Report - uppercasebooks.co.za/wp-content/mpp/002f893c7da0e6dfd7374d85b34c96cc/LoginEr.php?loginError_id=c3FauthzReqId=4b418d3e9d4d289e8a2dcd41ff6cb2da15181d31&consent_handled=true&consentResponseUri=/protocol/

Report Overview

Visited public
2025-05-04 04:59:17
Tags
URL
uppercasebooks.co.za/wp-content/mpp/002f893c7da0e6dfd7374d85b34c96cc/LoginEr.php?loginError_id=c3FauthzReqId=4b418d3e9d4d289e8a2dcd41ff6cb2da15181d31&consent_handled=true&consentResponseUri=/protocol/
Finishing URL
uppercasebooks.co.za/
IP / ASN
104.21.72.254
#13335 CLOUDFLARENET
Title
MP3Juice - Download Free Mp3 Juice Music

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
uppercasebooks.co.za	unknown	2025-03-14	2025-04-15	2025-05-02	3.4 kB	146 kB	188.114.96.1
madurird.com	unknown	2023-10-06	2023-10-07	2025-05-01	3.3 kB	114 kB	139.45.197.106
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-04-30	2.0 kB	213 kB	104.17.25.14
glookockish.com	unknown	2025-03-05	2025-03-07	2025-05-02	414 B	70 kB	188.114.97.1
dukingdraon.com	unknown	2023-03-21	2023-03-21	2025-05-02	420 B	8.8 kB	139.45.197.106
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-04-30	487 B	843 B	172.64.146.234
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-04-30	441 B	382 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-04	medium	madurird.com	Sinkholed
2025-05-04	medium	glookockish.com	Sinkholed
2025-05-04	medium	madurird.com	Sinkholed
2025-05-04	medium	dukingdraon.com	Sinkholed
2025-05-04	medium	madurird.com	Sinkholed
2025-05-04	medium	madurird.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	uppercasebooks.co.za/	ScriptElement	153 B	2023-07-16	2025-05-11
Pretty URL uppercasebooks.co.za/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-16 08:08 Last Seen2025-05-11 06:26 Times Seen32 Hash a3d162135bb1e9f34828e628ef6c1a6e 4d3674d5e31b12ca980cbb158b757f6efe0b7a43 106cd6ce8727b6a762b3d60f345ecfd751d7ac779d1bb890dab7a962b447b2a3 Loading...

	www.googletagmanager.com/gtag/js?id=G-98K7K73WWP	ScriptElement	382 kB	2025-05-04	2025-05-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-98K7K73WWP IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-04 04:59 Last Seen2025-05-04 04:59 Times Seen1 Hash dea5dbd032a300b7872e21c392ff23bf 5d9cf1d821246d8a2a6e5c0f18a7d4c9e3c5d42f edc217e306242af1cf6efe7ba7fabf54b59068e1cadb7d21f263140138836f9e Loading...

	cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.min.js	ScriptElement	14 kB	2023-03-09	2025-05-22
Pretty URL cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:02 Last Seen2025-05-22 16:43 Times Seen158 Hash ff47de286b85458fc24bf2682beee6d1 0ed978b46b2f78990bfda4241d2853e30ae87ed3 a01583bb1046d42e54d2ddf18e6659d54025b7db0a792464dba2a2572e23c696 Loading...

	uppercasebooks.co.za/assets/js/juices.js	ScriptElement	14 kB	2025-01-14	2025-05-11
Pretty URL uppercasebooks.co.za/assets/js/juices.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-14 13:40 Last Seen2025-05-11 06:26 Times Seen27 Hash cfa80fdb1eea28c20d6529e16f938a7c a08e44f1cca64cb9cfed23c1a9fd24e92e5cc62b f5812a984b094372daf9374cb683be71ccbc98a5ac83f1ba61acd184ca5bd28e Loading...

	dukingdraon.com/btag.min.js	ScriptElement	7.9 kB	2025-03-25	2025-05-11
Pretty URL dukingdraon.com/btag.min.js IP 139.45.197.106 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-25 17:43 Last Seen2025-05-11 11:31 Times Seen23 Hash 1c229b8a4871f6bee012dfe2e704af66 6bce53f1972bc2a35420008deb2e10ffd08bd3fb 96da589ed7cd451efb19ac4016d859745b62640985a91d7f4e07a082ed1074bd Loading...

