12	2023-12-10 17:52:23	2.8 kB	64 MB	162.19.88.69
j.top4top.io	730645	2019-11-19	2020-01-27 11:44:36	2023-12-05 08:00:26	450 B	85 kB	135.181.63.70
services.addons.mozilla.org	6161	1998-01-24	2012-05-21 16:03:02	2023-12-10 21:10:02	695 B	1.7 kB	54.230.111.63
aus5.mozilla.org	2548	1998-01-24	2015-10-27 08:06:24	2023-12-11 05:09:20	532 B	486 B	35.244.181.201
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-11 08:59:17	473 B	1.8 kB	142.250.74.106
mail.grop-wavgxkwhy.zxz1.my.id	unknown	unknown	No data	No data	4.2 kB	405 kB	104.21.48.196

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-11 13:24:58	medium	104.21.48.196	Client IP	ET INFO TLS Handshake Failure
2023-12-11 13:24:59	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-11 13:24:59	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-11 13:24:59	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-11 13:24:59	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-11 13:24:59	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-11 13:24:59	medium	Client IP	Internal IP	ET DNS Query for .cc TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/download/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-07-13
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-13 06:36 Times Seen123931 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	mail.grop-wavgxkwhy.zxz1.my.id/download/	ScriptElement	0 B	0001-01-01	2025-07-13
Pretty URL mail.grop-wavgxkwhy.zxz1.my.id/download/ IP 104.21.48.196 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-13 06:59 Times Seen5412580 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (23)

URL IP Response Size

GET mail.grop-wavgxkwhy.zxz1.my.id/download/

104.21.48.196

200 OK

2.0 kB

URL User Request GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.0 kB (1980 bytes)
Hash
224a60d99bbe1a28ad8456fa5f13cefa
3a72a4d30912e1095c7860beb79b744437f61f45
10ed65845465b1c0607230828c454f13532f3e35e537617f7a182ac632d17cf4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/ HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:24:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBOxfQ9guVjXa8P0xbJ3Ijr6COIiGprFcdbAK8W0vPlp9HPU7bL1d1gNbhugJ6aLVph2pp4J%2BkUi0U6DeSFPjYyMl%2BZxS2%2FdVxEPHADbKegIRa0zG%2BtlNNC8hCcrpbfwZfQzlLTcgRW0sDg86UKAr4g%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 833e0d092e80568f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

GET mail.grop-wavgxkwhy.zxz1.my.id/download/css/style.css

104.21.48.196

200 OK

1.2 kB

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/css/style.css
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
ASCII text, with CRLF line terminators
Size
1.2 kB (1186 bytes)
Hash
2193f0b5f2870e88da0b9d2f2467fe67
aea43a03d6dc18ec5f4552212bdc9555e5910ecf
b85470870a6274d4f592714e91368b1011c009a911ddea472ca27a12b3b73ce1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/css/style.css HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:24:59 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 09 Feb 2022 22:04:48 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 499
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FdU5Ywm6232liqWsWVNFK%2BbiWwGkHqPotVKba5RYW84p4IJVIYguKGiIBQ8Tdp0a9pCYWc7EgvWkApCPgLbvt5RKPDNG2snRKcKVlukGhpWJH29QXKaIE5RIOEqGOND%2FiWSCkJLkm25HQPjdwRmNCX4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e0d0e2cdb568f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

mail.grop-wavgxkwhy.zxz1.my.id/download/bagas/bagas.css

104.21.48.196

1.0 kB

URL
mail.grop-wavgxkwhy.zxz1.my.id/download/bagas/bagas.css
IP
104.21.48.196:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
1.0 kB (1047 bytes)
Hash
ae8f5eac80c514b6ccffce75de1d2d70
eff4b0347b7c8ea58833f35c07e177f80fd28ad2
a9510c5b947eedfa3d84fef078a623ebb72cd26a8acf9855a15521dffc430d62

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/bagas/bagas.css HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:24:59 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 13 Oct 2022 10:52:10 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 499
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fpgdIlGVf9nQIy1nvU%2BrJU7ZTi8MtP9d8MN9FjXAeY5r%2FD2tTimXG9eCMBVL4E%2BSNc43E6JzLx8uChkxP4jmc4AAKd9QF4NW5UmS3UfXBXw9rMMnF8qjuP%2FnuXbnDDOwo%2FlqqIh8vO72NLYiRfgEUO4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e0d0e2dee56bd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

