Report - medgelx.com.my/sha/sall.html

Report Overview

Visited public
2025-07-08 14:13:20
Tags
suspicious telegram_bot
Submit Tags
URL
medgelx.com.my/sha/sall.html
Finishing URL
medgelx.com.my/sha/sall.html
IP / ASN
103.6.198.62
#46015 Exa Bytes Network Sdn.Bhd.
Title
Webmail
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
use.fontawesome.com	942	2012-10-18	2017-01-30	2025-07-02	466 B	38 kB	172.67.142.245
webmail.emailpnl.com	unknown	2015-04-15	2019-06-15	2025-05-01	2.6 kB	7.3 MB	185.97.217.96
medgelx.com.my	unknown	unknown	2025-07-07	2025-07-07	2.3 kB	155 kB	103.6.198.62
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-07-02	1.6 kB	107 kB	104.16.174.226
api64.ipify.org	13197	2014-01-05	2020-08-17	2025-07-06	431 B	214 B	173.231.16.77

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-07-08 14:13:02	low	Client IP	173.231.16.77	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-07-08	medium	medgelx.com.my/sha/sall.html	Detects file containing Telegram Bot API
2025-07-08	medium	javascript.script.md5:c9e8ea29c5bbaa9e9d188f21f9a0c71f	Detects file containing Telegram Bot API

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Telegram Bot detected

URL
medgelx.com.my/sha/sall.html
IP / ASN
103.6.198.62
#46015 Exa Bytes Network Sdn.Bhd.

Token
7841552101:AAGcn9vyRl8NOBwRcPDxUtJqBCrEMX2GFKA

Bot Overview
User ID 7841552101
Username smtpstolenbot
First Name smtpstolen
Last Name
Chat Information
Chat ID
Chat Type
Title
User Count 0
Admins 0
Pending Messages 0

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	webmail.emailpnl.com/static/js/styles.c6f4f617.chunk.js	ScriptElement	55 kB	2025-07-08	2025-07-08
Pretty URL webmail.emailpnl.com/static/js/styles.c6f4f617.chunk.js IP 185.97.217.96 ASN #21056 Vianova S.p.A Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-08 14:13 Last Seen2025-07-08 14:13 Times Seen1 Hash 29b60e12e7491e7af0c981bea97ddb66 218f8b7b395b52787d3a080e7b6fe63a8ec80884 8b122ab15b54e792663b746737bb7cf28a9a6c046be6995915ec7545b67544f5 Loading...

	webmail.emailpnl.com/static/js/App.59b3ba05.chunk.js	ScriptElement	1.0 kB	2025-07-08	2025-07-08
Pretty URL webmail.emailpnl.com/static/js/App.59b3ba05.chunk.js IP 185.97.217.96 ASN #21056 Vianova S.p.A Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-08 14:13 Last Seen2025-07-08 14:13 Times Seen1 Hash 8a44410e2d3a39fbba415127652a3dd3 026ff344a4b10fe159ca19b6b89db3d4fa5ea510 03a5b0a40d50db9598ede496289b56bb14f547bc10a11f4bf6230405d108f983 Loading...

	medgelx.com.my/sha/sall.html	ScriptElement	4.2 kB	2025-07-08	2025-07-08
Pretty URL medgelx.com.my/sha/sall.html IP 103.6.198.62 ASN #46015 Exa Bytes Network Sdn.Bhd. Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-08 14:13 Last Seen2025-07-08 14:13 Times Seen1 Hash c9e8ea29c5bbaa9e9d188f21f9a0c71f 406f9153ba0244ba5a3418123ce184cb93c3695f 0d5bba8b02eae3893471b4776ceccf4a1c5cb5aa30b6c3525bdb87c9c99f09d7 Loading...