	about:blank	ScriptElement	172 B	2025-05-04	2025-05-04
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-04 04:59 Last Seen2025-05-04 04:59 Times Seen1 Hash c6769375b5061840b1250d7be9562dfb a3028463c26cd2b8bf73296b6788cc342c80d605 18471aced7a206824e5309a038fa74c1310e423ba56e8af7e9c2712119649b29 Loading...

	madurird.com/5/6901701/?bnr=1	ScriptElement	108 kB	2025-05-04	2025-05-04
Pretty URL madurird.com/5/6901701/?bnr=1 IP 139.45.197.106 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-04 04:59 Last Seen2025-05-04 04:59 Times Seen1 Hash baea879c0724195010468106d1734680 4cbcd80f4ca77e049fc20bd29f3510925e5648ee b7cb8b16264203231d1bc5300fef002492b17f9493897c806bd01936bbc468f1 Loading...

	uppercasebooks.co.za/assets/jquery.min.js	ScriptElement	96 kB	2024-10-16	2025-05-11
Pretty URL uppercasebooks.co.za/assets/jquery.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-16 16:18 Last Seen2025-05-11 06:26 Times Seen56 Hash c4bdff34a51cd8fb68007f5b4ddc364b 8b7f09dd80ab21fd934b93ae4f96f1b75bbf4748 8c2d7634909de2d82b5e2ef38f456f0605db2dba8fc2e7d5a27469909c4fdfc7 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-24 04:38 Times Seen58148 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

HTTP Transactions (19)

URL IP Response Size

uppercasebooks.co.za/assets/logo.png

188.114.96.1

200 OK

5.9 kB

URL GET
uppercasebooks.co.za/assets/logo.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerGoogle Trust Services
Subjectuppercasebooks.co.za
Fingerprint6B:3F:98:5D:31:79:4F:28:7D:36:D0:40:0C:AA:B1:7A:0C:CD:7E:BD
ValidityThu, 20 Mar 2025 03:14:21 GMT - Wed, 18 Jun 2025 04:10:15 GMT

File type
PNG image data, 221 x 125, 8-bit/color RGBA, non-interlaced
Size
5.9 kB (5936 bytes)
Hash
cafffc5d6b95d4e7de2f220f58ffedab
a22fb47bd118ee384c8782d644aa9243d3e3d3e7
8c2b4c0eb5a3fb77999430d461d854f43639d4206458cda4534e4eb0c7b12880

HTTP Headers

GET /assets/logo.png HTTP/1.1
Host: uppercasebooks.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uppercasebooks.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 May 2025 04:58:45 GMT
content-type: image/png
content-length: 5936
server: cloudflare
last-modified: Mon, 25 Mar 2024 06:30:02 GMT
etag: "1730-614764daace80"
accept-ranges: bytes
cache-control: public, max-age=31536000
expires: Wed, 22 Apr 2026 23:33:00 GMT
vary: User-Agent
cf-cache-status: HIT
priority: u=4,i=?0
cf-ray: 93a56cbf1a735684-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

uppercasebooks.co.za/assets/js/juices.js

188.114.96.1

200 OK

14 kB

URL GET
uppercasebooks.co.za/assets/js/juices.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerGoogle Trust Services
Subjectuppercasebooks.co.za
Fingerprint6B:3F:98:5D:31:79:4F:28:7D:36:D0:40:0C:AA:B1:7A:0C:CD:7E:BD
ValidityThu, 20 Mar 2025 03:14:21 GMT - Wed, 18 Jun 2025 04:10:15 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (727)
Size
14 kB (14546 bytes)
Hash
cfa80fdb1eea28c20d6529e16f938a7c
a08e44f1cca64cb9cfed23c1a9fd24e92e5cc62b
f5812a984b094372daf9374cb683be71ccbc98a5ac83f1ba61acd184ca5bd28e