GET mail.grop-wavgxkwhy.zxz1.my.id/download/css/dimas.css

104.21.48.196

200 OK

916 B

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/css/dimas.css
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
ASCII text, with CRLF line terminators
Size
916 B (916 bytes)
Hash
bb8478c3d36c299ae22a855eb31ccea0
5f267f1d6a4d55d4822f2b0507313c1ccb429b9e
2ee4050eef1b13e43af867b7da2e24d2b5449042d93179c2c75c76fddec616e1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/css/dimas.css HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:24:59 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 17 Oct 2021 15:52:34 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 499
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AQCecW9xLIePmRyL9dnJv%2BS4uYCJ3ZDTCRIQ8vGiIfFyxf%2BYflhgMqgZpl0dMLOXqZkYv%2Bjc%2BS3zCImnLnqUXIsCuQIB3Zeo%2FjhgdwXnX9QVFuxK1tnXAIAZah5XMQpxEKOxAva9Vdxee6mG2wJSVH4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e0d0e2827b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

GET mail.grop-wavgxkwhy.zxz1.my.id/download/img/0_ptDX0HfJCYpo9Pcs.gif

104.21.48.196

200 OK

90 kB

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/img/0_ptDX0HfJCYpo9Pcs.gif
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
GIF image data, version 89a, 800 x 600 - data
Size
90 kB (90430 bytes)
Hash
4cbcfda30cb77ef22e12ba9109fc4948
359e38d8dfc3fd5d1fa4286e8cf81a2861653948
c2f413ec031122040ebc7dd93353b86cf8b29569f922838d04283425eb0c4fca

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/img/0_ptDX0HfJCYpo9Pcs.gif HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:24:59 GMT
Content-Type: image/gif
Content-Length: 90430
Connection: keep-alive
Last-Modified: Sun, 17 Oct 2021 15:23:18 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 499
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TrjIzc7lJSF0HrpS2UdjT8Z2ECBuucomcq9yh1xlGmCGa2xcEXutZzX4f%2Fm0Wurtr2ct%2Bv1MGAaO3AAVQXU1cCdPkK8a%2FgN%2B2FUIfZmEzxc8hYxvqmv7HuNnxwNr98yup7yrtYAlVb4U5i4g5U%2FWr0E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e0d0e5d04568f-OSL
alt-svc: h2=":443"; ma=60

GET mail.grop-wavgxkwhy.zxz1.my.id/download/img/karakter-anime-cantik-13-a715e.jpg.webp

104.21.48.196

200 OK

18 kB

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/img/karakter-anime-cantik-13-a715e.jpg.webp
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 560x315, Scaling: [none]x[none], YUV color, decoders should clamp - data
Size
18 kB (17674 bytes)
Hash
3039e28d25e4962618953916acfc3f86
a428a23bdc96789dd14401416b8db3f89516f7c7
c0c3dafdb631b6055cb1e9cf25a807c3663a42c258d5ebeb1f8f38cc767a397a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/img/karakter-anime-cantik-13-a715e.jpg.webp HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:24:59 GMT
Content-Type: image/webp
Content-Length: 17674
Connection: keep-alive
Last-Modified: Sun, 17 Oct 2021 15:23:28 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 499
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gatLQal3G37pbFW5oQuh4HGpzWNoqZQwlmKzx0J043cTFL4rGdGPp44KXdft%2BOyuiL11hx1%2BLdXI2y0Z%2F9%2B6pAE3%2BsYqxyhDoN8TwaG6P8ei%2FR%2F2o3qncZTLZj%2B%2FwdkEj%2Fy5CKGbi%2By3n1hU263P5EQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e0d0e5e3956bd-OSL
alt-svc: h2=":443"; ma=60

GET code.jquery.com/jquery-3.5.1.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 11 Dec 2023 13:24:59 GMT
age: 3846411
x-served-by: cache-lga13628-LGA, cache-bma1640-BMA
x-cache: HIT, HIT
x-cache-hits: 20, 214665
x-timer: S1702301099.326908,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