HTTP Transactions (16)

URL IP Response Size

GET webmail.emailpnl.com/static/js/styles.c6f4f617.chunk.js

185.97.217.96

200 OK

55 kB

URL GET
webmail.emailpnl.com/static/js/styles.c6f4f617.chunk.js
IP
185.97.217.96:443
ASN
#21056 Vianova S.p.A

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerGoGetSSL
Subjectcbsolt.net
Fingerprint43:EE:53:70:AE:C5:EB:CD:91:00:31:49:50:B0:45:BD:9A:35:DB:B0
ValidityTue, 05 Nov 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (54785)
Size
55 kB (54836 bytes)
Hash
29b60e12e7491e7af0c981bea97ddb66
218f8b7b395b52787d3a080e7b6fe63a8ec80884
8b122ab15b54e792663b746737bb7cf28a9a6c046be6995915ec7545b67544f5

HTTP Headers

GET /static/js/styles.c6f4f617.chunk.js HTTP/1.1
Host: webmail.emailpnl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 08 Jul 2025 14:12:59 GMT
content-type: application/javascript
last-modified: Mon, 26 May 2025 09:39:13 GMT
vary: Accept-Encoding
etag: W/"683436c1-d634"
expires: Thu, 07 Aug 2025 14:12:59 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

GET medgelx.com.my/static/css/Calendar.06afd61d.css

103.6.198.62

500 Internal Server Error

2.6 kB

URL GET
medgelx.com.my/static/css/Calendar.06afd61d.css
IP
103.6.198.62:443
ASN
#46015 Exa Bytes Network Sdn.Bhd.

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerLet's Encrypt
Subject*.medgelx.com.my
Fingerprint25:D2:F9:7D:8F:10:ED:80:FC:23:E2:4C:15:66:6C:D9:29:3E:59:47
ValidityTue, 08 Jul 2025 03:17:09 GMT - Mon, 06 Oct 2025 03:17:08 GMT

File type
HTML document, ASCII text
Size
2.6 kB (2609 bytes)
Hash
3d3683df3e167b7a023893426c8c79ab
5f0554b35eb9dba1336e5b0453a42589bdc0a9ee
0d4ce91d82a3f4ba37651035981263964a0b81aef990732b96a2d0e15e17c183

HTTP Headers

GET /static/css/Calendar.06afd61d.css HTTP/1.1
Host: medgelx.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/sha/sall.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 500 Internal Server Error
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
date: Tue, 08 Jul 2025 14:12:59 GMT
server: Apache
X-Firefox-Spdy: h2

GET medgelx.com.my/static/css/Calendar.06afd61d.css

103.6.198.62

500 Internal Server Error

2.6 kB

URL GET
medgelx.com.my/static/css/Calendar.06afd61d.css
IP
103.6.198.62:443
ASN
#46015 Exa Bytes Network Sdn.Bhd.

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerLet's Encrypt
Subject*.medgelx.com.my
Fingerprint25:D2:F9:7D:8F:10:ED:80:FC:23:E2:4C:15:66:6C:D9:29:3E:59:47
ValidityTue, 08 Jul 2025 03:17:09 GMT - Mon, 06 Oct 2025 03:17:08 GMT

File type
HTML document, ASCII text
Size
2.6 kB (2609 bytes)
Hash
3d3683df3e167b7a023893426c8c79ab
5f0554b35eb9dba1336e5b0453a42589bdc0a9ee
0d4ce91d82a3f4ba37651035981263964a0b81aef990732b96a2d0e15e17c183

HTTP Headers

GET /static/css/Calendar.06afd61d.css HTTP/1.1
Host: medgelx.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/sha/sall.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 500 Internal Server Error
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
date: Tue, 08 Jul 2025 14:13:01 GMT
server: Apache
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/fontsource/fonts/source-sans-pro@latest/latin-600-normal.ttf

104.16.174.226

200 OK

35 kB

URL GET
cdn.jsdelivr.net/fontsource/fonts/source-sans-pro@latest/latin-600-normal.ttf
IP
104.16.174.226:443
ASN
#13335 CLOUDFLARENET

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
FingerprintA6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F
ValidityFri, 25 Apr 2025 00:00:00 GMT - Mon, 04 May 2026 23:59:59 GMT

File type
TrueType Font data, 13 tables, 1st "GDEF", 8 names, Microsoft, language 0x409
Size
35 kB (34576 bytes)
Hash
0d7f809528836a12b397b4fb18d23456
55907f418d6556cfbecbce1068740a7c17b06192
30ad5ce68a49a3c8ac2272dfcdb02edce0e42e920fe7a1c88ad6d348d415cbd9