HTTP Headers

GET /assets/js/juices.js HTTP/1.1
Host: uppercasebooks.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uppercasebooks.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 May 2025 04:58:45 GMT
content-type: text/javascript
content-length: 3651
server: cloudflare
last-modified: Tue, 19 Nov 2024 05:36:48 GMT
etag: "38d2-6273d6b6516bb-gzip"
accept-ranges: bytes
cache-control: public, max-age=31536000
expires: Thu, 22 May 2025 21:11:23 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
cf-cache-status: HIT
priority: u=3,i=?0
cf-ray: 93a56cbf2a755684-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

madurird.com/wrr?z=6901701&p_rid=29174a5e-dd9a-498d-9435-a6431c1a1e37&rb=OSQg1aGnx7MC6cij5mqbqdbaM6FmDhKQFq9jlIgZQYaB0njm0Z8LpG3DCdzLFD3dVoB8JL1FRZ-MLwESrGD-AjXSpQYdZz5uQGyKXjZMAg303hDsV8p8JmwwOj82uRz99afk039FpUrETskhcvxsv1-lyq4dAlco8fXBmHuuwdEMND0Fhf9a2_tbJdJblsuNAZnSFZ0Y_997JzkvNQ5Vukgxnlx-hrezAusnC8I6bDJ96pMIxvWPXy3ReJOkDldauoLfRA==&dmn=madurird.com&userId=0081bfd203b34e82fb43baa0e18d695c

139.45.197.106

204 No Content

0 B

URL POST
madurird.com/wrr?z=6901701&p_rid=29174a5e-dd9a-498d-9435-a6431c1a1e37&rb=OSQg1aGnx7MC6cij5mqbqdbaM6FmDhKQFq9jlIgZQYaB0njm0Z8LpG3DCdzLFD3dVoB8JL1FRZ-MLwESrGD-AjXSpQYdZz5uQGyKXjZMAg303hDsV8p8JmwwOj82uRz99afk039FpUrETskhcvxsv1-lyq4dAlco8fXBmHuuwdEMND0Fhf9a2_tbJdJblsuNAZnSFZ0Y_997JzkvNQ5Vukgxnlx-hrezAusnC8I6bDJ96pMIxvWPXy3ReJOkDldauoLfRA==&dmn=madurird.com&userId=0081bfd203b34e82fb43baa0e18d695c
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerLet's Encrypt
Subjectmadurird.com
FingerprintE6:F5:25:47:3F:87:05:23:96:F8:35:FA:1C:BC:79:F8:B3:85:26:2D
ValiditySat, 19 Apr 2025 05:46:37 GMT - Fri, 18 Jul 2025 05:46:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wrr?z=6901701&p_rid=29174a5e-dd9a-498d-9435-a6431c1a1e37&rb=OSQg1aGnx7MC6cij5mqbqdbaM6FmDhKQFq9jlIgZQYaB0njm0Z8LpG3DCdzLFD3dVoB8JL1FRZ-MLwESrGD-AjXSpQYdZz5uQGyKXjZMAg303hDsV8p8JmwwOj82uRz99afk039FpUrETskhcvxsv1-lyq4dAlco8fXBmHuuwdEMND0Fhf9a2_tbJdJblsuNAZnSFZ0Y_997JzkvNQ5Vukgxnlx-hrezAusnC8I6bDJ96pMIxvWPXy3ReJOkDldauoLfRA==&dmn=madurird.com&userId=0081bfd203b34e82fb43baa0e18d695c HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uppercasebooks.co.za/
content-type: application/json
Content-Length: 2487
Origin: https://uppercasebooks.co.za
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sun, 04 May 2025 04:58:46 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://uppercasebooks.co.za
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.min.js

104.17.25.14

200 OK

14 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (13786)
Size
14 kB (14114 bytes)
Hash
ff47de286b85458fc24bf2682beee6d1
0ed978b46b2f78990bfda4241d2853e30ae87ed3
a01583bb1046d42e54d2ddf18e6659d54025b7db0a792464dba2a2572e23c696