GET bagasarya.xyz/img/info/navbar.png

104.21.81.99

200 OK

8.5 kB

URL GET HTTP/2
bagasarya.xyz/img/info/navbar.png
IP
104.21.81.99:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerGoogle Trust Services LLC
Subjectbagasarya.xyz
FingerprintEC:7D:C4:3A:2E:5C:12:D0:F5:A0:C5:48:82:D9:23:43:F3:FB:59:6D
ValidityWed, 29 Nov 2023 21:01:39 GMT - Tue, 27 Feb 2024 21:01:38 GMT

File type
PNG image data, 904 x 339, 8-bit colormap, non-interlaced - data
Size
8.5 kB (8459 bytes)
Hash
f29c416a7c6f18ba0c0deb4980763c9d
56c7bfbf2c9a7a2be2e2214b0586c11af8e852bf
7f37cb926c06378327ad2a753c7119291b2ead796a6f588a8374de651ec72a8c

HTTP Headers

GET /img/info/navbar.png HTTP/1.1
Host: bagasarya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:24:59 GMT
content-type: image/png
content-length: 8459
cache-control: public, max-age=604800
expires: Thu, 14 Dec 2023 15:05:41 GMT
last-modified: Mon, 06 Mar 2023 02:41:35 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 339558
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0rTS4RJpNAyixR8Hz6WXTDDB1gCY6hZ1D%2FCC%2BdtdeX3mmugAsZGfmcwBkl1mX4JeRhekJzdry6urBjfknPaH01oupFAfDJ30GHlaOcWLvKj9XWTUgAwUXTRfze6%2FMTRC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e0d0ef904b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET bagasarya.xyz/img/info/modelFb.png

104.21.81.99

200 OK

32 kB

URL GET HTTP/2
bagasarya.xyz/img/info/modelFb.png
IP
104.21.81.99:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerGoogle Trust Services LLC
Subjectbagasarya.xyz
FingerprintEC:7D:C4:3A:2E:5C:12:D0:F5:A0:C5:48:82:D9:23:43:F3:FB:59:6D
ValidityWed, 29 Nov 2023 21:01:39 GMT - Tue, 27 Feb 2024 21:01:38 GMT

File type
PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced - data
Size
32 kB (31990 bytes)
Hash
571fc0253c6f01c953d4274981fc9d66
5331c3ae96ea4d421f8bde0d3e5565024c8c3abb
d3a1d3bb7a7c79edc9a08de2369f4f7f201a0852bfaf5526716382fc7ad902a1

HTTP Headers

GET /img/info/modelFb.png HTTP/1.1
Host: bagasarya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:24:59 GMT
content-type: image/png
content-length: 31990
cache-control: public, max-age=604800
expires: Sun, 17 Dec 2023 16:31:39 GMT
last-modified: Mon, 06 Mar 2023 02:41:27 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 75200
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vxGdgQqp22DzWU3hreS8t4BjiHVO5WVt1YHLpJXSi17quBXF5je78uv13S739o9F2FmiYitIFhdAIiEf8nAYaSqGyPABEfDcw3saUfOEupBDbs6%2BCqKtR3w1U4CJ9lmt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e0d0f2989b51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET i.postimg.cc/sgzZRpSX/1651518758036.jpg

162.19.88.69

200 OK

122 kB

URL GET HTTP/2
i.postimg.cc/sgzZRpSX/1651518758036.jpg
IP
162.19.88.69:443
ASN
#16276 OVH SAS

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
JPEG image data, progressive, precision 8, 790x800, components 3 - data
Size
122 kB (121860 bytes)
Hash
44dbd8ffdbff9d3bbafd55d7f9a82e07
e6bd1392360ff825a1dafdc5e93f97567d6e076a
395c925a285c20b203217317f45d967b6543a311b06e85aeacf1b035a6f51e79

HTTP Headers

GET /sgzZRpSX/1651518758036.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:24:59 GMT
content-type: image/jpeg
content-length: 121860
last-modified: Wed, 13 Jul 2022 20:02:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET i.postimg.cc/qMyCYmNS/1651515380746.jpg