HTTP Headers

GET /fontsource/fonts/source-sans-pro@latest/latin-600-normal.ttf HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://medgelx.com.my
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 14:13:02 GMT
content-type: font/ttf
content-length: 18190
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=86400, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-disposition: attachment; filename="source-sans-pro_5.1.0_latin-600-normal.ttf"
etag: W/"8710-VZB/QY1lVs++y84QaHQKfBewYZI"
content-encoding: br
x-served-by: cache-fra-eddf8230141-FRA, cache-lga21980-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 83254
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2tedYvaZNjXS4YPAZ2DXvPhxNH7a6ramD3t6lT%2BewopKVL7stQQQgdIg88s3wWGkkJBlSADIqIlX09oJTCIsG%2BXPv9jp4Gy7PRYHZ1Vlj574K%2BK0wdSpWknC%2Fjpl%2B7jKVPo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 95c02e104cb30b55-OSL
X-Firefox-Spdy: h2

GET medgelx.com.my/sha/sall.html

103.6.198.62

200 OK

143 kB

URL User Request GET
medgelx.com.my/sha/sall.html
IP
103.6.198.62:443
ASN
#46015 Exa Bytes Network Sdn.Bhd.

Certificate
IssuerLet's Encrypt
Subject*.medgelx.com.my
Fingerprint25:D2:F9:7D:8F:10:ED:80:FC:23:E2:4C:15:66:6C:D9:29:3E:59:47
ValidityTue, 08 Jul 2025 03:17:09 GMT - Mon, 06 Oct 2025 03:17:08 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (36591), with CRLF line terminators
Size
143 kB (143304 bytes)
Hash
91814aa1bd0475ba1198c50327f1430f
7a01b9b1fd17e0095e96904765b447278370a7d2
9ad4b9b96b98a2c4bf515e970d6b8117a58805b0741aaf172b89513a5b9e5643

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API

HTTP Headers

GET /sha/sall.html HTTP/1.1
Host: medgelx.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Tue, 01 Jul 2025 23:03:49 GMT
accept-ranges: bytes
content-length: 143304
content-type: text/html
date: Tue, 08 Jul 2025 14:12:58 GMT
server: Apache
X-Firefox-Spdy: h2

GET webmail.emailpnl.com/static/js/App.59b3ba05.chunk.js

185.97.217.96

200 OK

5.8 MB

URL GET
webmail.emailpnl.com/static/js/App.59b3ba05.chunk.js
IP
185.97.217.96:443
ASN
#21056 Vianova S.p.A

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerGoGetSSL
Subjectcbsolt.net
Fingerprint43:EE:53:70:AE:C5:EB:CD:91:00:31:49:50:B0:45:BD:9A:35:DB:B0
ValidityTue, 05 Nov 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65460)
Size
5.8 MB (5787751 bytes)
Hash
212af1aca55cda0b9b271f1220e94e3a
d50c818525b3771d9aaac39729a539712c15f7a0
adbbe6881681b983e0f51f7515c7beafda95d648c1572576f6bd83b076d8c6aa

HTTP Headers

GET /static/js/App.59b3ba05.chunk.js HTTP/1.1
Host: webmail.emailpnl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 08 Jul 2025 14:12:59 GMT
content-type: application/javascript
last-modified: Mon, 26 May 2025 09:39:13 GMT
vary: Accept-Encoding
etag: W/"683436c1-585067"
expires: Thu, 07 Aug 2025 14:12:59 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

GET medgelx.com.my/static/js/Calendar.c94aa4b8.chunk.js

103.6.198.62

500 Internal Server Error

2.6 kB

URL GET
medgelx.com.my/static/js/Calendar.c94aa4b8.chunk.js
IP
103.6.198.62:443
ASN
#46015 Exa Bytes Network Sdn.Bhd.

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerLet's Encrypt
Subject*.medgelx.com.my
Fingerprint25:D2:F9:7D:8F:10:ED:80:FC:23:E2:4C:15:66:6C:D9:29:3E:59:47
ValidityTue, 08 Jul 2025 03:17:09 GMT - Mon, 06 Oct 2025 03:17:08 GMT

File type
HTML document, ASCII text
Size
2.6 kB (2609 bytes)
Hash
3d3683df3e167b7a023893426c8c79ab
5f0554b35eb9dba1336e5b0453a42589bdc0a9ee
0d4ce91d82a3f4ba37651035981263964a0b81aef990732b96a2d0e15e17c183