HTTP Headers

GET /ajax/libs/iframe-resizer/4.3.2/iframeResizer.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uppercasebooks.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 May 2025 04:58:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 4924
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93a56cbf5e2c1bfa-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "60c3228f-133c"
last-modified: Fri, 11 Jun 2021 08:45:03 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 209835
expires: Fri, 24 Apr 2026 04:58:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dgaPqsq2o1CH%2BAuT%2F9vHE5Zu7V1187so6Ak0%2BdIDvD1tiM%2BY5EcZLnARl%2BnjuuKMZLv15YCj5D4%2BYFb%2BVTyAnK%2BA%2BVJM2gl0QTwTdSy7NHqQa1D9vf6uaFEf3NJGmsLhnFymhAZn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

uppercasebooks.co.za/assets/favicon.ico

188.114.96.1

200 OK

5.4 kB

URL GET
uppercasebooks.co.za/assets/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerGoogle Trust Services
Subjectuppercasebooks.co.za
Fingerprint6B:3F:98:5D:31:79:4F:28:7D:36:D0:40:0C:AA:B1:7A:0C:CD:7E:BD
ValidityThu, 20 Mar 2025 03:14:21 GMT - Wed, 18 Jun 2025 04:10:15 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
5.4 kB (5430 bytes)
Hash
2105fcc5b355d3ae5b8b1a9df0f1317b
55cc174311ee1eb5c38a56fab53b5f15fbdeef8e
93e7f9defa9e1c86e3dd546a478cea412e0743502802270277033a1fe470d84e

HTTP Headers

GET /assets/favicon.ico HTTP/1.1
Host: uppercasebooks.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uppercasebooks.co.za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 May 2025 04:58:45 GMT
content-type: image/x-icon
content-length: 2039
server: cloudflare
last-modified: Mon, 25 Mar 2024 06:30:02 GMT
etag: "1536-614764daace80-gzip"
accept-ranges: bytes
cache-control: public, max-age=31536000
expires: Wed, 22 Apr 2026 19:05:38 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
age: 345948
cf-cache-status: HIT
priority: u=6,i=?0
cf-ray: 93a56cc11b765684-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

glookockish.com/web/files/300x250/10.png

188.114.97.1

200 OK

70 kB

URL GET
glookockish.com/web/files/300x250/10.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerGoogle Trust Services
Subjectglookockish.com
Fingerprint54:C6:99:D9:69:6E:2F:4B:20:90:95:2D:B9:78:24:E3:43:37:1E:AF
ValiditySat, 03 May 2025 16:47:01 GMT - Fri, 01 Aug 2025 17:45:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size
70 kB (69586 bytes)
Hash
564b01a4940c02f982e1a05b8025f8f4
612dcb04382de811b6f68dd8d60aba0fbb9c807f
26791209aa05758ad2a7b76d60c837669c203228220433563a72b636282c8be2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web/files/300x250/10.png HTTP/1.1
Host: glookockish.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 May 2025 04:58:45 GMT
content-type: image/png
content-length: 69586
server: cloudflare
last-modified: Tue, 30 Apr 2024 13:05:37 GMT
etag: "564b01a4940c02f982e1a05b8025f8f4"
expires: Mon, 05 May 2025 01:41:00 GMT
cache-control: max-age=86400
timing-allow-origin: *
age: 11864
cf-cache-status: HIT
cf-ray: 93a56cc18f611c16-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

139.45.197.106

204 No Content

0 B

URL OPTIONS
madurird.com/wrr?z=6901701&p_rid=29174a5e-dd9a-498d-9435-a6431c1a1e37&rb=OSQg1aGnx7MC6cij5mqbqdbaM6FmDhKQFq9jlIgZQYaB0njm0Z8LpG3DCdzLFD3dVoB8JL1FRZ-MLwESrGD-AjXSpQYdZz5uQGyKXjZMAg303hDsV8p8JmwwOj82uRz99afk039FpUrETskhcvxsv1-lyq4dAlco8fXBmHuuwdEMND0Fhf9a2_tbJdJblsuNAZnSFZ0Y_997JzkvNQ5Vukgxnlx-hrezAusnC8I6bDJ96pMIxvWPXy3ReJOkDldauoLfRA==&dmn=madurird.com&userId=0081bfd203b34e82fb43baa0e18d695c
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerLet's Encrypt
Subjectmadurird.com
FingerprintE6:F5:25:47:3F:87:05:23:96:F8:35:FA:1C:BC:79:F8:B3:85:26:2D
ValiditySat, 19 Apr 2025 05:46:37 GMT - Fri, 18 Jul 2025 05:46:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /wrr?z=6901701&p_rid=29174a5e-dd9a-498d-9435-a6431c1a1e37&rb=OSQg1aGnx7MC6cij5mqbqdbaM6FmDhKQFq9jlIgZQYaB0njm0Z8LpG3DCdzLFD3dVoB8JL1FRZ-MLwESrGD-AjXSpQYdZz5uQGyKXjZMAg303hDsV8p8JmwwOj82uRz99afk039FpUrETskhcvxsv1-lyq4dAlco8fXBmHuuwdEMND0Fhf9a2_tbJdJblsuNAZnSFZ0Y_997JzkvNQ5Vukgxnlx-hrezAusnC8I6bDJ96pMIxvWPXy3ReJOkDldauoLfRA==&dmn=madurird.com&userId=0081bfd203b34e82fb43baa0e18d695c HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://uppercasebooks.co.za/
Origin: https://uppercasebooks.co.za
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sun, 04 May 2025 04:58:46 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://uppercasebooks.co.za
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