162.19.88.69

200 OK

118 kB

URL GET HTTP/2
i.postimg.cc/qMyCYmNS/1651515380746.jpg
IP
162.19.88.69:443
ASN
#16276 OVH SAS

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
JPEG image data, progressive, precision 8, 785x800, components 3 - data
Size
118 kB (117937 bytes)
Hash
5f19ecf45178eeccd29e694512b36aef
14ef40e26216f3629adefdbca3b939ef112c519c
f18664d92e4868f62afb1dada59e0a1b0d21944b996bb8d837252dc2347865c7

HTTP Headers

GET /qMyCYmNS/1651515380746.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:24:59 GMT
content-type: image/jpeg
content-length: 117937
last-modified: Wed, 13 Jul 2022 20:02:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET i.postimg.cc/Y2JWdcCQ/IMG-20220516-010200.jpg

162.19.88.69

200 OK

131 kB

URL GET HTTP/2
i.postimg.cc/Y2JWdcCQ/IMG-20220516-010200.jpg
IP
162.19.88.69:443
ASN
#16276 OVH SAS

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
JPEG image data, progressive, precision 8, 653x800, components 3 - data
Size
131 kB (131323 bytes)
Hash
317542e25701be23ba9ff867fd1e0317
1570818a7671bbf805a18d39e928eeed40824b58
3f7819d5206e699cbf569c16d8bd08d9a5c02c3b7add57345103aea370d0f9b4

HTTP Headers

GET /Y2JWdcCQ/IMG-20220516-010200.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:24:59 GMT
content-type: image/jpeg
content-length: 131323
last-modified: Wed, 13 Jul 2022 20:02:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET mail.grop-wavgxkwhy.zxz1.my.id/download/css/bege.jpeg

104.21.48.196

200 OK

284 kB

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/css/bege.jpeg
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x2340, components 3 - data
Size
284 kB (283875 bytes)
Hash
e3730ac7286fdfcf04e87fa8b67bb415
fafdc2e2b8e9b584519ef0e9692d3f02a4ec8dcc
3b944ba1cd72c9c66cf5042f590d5bed6e2bca80256ddae80dc375faddefecb1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/css/bege.jpeg HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/css/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:25:00 GMT
Content-Type: image/jpeg
Content-Length: 283875
Connection: keep-alive
Last-Modified: Wed, 09 Feb 2022 15:22:32 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 499
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gEIJEOvC3H5%2F1oiIGiz6r7uf%2BYdRhIYXWoBHVehc14ijnFII%2FZLpWigvDsjo8%2B0WLsUyGuMruv2CFcmqEjzSOc72SXjbWrxENhyFWpJPxRfxdzJHNZt3cjx52iRVg%2BDGbbC%2BhmsicBZ%2Fh18e7fh8akk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e0d1618ee56bd-OSL
alt-svc: h2=":443"; ma=60

GET i.postimg.cc/pTB8gnD0/ezgif-com-gif-maker-1.gif

162.19.88.69

200 OK

6.9 MB

URL GET HTTP/2
i.postimg.cc/pTB8gnD0/ezgif-com-gif-maker-1.gif
IP
162.19.88.69:443
ASN
#16276 OVH SAS

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
GIF image data, version 89a, 469 x 800 - data
Size
6.9 MB (6878442 bytes)
Hash
ef3774b44dc8e6f749fb9bde48ec72af
793e3ecf45f39b5facfda915ef30988e25d4adc1
7c496dd0853bd153922c618dde761d475e423dfb8bf2e818c9d7ee916975dbc2

HTTP Headers

GET /pTB8gnD0/ezgif-com-gif-maker-1.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:24:59 GMT
content-type: image/gif
content-length: 6878442
last-modified: Thu, 19 May 2022 21:24:09 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET mail.grop-wavgxkwhy.zxz1.my.id/download/css/thin.ttf