HTTP Headers

GET /static/js/Calendar.c94aa4b8.chunk.js HTTP/1.1
Host: medgelx.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/sha/sall.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 500 Internal Server Error
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
date: Tue, 08 Jul 2025 14:12:59 GMT
server: Apache
X-Firefox-Spdy: h2

GET webmail.emailpnl.com/webmail_assets/favicon.ico

185.97.217.96

200 OK

7.4 kB

URL GET
webmail.emailpnl.com/webmail_assets/favicon.ico
IP
185.97.217.96:443
ASN
#21056 Vianova S.p.A

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerGoGetSSL
Subjectcbsolt.net
Fingerprint43:EE:53:70:AE:C5:EB:CD:91:00:31:49:50:B0:45:BD:9A:35:DB:B0
ValidityTue, 05 Nov 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
Size
7.4 kB (7406 bytes)
Hash
b3654e0b3b32f0d085dbd66081dcc5bf
0d01503d962798f032c6b43d5a3da350b044cf5a
2336be022fea58d7cfa7d3e4b76a459af15f4dce718f6935d45d405780ccf68d

HTTP Headers

GET /webmail_assets/favicon.ico HTTP/1.1
Host: webmail.emailpnl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 08 Jul 2025 14:13:02 GMT
content-type: image/x-icon
content-length: 7406
last-modified: Fri, 12 Jan 2024 11:49:29 GMT
etag: "65a12749-1cee"
expires: Thu, 07 Aug 2025 14:13:02 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/fontsource/fonts/source-sans-pro@latest/latin-700-normal.ttf

104.16.174.226

200 OK

35 kB

URL GET
cdn.jsdelivr.net/fontsource/fonts/source-sans-pro@latest/latin-700-normal.ttf
IP
104.16.174.226:443
ASN
#13335 CLOUDFLARENET

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
FingerprintA6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F
ValidityFri, 25 Apr 2025 00:00:00 GMT - Mon, 04 May 2026 23:59:59 GMT

File type
TrueType Font data, 13 tables, 1st "GDEF", 8 names, Microsoft, language 0x409
Size
35 kB (34640 bytes)
Hash
195929e938e962533588d5c3ad527d00
9e1f5efd9ab8de294580f3428e84b83831320575
4e38d3d3b7704b1b3e27281d94cab7bcfa14a4915973afd4195878ffa0a61fc1

HTTP Headers

GET /fontsource/fonts/source-sans-pro@latest/latin-700-normal.ttf HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://medgelx.com.my
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 14:13:02 GMT
content-type: font/ttf
content-length: 18297
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=86400, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-disposition: attachment; filename="source-sans-pro_5.1.0_latin-700-normal.ttf"
etag: W/"8750-nh9e/Zq43ilFgPNCjoS4ODEyBXU"
content-encoding: br
x-served-by: cache-fra-eddf8230057-FRA, cache-lga21945-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 31606
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4bsH36WdkYaBYgfC6Tiqt0xq%2Bq8Lc8eub8apg%2BQjvMN%2FGDmAXjzOSdM%2BoboPRL5S6jVv8%2FccwZQ5uObzyn45rNs9Ue%2FYbNEGOUv01Em1BFGaFf%2BN9Hm8qzqDS1jnL6pCToM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 95c02e104cb20b55-OSL
X-Firefox-Spdy: h2

GET api64.ipify.org/?format=json

173.231.16.77

200 OK

21 B

URL GET
api64.ipify.org/?format=json
IP
173.231.16.77:443
ASN
#18450 WEBNX

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerDigiCert Inc
Subject*.ipify.org
Fingerprint9B:74:6A:25:D6:31:FF:C3:36:8D:D7:54:7C:C2:B6:CC:A3:CD:17:03
ValidityThu, 06 Feb 2025 00:00:00 GMT - Mon, 09 Mar 2026 23:59:59 GMT

File type
JSON text data
Size
21 B (21 bytes)
Hash
7d69c71af0f191e9a72db6153f8018d1
f67c5f2887bc05654b47f76e9621e53a4091aed1
5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65

HTTP Headers

GET /?format=json HTTP/1.1
Host: api64.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://medgelx.com.my/
Origin: https://medgelx.com.my
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 08 Jul 2025 14:13:02 GMT
Content-Type: application/json
Content-Length: 21
Connection: keep-alive
Access-Control-Allow-Origin: *
Vary: Origin

GET use.fontawesome.com/releases/v5.0.10/css/all.css

172.67.142.245

200 OK

37 kB

URL GET
use.fontawesome.com/releases/v5.0.10/css/all.css
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
FingerprintDA:FB:BC:1A:2B:40:16:07:27:DC:AC:27:1C:83:0A:53:D4:C7:76:89
ValidityWed, 02 Jul 2025 01:25:22 GMT - Tue, 30 Sep 2025 02:25:16 GMT

File type
ASCII text, with very long lines (36418)
Size
37 kB (36599 bytes)
Hash
d1acb8ad33b1526acbfd3f0028b859b0
292f3e748a5536c0e9fdc3bee02dbf89adc80b1d
cfac6241dd3aabb5f1552c17501790093015c006a8e13671823c1ff4872beaae

HTTP Headers

GET /releases/v5.0.10/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://medgelx.com.my
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 14:12:59 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"d1acb8ad33b1526acbfd3f0028b859b0"
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
vary: Origin, Accept-Encoding
age: 33574
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Z2%2FUp2KMAVJrz5IC5Ktwpd%2FmOnHqqJ4K0dOQlgZ5OaMZeN7LU9Bh6h4dkgj1Rx9N0jDuNPTRri3%2FfUIwmURmjWORdwSUJHboshV9huJiGpYy9S44lf4Pb5O%2FtcqLAfFKL8sqoY2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 95c02e000cce56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=913&min_rtt=585&rtt_var=670&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3275&recv_bytes=1236&delivery_rate=4900169&cwnd=253&unsent_bytes=0&cid=92156f848fc0e885&ts=35&x=0"
X-Firefox-Spdy: h2

GET webmail.emailpnl.com/static/js/Calendar.c94aa4b8.chunk.js

185.97.217.96

200 OK

665 kB

URL GET
webmail.emailpnl.com/static/js/Calendar.c94aa4b8.chunk.js
IP
185.97.217.96:443
ASN
#21056 Vianova S.p.A

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerGoGetSSL
Subjectcbsolt.net
Fingerprint43:EE:53:70:AE:C5:EB:CD:91:00:31:49:50:B0:45:BD:9A:35:DB:B0
ValidityTue, 05 Nov 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65524), with no line terminators
Size
665 kB (665349 bytes)
Hash
b39cddae05ed251c9e25455931092527
03fc13798b30b457648364a447c7e834b240d658
ae95e63d82f4385195c9adcc0381576fe46f8b6fb9d56faa977d0fbfe6adaa65

HTTP Headers

GET /static/js/Calendar.c94aa4b8.chunk.js HTTP/1.1
Host: webmail.emailpnl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 08 Jul 2025 14:12:59 GMT
content-type: application/javascript
last-modified: Mon, 26 May 2025 09:39:13 GMT
vary: Accept-Encoding
etag: W/"683436c1-a2705"
expires: Thu, 07 Aug 2025 14:12:59 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

GET webmail.emailpnl.com/static/css/App.483b313e.css

185.97.217.96

200 OK

738 kB

URL GET
webmail.emailpnl.com/static/css/App.483b313e.css
IP
185.97.217.96:443
ASN
#21056 Vianova S.p.A

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerGoGetSSL
Subjectcbsolt.net
Fingerprint43:EE:53:70:AE:C5:EB:CD:91:00:31:49:50:B0:45:BD:9A:35:DB:B0
ValidityTue, 05 Nov 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
738 kB (738003 bytes)
Hash
a30324bfb2eb54717dc4963f27b805e8
a662b5931c0503821c508fe8a078bcb9f95c34c7
16faf333819a5b57eaf8bb6bdc24a6e50e7e56192e88dd90dff5e8990177f2d3

HTTP Headers

GET /static/css/App.483b313e.css HTTP/1.1
Host: webmail.emailpnl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 08 Jul 2025 14:12:59 GMT
content-type: text/css
last-modified: Mon, 26 May 2025 09:39:13 GMT
vary: Accept-Encoding
etag: W/"683436c1-b42d3"
expires: Thu, 07 Aug 2025 14:12:59 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

GET medgelx.com.my/static/js/Calendar.c94aa4b8.chunk.js

103.6.198.62

500 Internal Server Error

2.6 kB

URL GET
medgelx.com.my/static/js/Calendar.c94aa4b8.chunk.js
IP
103.6.198.62:443
ASN
#46015 Exa Bytes Network Sdn.Bhd.

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerLet's Encrypt
Subject*.medgelx.com.my
Fingerprint25:D2:F9:7D:8F:10:ED:80:FC:23:E2:4C:15:66:6C:D9:29:3E:59:47
ValidityTue, 08 Jul 2025 03:17:09 GMT - Mon, 06 Oct 2025 03:17:08 GMT

File type
HTML document, ASCII text
Size
2.6 kB (2609 bytes)
Hash
3d3683df3e167b7a023893426c8c79ab
5f0554b35eb9dba1336e5b0453a42589bdc0a9ee
0d4ce91d82a3f4ba37651035981263964a0b81aef990732b96a2d0e15e17c183

HTTP Headers

GET /static/js/Calendar.c94aa4b8.chunk.js HTTP/1.1
Host: medgelx.com.my
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/sha/sall.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 500 Internal Server Error
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
date: Tue, 08 Jul 2025 14:13:01 GMT
server: Apache
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/fontsource/fonts/source-sans-pro@latest/latin-400-normal.ttf

104.16.174.226

200 OK

35 kB

URL GET
cdn.jsdelivr.net/fontsource/fonts/source-sans-pro@latest/latin-400-normal.ttf
IP
104.16.174.226:443
ASN
#13335 CLOUDFLARENET

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
FingerprintA6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F
ValidityFri, 25 Apr 2025 00:00:00 GMT - Mon, 04 May 2026 23:59:59 GMT

File type
TrueType Font data, 13 tables, 1st "GDEF", 8 names, Microsoft, language 0x409
Size
35 kB (34668 bytes)
Hash
b67696464a37ecb7e27c8b0eb1320292
9989a6b975e5f86abfe7965896d6ab5cfe649989
32dc3e6b33623ebe98c31bc88c14f86b7833d52f9dc4b0e43e936f4b43a45fcf

HTTP Headers

GET /fontsource/fonts/source-sans-pro@latest/latin-400-normal.ttf HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://medgelx.com.my
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 14:13:02 GMT
content-type: font/ttf
content-length: 18277
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=86400, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-disposition: attachment; filename="source-sans-pro_5.0.8_latin-400-normal.ttf"
etag: W/"876c-mYmmuXXl+Gq/55ZYltarXP5kmYk"
content-encoding: br
x-served-by: cache-fra-eddf8230100-FRA, cache-lga21991-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 83254
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=koiu7ue6inOWslakAXnldmuwwNM3NUvlW%2BzQqowPFEZMmIFnvnbt3d3Puhi6%2FRq%2Fxpz5chem6iS4voR2nTqKnWqcr1qtw4o5WQ7yYjVgcgnHq5RuVw9r3SCeKegyMAv4NkI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 95c02e104cb10b55-OSL
X-Firefox-Spdy: h2

GET webmail.emailpnl.com/webmail_assets/apple-touch-icon.png

185.97.217.96

200 OK

3.1 kB

URL GET
webmail.emailpnl.com/webmail_assets/apple-touch-icon.png
IP
185.97.217.96:443
ASN
#21056 Vianova S.p.A

Requested by
https://medgelx.com.my/sha/sall.html
Certificate
IssuerGoGetSSL
Subjectcbsolt.net
Fingerprint43:EE:53:70:AE:C5:EB:CD:91:00:31:49:50:B0:45:BD:9A:35:DB:B0
ValidityTue, 05 Nov 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
3.1 kB (3067 bytes)
Hash
b996cbadd8fe0f6adc9d34c6e6902e63
b77fc9c7061f90df395bbc30717fdcb284e19f8a
5c37b81704e511edb1a5c841a637b64c34b6bc1dad79ca308c16753e98473a13

HTTP Headers

GET /webmail_assets/apple-touch-icon.png HTTP/1.1
Host: webmail.emailpnl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://medgelx.com.my/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 08 Jul 2025 14:13:02 GMT
content-type: image/png
content-length: 3067
last-modified: Fri, 12 Jan 2024 11:49:29 GMT
etag: "65a12749-bfb"
expires: Thu, 07 Aug 2025 14:13:02 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Telegram Bot detected

Token

Bot Overview

Chat Information

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size