uppercasebooks.co.za/assets/jquery.min.js

188.114.96.1

200 OK

96 kB

URL GET
uppercasebooks.co.za/assets/jquery.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerGoogle Trust Services
Subjectuppercasebooks.co.za
Fingerprint6B:3F:98:5D:31:79:4F:28:7D:36:D0:40:0C:AA:B1:7A:0C:CD:7E:BD
ValidityThu, 20 Mar 2025 03:14:21 GMT - Wed, 18 Jun 2025 04:10:15 GMT

File type
JavaScript source, ASCII text, with very long lines (32086)
Size
96 kB (95833 bytes)
Hash
c4bdff34a51cd8fb68007f5b4ddc364b
8b7f09dd80ab21fd934b93ae4f96f1b75bbf4748
8c2d7634909de2d82b5e2ef38f456f0605db2dba8fc2e7d5a27469909c4fdfc7

HTTP Headers

GET /assets/jquery.min.js HTTP/1.1
Host: uppercasebooks.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uppercasebooks.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 May 2025 04:58:44 GMT
content-type: text/javascript
content-length: 33255
server: cloudflare
last-modified: Mon, 25 Mar 2024 06:30:02 GMT
etag: "17659-614764daace80-gzip"
accept-ranges: bytes
cache-control: public, max-age=31536000
expires: Thu, 22 May 2025 20:15:00 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
age: 248958
cf-cache-status: HIT
priority: u=3,i=?0
cf-ray: 93a56cbf1a6d5684-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

dukingdraon.com/btag.min.js

139.45.197.106

200 OK

7.9 kB

URL GET
dukingdraon.com/btag.min.js
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerLet's Encrypt
Subjectdukingdraon.com
Fingerprint26:54:2E:6E:B9:F8:45:32:59:2F:EC:CC:09:98:E3:62:E5:C1:9E:0D
ValidityMon, 10 Mar 2025 05:10:30 GMT - Sun, 08 Jun 2025 05:10:29 GMT

File type
JavaScript source, ASCII text, with very long lines (7918), with no line terminators
Size
7.9 kB (7918 bytes)
Hash
1c229b8a4871f6bee012dfe2e704af66
6bce53f1972bc2a35420008deb2e10ffd08bd3fb
96da589ed7cd451efb19ac4016d859745b62640985a91d7f4e07a082ed1074bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /btag.min.js HTTP/1.1
Host: dukingdraon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uppercasebooks.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 04 May 2025 04:58:45 GMT
content-type: application/javascript
x-trace-id: 9accdfdffa8f44f65eaac226c157f404
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

104.17.25.14

200 OK

87 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
87 kB (86927 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://uppercasebooks.co.za
DNT: 1
Connection: keep-alive
Referer: https://uppercasebooks.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 May 2025 04:58:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 27433
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93a56cbf5c3e56b9-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-1538f"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1916103
expires: Fri, 24 Apr 2026 04:58:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ASA7THNsMBa8D3na2KDfDN1%2BJ%2F3mtFJyP5rcDzUXH7YmWJXz7sW5QcRpD7XuNUddExRfo2J%2B4LIy6%2F2UDc%2BEdEKb3kBj4%2FIaZfsyaHpRUSSPwvXtvjoiVXaOrw%2BHIWHlsMUR9cKP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

104.17.25.14

200 OK

77 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://uppercasebooks.co.za
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 May 2025 04:58:45 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 77160
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93a56cbffca656b9-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03e5f-12d68"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 70374
expires: Fri, 24 Apr 2026 04:58:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rMBQ1aW3%2F7r3vZ6tmJjazSd4cUlanKybuMdo1BmJCdQTzUhOiUEVgyRzdcg087B6%2FEMz1KUrSr6Rvf6GlKbs5z%2Bl78ltHHmacBdW%2BiGRNwaDtfXqtwpbsUykxy3SUpcZyY6jIAXr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=0081bfd203b34e82fb43baa0e18d695c

172.64.146.234

200 OK

65 B

URL GET
my.rtmark.net/gid.js?userId=0081bfd203b34e82fb43baa0e18d695c
IP
172.64.146.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint61:93:FB:BF:25:C3:CE:7B:CB:69:5D:87:04:AA:ED:1B:35:8D:44:82
ValidityFri, 02 May 2025 11:10:51 GMT - Thu, 31 Jul 2025 12:10:47 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
8dd2398ce23531acf449d0b7da8199da
cc06d7a1b35c7026a39e9835b1cd5bd121660122
cf1e85329614bdfd141909dd145fd51ca19deaa399685094f54945cdfef4f2f7

HTTP Headers

GET /gid.js?userId=0081bfd203b34e82fb43baa0e18d695c HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://uppercasebooks.co.za
DNT: 1
Connection: keep-alive
Referer: https://uppercasebooks.co.za/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 May 2025 04:58:45 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://uppercasebooks.co.za
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0081bfd203b34e82fb43baa0e18d695c; expires=Mon, 04 May 2026 04:58:45 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 93a56cc3deb50b3d-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

uppercasebooks.co.za/wp-content/mpp/002f893c7da0e6dfd7374d85b34c96cc/LoginEr.php?loginError_id=c3FauthzReqId=4b418d3e9d4d289e8a2dcd41ff6cb2da15181d31&consent_handled=true&consentResponseUri=/protocol/

188.114.96.1

302 Found

8.0 kB

URL User Request GET
uppercasebooks.co.za/wp-content/mpp/002f893c7da0e6dfd7374d85b34c96cc/LoginEr.php?loginError_id=c3FauthzReqId=4b418d3e9d4d289e8a2dcd41ff6cb2da15181d31&consent_handled=true&consentResponseUri=/protocol/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectuppercasebooks.co.za
Fingerprint6B:3F:98:5D:31:79:4F:28:7D:36:D0:40:0C:AA:B1:7A:0C:CD:7E:BD
ValidityThu, 20 Mar 2025 03:14:21 GMT - Wed, 18 Jun 2025 04:10:15 GMT

File type

Size
8.0 kB (8044 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/mpp/002f893c7da0e6dfd7374d85b34c96cc/LoginEr.php?loginError_id=c3FauthzReqId=4b418d3e9d4d289e8a2dcd41ff6cb2da15181d31&consent_handled=true&consentResponseUri=/protocol/ HTTP/1.1
Host: uppercasebooks.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 04 May 2025 04:58:44 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding,User-Agent
location: /
cache-control: max-age=2592000
expires: Tue, 03 Jun 2025 04:58:44 GMT
cf-cache-status: DYNAMIC
cf-ray: 93a56cbd2a6bb529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

uppercasebooks.co.za/

188.114.96.1

200 OK

8.0 kB

URL User Request GET
uppercasebooks.co.za/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectuppercasebooks.co.za
Fingerprint6B:3F:98:5D:31:79:4F:28:7D:36:D0:40:0C:AA:B1:7A:0C:CD:7E:BD
ValidityThu, 20 Mar 2025 03:14:21 GMT - Wed, 18 Jun 2025 04:10:15 GMT

File type
HTML document, ASCII text, with very long lines (393)
Size
8.0 kB (8044 bytes)
Hash
252821fe726e6feb579dc35037e76339
0f6a5410a9ee38e502d43320bf37ae88b52cf4d3
7d6cafb36a0984910871e386e5a3c277ab5899f26942b53af0cd8360dffdb95e

HTTP Headers

GET / HTTP/1.1
Host: uppercasebooks.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 May 2025 04:58:44 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding,User-Agent
cache-control: max-age=2592000
expires: Tue, 03 Jun 2025 04:58:44 GMT
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 93a56cbd8aa7b529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.25.14

200 OK

31 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
ASCII text, with very long lines (30837)
Size
31 kB (31000 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uppercasebooks.co.za/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 May 2025 04:58:45 GMT
content-type: text/css; charset=utf-8
content-length: 5631
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93a56cbf3e201bfa-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 69780
expires: Fri, 24 Apr 2026 04:58:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nkj8GKzxGNW1djzXb%2Brzc%2BSkpHerG7SnBnrUpXW8qUrXOSH%2FOnaUF2G7hhHFQHUTXA0Ymaul2FBWCGbxdj9Q39HA9Aa07qCq%2FV%2FJCxvEE%2Fg5cc8xJR%2BJxX0eoWX3GxCjveaZMfRs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

madurird.com/5/6901701/?bnr=1

139.45.197.106

200 OK

108 kB

URL GET
madurird.com/5/6901701/?bnr=1
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerLet's Encrypt
Subjectmadurird.com
FingerprintE6:F5:25:47:3F:87:05:23:96:F8:35:FA:1C:BC:79:F8:B3:85:26:2D
ValiditySat, 19 Apr 2025 05:46:37 GMT - Fri, 18 Jul 2025 05:46:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107556 bytes)
Hash
baea879c0724195010468106d1734680
4cbcd80f4ca77e049fc20bd29f3510925e5648ee
b7cb8b16264203231d1bc5300fef002492b17f9493897c806bd01936bbc468f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6901701/?bnr=1 HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 04 May 2025 04:58:45 GMT
content-type: application/javascript
x-trace-id: b796d05bc57325e997670f24c245e619
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081bfd203b34e82fb43baa0e18d695c; expires=Mon, 04 May 2026 04:58:45 GMT; path=/; secure; SameSite=None
oaidts=1746334725; expires=Mon, 04 May 2026 04:58:45 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

madurird.com/?rb=OSQg1aGnx7MC6cij5mqbqdbaM6FmDhKQFq9jlIgZQYaB0njm0Z8LpG3DCdzLFD3dVoB8JL1FRZ-MLwESrGD-AjXSpQYdZz5uQGyKXjZMAg303hDsV8p8JmwwOj82uRz99afk039FpUrETskhcvxsv1-lyq4dAlco8fXBmHuuwdEMND0Fhf9a2_tbJdJblsuNAZnSFZ0Y_997JzkvNQ5Vukgxnlx-hrezAusnC8I6bDJ96pMIxvWPXy3ReJOkDldauoLfRA%3D%3D&request_ab2=0&zoneid=6901701&js_build=iclick-v1.1132.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=300&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=300&wfc=1&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1132.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=-1&bs=29174a5e-dd9a-498d-9435-a6431c1a1e37&userId=0081bfd203b34e82fb43baa0e18d695c&m=link

139.45.197.106

200 OK

2.9 kB

URL GET
madurird.com/?rb=OSQg1aGnx7MC6cij5mqbqdbaM6FmDhKQFq9jlIgZQYaB0njm0Z8LpG3DCdzLFD3dVoB8JL1FRZ-MLwESrGD-AjXSpQYdZz5uQGyKXjZMAg303hDsV8p8JmwwOj82uRz99afk039FpUrETskhcvxsv1-lyq4dAlco8fXBmHuuwdEMND0Fhf9a2_tbJdJblsuNAZnSFZ0Y_997JzkvNQ5Vukgxnlx-hrezAusnC8I6bDJ96pMIxvWPXy3ReJOkDldauoLfRA%3D%3D&request_ab2=0&zoneid=6901701&js_build=iclick-v1.1132.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=300&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=300&wfc=1&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1132.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=-1&bs=29174a5e-dd9a-498d-9435-a6431c1a1e37&userId=0081bfd203b34e82fb43baa0e18d695c&m=link
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerLet's Encrypt
Subjectmadurird.com
FingerprintE6:F5:25:47:3F:87:05:23:96:F8:35:FA:1C:BC:79:F8:B3:85:26:2D
ValiditySat, 19 Apr 2025 05:46:37 GMT - Fri, 18 Jul 2025 05:46:36 GMT

File type
JSON text data
Size
2.9 kB (2942 bytes)
Hash
b2553dd73f6e5072456e8d8b4f697957
26ae959076de117673c8fcf80a3152abf071023b
ba1fbc61811096d27f0a8e84a75b35f974df1f8f4aae9c5ba7b542a1c461f779

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=OSQg1aGnx7MC6cij5mqbqdbaM6FmDhKQFq9jlIgZQYaB0njm0Z8LpG3DCdzLFD3dVoB8JL1FRZ-MLwESrGD-AjXSpQYdZz5uQGyKXjZMAg303hDsV8p8JmwwOj82uRz99afk039FpUrETskhcvxsv1-lyq4dAlco8fXBmHuuwdEMND0Fhf9a2_tbJdJblsuNAZnSFZ0Y_997JzkvNQ5Vukgxnlx-hrezAusnC8I6bDJ96pMIxvWPXy3ReJOkDldauoLfRA%3D%3D&request_ab2=0&zoneid=6901701&js_build=iclick-v1.1132.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=300&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=300&wfc=1&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1132.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=-1&bs=29174a5e-dd9a-498d-9435-a6431c1a1e37&userId=0081bfd203b34e82fb43baa0e18d695c&m=link HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uppercasebooks.co.za/
Origin: https://uppercasebooks.co.za
DNT: 1
Connection: keep-alive
Cookie: OAID=0081bfd203b34e82fb43baa0e18d695c; oaidts=1746334725
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 04 May 2025 04:58:45 GMT
content-type: application/json
x-trace-id: 970af4d3d5e54db13fe795f3dba4b111
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://uppercasebooks.co.za
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0081bfd203b34e82fb43baa0e18d695c; expires=Mon, 04 May 2026 04:58:45 GMT; path=/; secure; SameSite=None
oaidts=1746334725; expires=Mon, 04 May 2026 04:58:45 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 11 May 2025 04:58:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

uppercasebooks.co.za/assets/main.css

188.114.96.1

200 OK

5.1 kB

URL GET
uppercasebooks.co.za/assets/main.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerGoogle Trust Services
Subjectuppercasebooks.co.za
Fingerprint6B:3F:98:5D:31:79:4F:28:7D:36:D0:40:0C:AA:B1:7A:0C:CD:7E:BD
ValidityThu, 20 Mar 2025 03:14:21 GMT - Wed, 18 Jun 2025 04:10:15 GMT

File type
ASCII text, with very long lines (5075)
Size
5.1 kB (5076 bytes)
Hash
4f756b7a4b6463e6e92391144d21e460
8363c1de854806b2bdb7e4c833ae16208f01135d
4fb4f28496f0b6dda31b4921fc0a9ecc68211680f34704c02bb9f6b55ebe299e

HTTP Headers

GET /assets/main.css HTTP/1.1
Host: uppercasebooks.co.za
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uppercasebooks.co.za/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 04 May 2025 04:58:44 GMT
content-type: text/css
content-length: 1279
server: cloudflare
last-modified: Mon, 25 Mar 2024 06:30:02 GMT
etag: "13d4-614764daace80-gzip"
accept-ranges: bytes
cache-control: public, max-age=31536000
expires: Thu, 22 May 2025 21:59:40 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
age: 248958
cf-cache-status: HIT
priority: u=2,i=?0
cf-ray: 93a56cbf1a705684-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

www.googletagmanager.com/gtag/js?id=G-98K7K73WWP

142.250.74.168

200 OK

382 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-98K7K73WWP
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://uppercasebooks.co.za/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintB7:82:F3:C7:93:B0:60:B0:83:49:F8:74:0D:49:78:23:65:0B:37:01
ValidityMon, 31 Mar 2025 08:54:29 GMT - Mon, 23 Jun 2025 08:54:28 GMT

File type
JavaScript source, ASCII text, with very long lines (6129)
Size
382 kB (381546 bytes)
Hash
dea5dbd032a300b7872e21c392ff23bf
5d9cf1d821246d8a2a6e5c0f18a7d4c9e3c5d42f
edc217e306242af1cf6efe7ba7fabf54b59068e1cadb7d21f263140138836f9e

HTTP Headers

GET /gtag/js?id=G-98K7K73WWP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uppercasebooks.co.za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 May 2025 04:58:45 GMT
expires: Sun, 04 May 2025 04:58:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1072:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1072:0
report-to: {"group":"ascgcycc:1072:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1072:0"}],}
server: Google Tag Manager
content-length: 126957
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL GET

IP

ASN

Requested by