104.21.48.196

404 Not Found

238 B

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/css/thin.ttf
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/css/thin.ttf HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/css/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 11 Dec 2023 13:25:01 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U79mFSOIsJ0xWGKfRt%2BkszFj3B5uhTBAklS5mQJvUk2RY6tGZolxF3%2Fpe8pdf5vKgPfrj4U5t5nEsd869oBK0GOyNo6ydeFLv81CsXR3sL1ggAfVzYs7CIR5asF7477JQ3X3Rh%2BdWcRMs2b5RvL6x9M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e0d161ab9b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

GET i.postimg.cc/NfbdCGXZ/tiktokk.gif

162.19.88.69

200 OK

12 MB

URL GET HTTP/2
i.postimg.cc/NfbdCGXZ/tiktokk.gif
IP
162.19.88.69:443
ASN
#16276 OVH SAS

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
GIF image data, version 89a, 451 x 800 - data
Size
12 MB (12121329 bytes)
Hash
7f53004d650205b69a87b0845d881236
03912df4e150c239f3808e4e51f49be10cdd34c2
a1a71bdacc1a441119d6dfdb45b22c05361d0bfbd619f494f2561d1c8ab4b1c3

HTTP Headers

GET /NfbdCGXZ/tiktokk.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:24:59 GMT
content-type: image/gif
content-length: 12121329
last-modified: Fri, 03 Jun 2022 11:11:09 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET mail.grop-wavgxkwhy.zxz1.my.id/favicon.ico

104.21.48.196

404 Not Found

238 B

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/favicon.ico
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 11 Dec 2023 13:25:01 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eZd3fgi6B0FsGo3iZcLo7dAr793JlMo6OotkDgtvbQQYJJYmYOH%2B%2B0a33APxHRiWjtVjBDHT0dQRu%2FfAiVMun6WM%2Bhn%2Boe%2F79%2FMUB1BGbXUYGzXglTbcevBbgy2jbd84Au0UTRLlz9umyT0hSHh6%2BDI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e0d1a3ef756bd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

GET j.top4top.io/p_2231z0iyt0.jpg

135.181.63.70

200 OK

84 kB

URL GET HTTP/2
j.top4top.io/p_2231z0iyt0.jpg
IP
135.181.63.70:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint98:C6:A8:2C:16:D5:04:38:85:B0:AF:12:09:89:3E:5D:88:01:7D:F5
ValidityWed, 01 Nov 2023 00:07:36 GMT - Tue, 30 Jan 2024 00:07:35 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x821, components 3 - data
Size
84 kB (84335 bytes)
Hash
77b1e1dd9fffebf445a00a11d3f5286a
bba6ec93e820fc85205c0331d025d8eee2560a51
d1b36630b032c310e9c8d20d355683b447e51dd97974b4132840abdfaacfb235

HTTP Headers

GET /p_2231z0iyt0.jpg HTTP/1.1
Host: j.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:25:03 GMT
content-type: image/jpeg
content-length: 84335
set-cookie: klj_40d147_downloads=qf5b9; Max-Age=85000; Domain=.top4top.io; Path=/; Expires=Tue, 12 Dec 2023 13:01:43 GMT
last-modified: Wed, 09 Feb 2022 15:04:28 GMT
content-disposition: inline; filename="IMG-20220209-WA0016.jpg"
etag: "6203d7fc-1496f"
expires: Mon, 11 Dec 2023 15:25:03 GMT
cache-control: max-age=7200
x-file-id: x44376741x
accept-ranges: bytes
X-Firefox-Spdy: h2

GET i.postimg.cc/fbsjM6YY/ezgif-com-gif-maker-2.gif

162.19.88.69

44 MB

URL GET
i.postimg.cc/fbsjM6YY/ezgif-com-gif-maker-2.gif
IP
162.19.88.69:0
ASN
#16276 OVH SAS

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
GIF image data, version 89a, 497 x 800 - data
Size
44 MB (44280683 bytes)
Hash
7e40d7a8aaf5c26379167aaabaaa58a3
f428919c582c309f59a5154b3101290001fd2b27
b220e11e5856cfe225c154e918657f0e86d3e0e1ed0ec9d4b176c2dcb168c9c8

HTTP Headers

GET /fbsjM6YY/ezgif-com-gif-maker-2.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:24:59 GMT
content-type: image/gif
content-length: 44280683
last-modified: Fri, 03 Jun 2022 11:16:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET mail.grop-wavgxkwhy.zxz1.my.id/download/css/font.ttf

104.21.48.196

238 B

URL GET
mail.grop-wavgxkwhy.zxz1.my.id/download/css/font.ttf
IP
104.21.48.196:0
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/css/font.ttf HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/css/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 11 Dec 2023 13:25:04 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TMQJ4h2Ej3WMOnT%2BKJM9VreFppbgDMWPGOXv1gXdqUgfZMCznun%2BkVpLjCqJ7HjcX%2F2snm6K%2F5jDZzbMB7FQENXNISRQzDY6%2BqDiPOCEQHW0jKsz4r1lQ1Z8Ns8oluoXoHxA3%2F5JNRc%2BVZrB%2FE%2FmHSY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e0d27480bb4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Camazondotcom%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org&lang=en-US

54.230.111.63

82 B

URL
services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Camazondotcom%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org&lang=en-US
IP
54.230.111.63:0
ASN
#16509 AMAZON-02

File type
JSON data - , ASCII text, with no line terminators
Size
82 B (82 bytes)
Hash
4f822d39c269d2c47e3174b6c6bad3b7
d56bd07959c766e9c18faa9cf1070548f9236b65
cda00e555c758b1c13b6cbd17049ca8471057d16c60f08f551dbc331308eecf3

HTTP Headers

GET /api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Camazondotcom%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org&lang=en-US HTTP/1.1
Host: services.addons.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
content-length: 82
allow: GET, HEAD, OPTIONS
content-security-policy: img-src 'self' blob: data: https://addons.mozilla.org/static-server/ https://addons.mozilla.org/user-media/; frame-src https://www.recaptcha.net/recaptcha/; default-src 'none'; script-src https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://addons.mozilla.org/static-server/; object-src 'none'; media-src https://videos.cdn.mozilla.net; connect-src 'self' https://*.google-analytics.com; style-src 'unsafe-inline' https://addons.mozilla.org/static-server/; form-action 'self'; child-src https://www.recaptcha.net/recaptcha/; font-src 'self' https://addons.mozilla.org/static-server/; report-uri /__cspreport__
cross-origin-opener-policy: same-origin
public-key-pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
referrer-policy: same-origin
server: nginx
strict-transport-security: max-age=31536000
x-amo-request-id: b0761b8c2a5c467dbcb961a142fdf22e
x-content-type-options: nosniff
x-frame-options: DENY
date: Mon, 11 Dec 2023 13:24:04 GMT
cache-control: max-age=180
etag: "4f822d39c269d2c47e3174b6c6bad3b7"
vary: origin,X-Country-Code,Accept-Language
x-cache: Hit from cloudfront
via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0h7bslKNF_XBkPOjVJ4ptse0FLR8VXbtgP3b59ABiNS26OOtFmi75w==
age: 84
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/SystemAddons/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

42 B

URL
aus5.mozilla.org/update/3/SystemAddons/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#15169 GOOGLE

File type
XML 1.0 document text - XML document, ASCII text
Size
42 B (42 bytes)
Hash
f8f24fa0c857d8f2ee493e131b85ab62
cb6049f830a54d14a19d4104fc0bb5ab5fdedbe6
e0dadbc9cd1f1bd8ce3118cc3383e0d0f6d147f055265d498d99deea956ba00f

HTTP Headers

GET /update/3/SystemAddons/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 42
rule-id: unknown
rule-data-version: unknown
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
via: 1.1 google
date: Mon, 11 Dec 2023 13:25:11 GMT
content-type: text/xml; charset=utf-8
age: 17
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css2?family=Yantramanav&display=swap

142.250.74.106

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Yantramanav&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (1177), with no line terminators
Size
1.2 kB (1150 bytes)
Hash
0c73a4511b6734be8645e54e8f8631ed
01a7a9eed096fded4951b5fb9caf79efdeb7167e
fcefe2994aee1e782431bf4eb0a68bd4a9751011894c07980fd904176b8e8c83

HTTP Headers

GET /css2?family=Yantramanav&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 11 Dec 2023 13:25:00 GMT
date: Mon, 11 Dec 2023 13:25:00 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (23)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers