Report - mail.grop-wavgxkwhy.zxz1.my.id/

Report Overview

Visited public
2023-12-11 13:17:03
Tags
URL
mail.grop-wavgxkwhy.zxz1.my.id/
Finishing URL
mail.grop-wavgxkwhy.zxz1.my.id/download/
IP / ASN
172.67.187.231
#13335 CLOUDFLARENET
Title
Whatsapp Group Link

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
j.top4top.io	730645	2019-11-19	2020-01-27 11:44:36	2023-12-05 08:00:26	450 B	85 kB	135.181.63.70
mail.grop-wavgxkwhy.zxz1.my.id	unknown	unknown	No data	No data	5.0 kB	406 kB	172.67.187.231
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-11 07:13:18	435 B	32 kB	151.101.66.137
bagasarya.xyz	unknown	2022-06-30	2022-07-01 13:55:00	2023-12-11 02:57:34	909 B	42 kB	172.67.189.18
i.postimg.cc	23840	2016-06-11	2018-04-11 12:01:12	2023-12-10 17:52:23	2.9 kB	64 MB	162.19.88.68
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-11 08:59:17	471 B	285 kB	216.58.211.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-11 13:16:37	medium	104.21.48.196	Client IP	ET INFO TLS Handshake Failure
2023-12-11 13:16:37	medium	104.21.48.196	Client IP	ET INFO TLS Handshake Failure
2023-12-11 13:16:38	medium	104.21.48.196	Client IP	ET INFO TLS Handshake Failure
2023-12-11 13:16:39	medium	104.21.48.196	Client IP	ET INFO TLS Handshake Failure
2023-12-11 13:16:39	medium	104.21.48.196	Client IP	ET INFO TLS Handshake Failure
2023-12-11 13:16:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-11 13:16:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-11 13:16:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-11 13:16:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-11 13:16:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-11 13:16:40	medium	Client IP	Internal IP	ET DNS Query for .cc TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/download/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp
2023-12-11	medium	mail.grop-wavgxkwhy.zxz1.my.id/	WhatsApp

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	mail.grop-wavgxkwhy.zxz1.my.id/download/	ScriptElement	0 B	0001-01-01	2025-05-12
Pretty URL mail.grop-wavgxkwhy.zxz1.my.id/download/ IP 172.67.187.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-12 20:48 Times Seen4666464 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	code.jquery.com/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-05-12
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-12 20:36 Times Seen109053 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

HTTP Transactions (23)

URL IP Response Size

mail.grop-wavgxkwhy.zxz1.my.id/

172.67.187.231

117 B

URL
mail.grop-wavgxkwhy.zxz1.my.id/
IP
172.67.187.231:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text - HTML document text - HTML document, ASCII text, with CRLF line terminators
Size
117 B (117 bytes)
Hash
ffab9118dc0242bba749bdbaea2f81eb
897173e43b713b4500f8ec37708054afe2c2abfc
804851b135ee0995b004895e0faf2fcf5bce0c494431f2b67a8feeee574a2e4d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET / HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:16:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MCVQE9jc1j%2FBQC0O6sobik17gK7Nw5LU76UP0Njc24AZlAkUeB17uGsUwUTKeTsv56lr4AOszLrQ7Gsoj3s%2BTPrpsDFQKdLQ0gXtimWrBdypKkV1iTvCdLe4z4bidC%2BtuYBVZuo7q8rSFlH840fDys8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 833e00cb7f2cb4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

mail.grop-wavgxkwhy.zxz1.my.id/download

172.67.187.231

255 B

URL User Request GET
mail.grop-wavgxkwhy.zxz1.my.id/download
IP
172.67.187.231:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text
Size
255 B (255 bytes)
Hash
d01b52e37573f7b220b258afdde92967
6a93500227f7f87cd2d686bd566fbfe1ea228230
5afab6cee080122e8c8ec5c2e62477a181908099d1a922b9c3c62fedabd1b195

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Mon, 11 Dec 2023 13:16:39 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AnBHQeKWiL2FvdkPu22O5Ra%2BV5ZgXOEsrlr1wzgGUBykIOBFxHRvtpEOoPMlaRPPgDYkNB%2FVgRlpwzQoGY2s5Y8HD8NwLaXZL9j5zwMZXcpVKGutEcrHrMhkQ1bD%2Beo2pSo5ZpccZJ8GGeU0DnUY8PQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 833e00d369f8b4f3-OSL
alt-svc: h2=":443"; ma=60

mail.grop-wavgxkwhy.zxz1.my.id/download/

172.67.187.231

2.0 kB

URL User Request GET
mail.grop-wavgxkwhy.zxz1.my.id/download/
IP
172.67.187.231:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.0 kB (1980 bytes)
Hash
224a60d99bbe1a28ad8456fa5f13cefa
3a72a4d30912e1095c7860beb79b744437f61f45
10ed65845465b1c0607230828c454f13532f3e35e537617f7a182ac632d17cf4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/ HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:16:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3DlPWAhxo9u%2FyckHUqqu3NTiqkCL7tvfJCx8%2BAYQd30sdcBmZ8L4%2BmESzMxaKe5P2rIOE0nPmfSMJF2mejmcM%2Be4zk4FO7vvB2B9L9YkBDHV1%2FiHRAOnDe6Wkf0IUnrGCuwfXi7T6l3V0%2BHolypY0Bk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 833e00d9faa3b4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

code.jquery.com/jquery-3.5.1.min.js

151.101.66.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 11 Dec 2023 13:16:40 GMT
age: 3845913
x-served-by: cache-lga13628-LGA, cache-bma1625-BMA
x-cache: HIT, HIT
x-cache-hits: 20, 114900
x-timer: S1702300601.552178,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

mail.grop-wavgxkwhy.zxz1.my.id/download/css/style.css

172.67.187.231

200 OK

1.2 kB

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/css/style.css
IP
172.67.187.231:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
ASCII text, with CRLF line terminators
Size
1.2 kB (1186 bytes)
Hash
2193f0b5f2870e88da0b9d2f2467fe67
aea43a03d6dc18ec5f4552212bdc9555e5910ecf
b85470870a6274d4f592714e91368b1011c009a911ddea472ca27a12b3b73ce1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/css/style.css HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:16:40 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 09 Feb 2022 22:04:48 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6hXHDc3hVBpHsPzE%2BA7vuNE%2FAFHr7%2BUkULhYIHrWpriEqWLzX%2FZH7mzw2NNTjCHDw8cW2bFzgm4t%2BSY%2Fmu5XPQgvTe%2B%2BG8zhNwJvvxNvYVFAeJW4cnin6bkVXNb5hRnp30nf92H0ATf7sMQKbNdqfo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e00e11cbcb4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

mail.grop-wavgxkwhy.zxz1.my.id/download/bagas/bagas.css

104.21.48.196

200 OK

1.0 kB

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/bagas/bagas.css
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
ASCII text, with CRLF line terminators
Size
1.0 kB (1047 bytes)
Hash
ae8f5eac80c514b6ccffce75de1d2d70
eff4b0347b7c8ea58833f35c07e177f80fd28ad2
a9510c5b947eedfa3d84fef078a623ebb72cd26a8acf9855a15521dffc430d62

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/bagas/bagas.css HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:16:40 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 13 Oct 2022 10:52:10 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lu8Sne7%2B0DGLYTXvGt1XvuV5zhkGwDAP8kzFs3yWXG40KOD%2B%2BJA%2FKT4BlZXNxyovF6z2pFomLN%2B5OGlsXeQhLal8o5ywtFaXyljl4wOdU1q7WFA2NMy5azSFsPSQEMjL1TNYx8DEQJq7rVeRu45xjiw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e00e11ee0b503-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

mail.grop-wavgxkwhy.zxz1.my.id/download/css/dimas.css

104.21.48.196

200 OK

916 B

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/css/dimas.css
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
ASCII text, with CRLF line terminators
Size
916 B (916 bytes)
Hash
bb8478c3d36c299ae22a855eb31ccea0
5f267f1d6a4d55d4822f2b0507313c1ccb429b9e
2ee4050eef1b13e43af867b7da2e24d2b5449042d93179c2c75c76fddec616e1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/css/dimas.css HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:16:40 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 17 Oct 2021 15:52:34 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZCrskb%2BkQFVCHxDz0jKZiiBz%2BNSu%2FHbU4nBb5jm%2Bq9c2xoloyIkWHAMsDV%2BU8OBO3QbxJQK5oLiAgD1zP%2BX%2BhWzibqyysMDNuOZEAr3a55Srhj3uPNCCCTzSjY2CT0zfHJ%2BUVZwSkTtDomWaRpE6xqg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e00e11f4d56b1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

bagasarya.xyz/img/info/modelFb.png

172.67.189.18

200 OK

32 kB

URL GET HTTP/2
bagasarya.xyz/img/info/modelFb.png
IP
172.67.189.18:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerGoogle Trust Services LLC
Subjectbagasarya.xyz
FingerprintEC:7D:C4:3A:2E:5C:12:D0:F5:A0:C5:48:82:D9:23:43:F3:FB:59:6D
ValidityWed, 29 Nov 2023 21:01:39 GMT - Tue, 27 Feb 2024 21:01:38 GMT

File type
PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced - data
Size
32 kB (31990 bytes)
Hash
571fc0253c6f01c953d4274981fc9d66
5331c3ae96ea4d421f8bde0d3e5565024c8c3abb
d3a1d3bb7a7c79edc9a08de2369f4f7f201a0852bfaf5526716382fc7ad902a1

HTTP Headers

GET /img/info/modelFb.png HTTP/1.1
Host: bagasarya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:16:40 GMT
content-type: image/png
content-length: 31990
cache-control: public, max-age=604800
expires: Sun, 17 Dec 2023 16:31:39 GMT
last-modified: Mon, 06 Mar 2023 02:41:27 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74701
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gaoflni5qnfz5PmHWaqQWG5ZdqdMHgOim3osfuu6trOZsOz5CVsVxXU9bKrSAIAezPw9b0lewr7Dgq8kkgkIGYc87OFcWTb6YR%2F%2BOOfPh4yd8FU7oZKr%2FSSXFMUBZTHa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e00e28b9e1c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bagasarya.xyz/img/info/navbar.png

172.67.189.18

200 OK

8.5 kB

URL GET HTTP/2
bagasarya.xyz/img/info/navbar.png
IP
172.67.189.18:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerGoogle Trust Services LLC
Subjectbagasarya.xyz
FingerprintEC:7D:C4:3A:2E:5C:12:D0:F5:A0:C5:48:82:D9:23:43:F3:FB:59:6D
ValidityWed, 29 Nov 2023 21:01:39 GMT - Tue, 27 Feb 2024 21:01:38 GMT

File type
PNG image data, 904 x 339, 8-bit colormap, non-interlaced - data
Size
8.5 kB (8459 bytes)
Hash
f29c416a7c6f18ba0c0deb4980763c9d
56c7bfbf2c9a7a2be2e2214b0586c11af8e852bf
7f37cb926c06378327ad2a753c7119291b2ead796a6f588a8374de651ec72a8c

HTTP Headers

GET /img/info/navbar.png HTTP/1.1
Host: bagasarya.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 13:16:40 GMT
content-type: image/png
content-length: 8459
cache-control: public, max-age=604800
expires: Thu, 14 Dec 2023 15:05:41 GMT
last-modified: Mon, 06 Mar 2023 02:41:35 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 339059
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3cdgUmloHlrDSdxY1%2FZ%2BA4tT9crqM4Fcp5KPWZlSSfFPPSzgYnMgBlPizKwwAk32vJo1wRJS5icxu40cud4X%2FsXtCCMtIjx%2B7NCfzIxbHWykpXAxh%2FGj%2FNQyPpmbTi2a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833e00e29ba01c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mail.grop-wavgxkwhy.zxz1.my.id/download/img/karakter-anime-cantik-13-a715e.jpg.webp

104.21.48.196

200 OK

18 kB

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/img/karakter-anime-cantik-13-a715e.jpg.webp
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 560x315, Scaling: [none]x[none], YUV color, decoders should clamp - data
Size
18 kB (17674 bytes)
Hash
3039e28d25e4962618953916acfc3f86
a428a23bdc96789dd14401416b8db3f89516f7c7
c0c3dafdb631b6055cb1e9cf25a807c3663a42c258d5ebeb1f8f38cc767a397a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/img/karakter-anime-cantik-13-a715e.jpg.webp HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:16:40 GMT
Content-Type: image/webp
Content-Length: 17674
Connection: keep-alive
Last-Modified: Sun, 17 Oct 2021 15:23:28 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CX2UqgmqNXSzgAvLdF%2Fe8EEZ5SLNvNtIjZme36gROfkEYF%2Fd8t7UknO1lNMzPi2tX6vVwmleO6ni%2BpYV%2FKGAhO%2FD4XJWf83jzKNW05bFlX%2BMTugfN3TUHv4T%2BIgShCKoay%2BwDAaotvgDHDohuL84my0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e00e278a5b503-OSL
alt-svc: h2=":443"; ma=60

mail.grop-wavgxkwhy.zxz1.my.id/download/img/0_ptDX0HfJCYpo9Pcs.gif

172.67.187.231

200 OK

90 kB

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/img/0_ptDX0HfJCYpo9Pcs.gif
IP
172.67.187.231:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
GIF image data, version 89a, 800 x 600 - data
Size
90 kB (90430 bytes)
Hash
4cbcfda30cb77ef22e12ba9109fc4948
359e38d8dfc3fd5d1fa4286e8cf81a2861653948
c2f413ec031122040ebc7dd93353b86cf8b29569f922838d04283425eb0c4fca

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/img/0_ptDX0HfJCYpo9Pcs.gif HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:16:40 GMT
Content-Type: image/gif
Content-Length: 90430
Connection: keep-alive
Last-Modified: Sun, 17 Oct 2021 15:23:18 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vRXilSl3y5Qyap%2FdDuc%2FImrKYBMC6mYbBGASrl7MFclJy8vMv3oMn6kgeuEcOd8LkWAX7SQtGdJe%2BSyRPxJDIFxGbxU%2F7WOFvh3ImcvVpcvKNEu2unuDfmFSZ2PmoSxwCMXhGSzoj%2B50T9bv74tOR7o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e00e27e7fb4f3-OSL
alt-svc: h2=":443"; ma=60

i.postimg.cc/sgzZRpSX/1651518758036.jpg

162.19.88.68

200 OK

122 kB

URL GET HTTP/2
i.postimg.cc/sgzZRpSX/1651518758036.jpg
IP
162.19.88.68:443
ASN
#16276 OVH SAS

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
JPEG image data, progressive, precision 8, 790x800, components 3 - data
Size
122 kB (121860 bytes)
Hash
44dbd8ffdbff9d3bbafd55d7f9a82e07
e6bd1392360ff825a1dafdc5e93f97567d6e076a
395c925a285c20b203217317f45d967b6543a311b06e85aeacf1b035a6f51e79

HTTP Headers

GET /sgzZRpSX/1651518758036.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:16:40 GMT
content-type: image/jpeg
content-length: 121860
last-modified: Wed, 13 Jul 2022 20:02:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

i.postimg.cc/qMyCYmNS/1651515380746.jpg

162.19.88.68

200 OK

118 kB

URL GET HTTP/2
i.postimg.cc/qMyCYmNS/1651515380746.jpg
IP
162.19.88.68:443
ASN
#16276 OVH SAS

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
JPEG image data, progressive, precision 8, 785x800, components 3 - data
Size
118 kB (117937 bytes)
Hash
5f19ecf45178eeccd29e694512b36aef
14ef40e26216f3629adefdbca3b939ef112c519c
f18664d92e4868f62afb1dada59e0a1b0d21944b996bb8d837252dc2347865c7

HTTP Headers

GET /qMyCYmNS/1651515380746.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:16:40 GMT
content-type: image/jpeg
content-length: 117937
last-modified: Wed, 13 Jul 2022 20:02:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

i.postimg.cc/Y2JWdcCQ/IMG-20220516-010200.jpg

162.19.88.68

200 OK

131 kB

URL GET HTTP/2
i.postimg.cc/Y2JWdcCQ/IMG-20220516-010200.jpg
IP
162.19.88.68:443
ASN
#16276 OVH SAS

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
JPEG image data, progressive, precision 8, 653x800, components 3 - data
Size
131 kB (131323 bytes)
Hash
317542e25701be23ba9ff867fd1e0317
1570818a7671bbf805a18d39e928eeed40824b58
3f7819d5206e699cbf569c16d8bd08d9a5c02c3b7add57345103aea370d0f9b4

HTTP Headers

GET /Y2JWdcCQ/IMG-20220516-010200.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:16:40 GMT
content-type: image/jpeg
content-length: 131323
last-modified: Wed, 13 Jul 2022 20:02:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Yantramanav&display=swap

216.58.211.10

200 OK

284 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Yantramanav&display=swap
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
gzip compressed data, max compression - data
Size
284 kB (284304 bytes)
Hash
a1abf2e21d9955a0a12ed0637451223b
722c81d7028aabc69d3d7cca8fbbac124d5b25a5
563148b23c365f3b89d75b124000f6c9aae9ccee59f1f40aa54d6aa4102b9fb2

HTTP Headers

GET /css2?family=Yantramanav&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 11 Dec 2023 13:16:40 GMT
date: Mon, 11 Dec 2023 13:16:40 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mail.grop-wavgxkwhy.zxz1.my.id/download/css/thin.ttf

104.21.48.196

404 Not Found

238 B

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/css/thin.ttf
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/css/thin.ttf HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/css/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 11 Dec 2023 13:16:41 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dLpmQdfHvCtDP8kdnIZibPMsAO%2Flo3IfD3uDcMMeuHxAdsTcZnMFKNUG%2B4yz1g24HtNfOGDymnKxL5i1nNyj8Z26CZndeQaoGJJWMGFh6h5vI%2BV963Fy1xsad49t58Q%2BRHulqTbYsWwh%2FonYoUbuxIU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e00e40b1056b1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j.top4top.io/p_2231z0iyt0.jpg

135.181.63.70

200 OK

84 kB

URL GET HTTP/2
j.top4top.io/p_2231z0iyt0.jpg
IP
135.181.63.70:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subject*.top4top.co
Fingerprint98:C6:A8:2C:16:D5:04:38:85:B0:AF:12:09:89:3E:5D:88:01:7D:F5
ValidityWed, 01 Nov 2023 00:07:36 GMT - Tue, 30 Jan 2024 00:07:35 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x821, components 3 - data
Size
84 kB (84335 bytes)
Hash
77b1e1dd9fffebf445a00a11d3f5286a
bba6ec93e820fc85205c0331d025d8eee2560a51
d1b36630b032c310e9c8d20d355683b447e51dd97974b4132840abdfaacfb235

HTTP Headers

GET /p_2231z0iyt0.jpg HTTP/1.1
Host: j.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:16:42 GMT
content-type: image/jpeg
content-length: 84335
set-cookie: klj_40d147_downloads=qf5b9; Max-Age=85000; Domain=.top4top.io; Path=/; Expires=Tue, 12 Dec 2023 12:53:22 GMT
last-modified: Wed, 09 Feb 2022 15:04:28 GMT
content-disposition: inline; filename="IMG-20220209-WA0016.jpg"
etag: "6203d7fc-1496f"
expires: Mon, 11 Dec 2023 15:16:42 GMT
cache-control: max-age=7200
x-file-id: x44376741x
accept-ranges: bytes
X-Firefox-Spdy: h2

mail.grop-wavgxkwhy.zxz1.my.id/download/css/font.ttf

104.21.48.196

404 Not Found

238 B

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/css/font.ttf
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/css/font.ttf HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/css/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 11 Dec 2023 13:16:42 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C6hNBTjz70lnpk3bXFZwBhCzrYW9HsjBjKkJ%2Fj4KmsRIN7nr92SWzgqUvkYxztDzbPA0mgfHV9M2wG2qwiwFdTGMJPxGEGPmRd7xEJuwj%2BBt4DoDW8AWmMBp%2B8ledTG13sCA%2B4h%2BdEhsKA6w%2F7IMqTE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e00ea7b6656b1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

mail.grop-wavgxkwhy.zxz1.my.id/favicon.ico

104.21.48.196

404 Not Found

238 B

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/favicon.ico
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text
Size
238 B (238 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 11 Dec 2023 13:16:42 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dClRjDWlbQnadaag%2B5SJLvUucPBtaudXO%2Fbz5K4Akk8J9kTrBskoM73G0jTY%2BGI9YRqDkLT6WZWgeNnifJKKDO09NfiwEcaPL5P%2FiqIYn8THcaSOEDu7ZEAplHe9QPisHvB6X9vzt%2BUMOZduo8B7%2FGc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e00e928b5b503-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

i.postimg.cc/pTB8gnD0/ezgif-com-gif-maker-1.gif

162.19.88.68

200 OK

6.9 MB

URL GET HTTP/2
i.postimg.cc/pTB8gnD0/ezgif-com-gif-maker-1.gif
IP
162.19.88.68:443
ASN
#16276 OVH SAS

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
GIF image data, version 89a, 469 x 800 - data
Size
6.9 MB (6878442 bytes)
Hash
ef3774b44dc8e6f749fb9bde48ec72af
793e3ecf45f39b5facfda915ef30988e25d4adc1
7c496dd0853bd153922c618dde761d475e423dfb8bf2e818c9d7ee916975dbc2

HTTP Headers

GET /pTB8gnD0/ezgif-com-gif-maker-1.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:16:40 GMT
content-type: image/gif
content-length: 6878442
last-modified: Thu, 19 May 2022 21:24:09 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

i.postimg.cc/NfbdCGXZ/tiktokk.gif

162.19.88.68

200 OK

12 MB

URL GET HTTP/2
i.postimg.cc/NfbdCGXZ/tiktokk.gif
IP
162.19.88.68:443
ASN
#16276 OVH SAS

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
GIF image data, version 89a, 451 x 800 - data
Size
12 MB (12121329 bytes)
Hash
7f53004d650205b69a87b0845d881236
03912df4e150c239f3808e4e51f49be10cdd34c2
a1a71bdacc1a441119d6dfdb45b22c05361d0bfbd619f494f2561d1c8ab4b1c3

HTTP Headers

GET /NfbdCGXZ/tiktokk.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:16:40 GMT
content-type: image/gif
content-length: 12121329
last-modified: Fri, 03 Jun 2022 11:11:09 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

i.postimg.cc/fbsjM6YY/ezgif-com-gif-maker-2.gif

162.19.88.68

200 OK

44 MB

URL GET HTTP/2
i.postimg.cc/fbsjM6YY/ezgif-com-gif-maker-2.gif
IP
162.19.88.68:443
ASN
#16276 OVH SAS

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
GIF image data, version 89a, 497 x 800 - data
Size
44 MB (44280683 bytes)
Hash
7e40d7a8aaf5c26379167aaabaaa58a3
f428919c582c309f59a5154b3101290001fd2b27
b220e11e5856cfe225c154e918657f0e86d3e0e1ed0ec9d4b176c2dcb168c9c8

HTTP Headers

GET /fbsjM6YY/ezgif-com-gif-maker-2.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 11 Dec 2023 13:16:40 GMT
content-type: image/gif
content-length: 44280683
last-modified: Fri, 03 Jun 2022 11:16:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

mail.grop-wavgxkwhy.zxz1.my.id/download/css/bege.jpeg

104.21.48.196

200 OK

284 kB

URL GET HTTP/1.1
mail.grop-wavgxkwhy.zxz1.my.id/download/css/bege.jpeg
IP
104.21.48.196:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.grop-wavgxkwhy.zxz1.my.id/download/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x2340, components 3 - data
Size
284 kB (283875 bytes)
Hash
e3730ac7286fdfcf04e87fa8b67bb415
fafdc2e2b8e9b584519ef0e9692d3f02a4ec8dcc
3b944ba1cd72c9c66cf5042f590d5bed6e2bca80256ddae80dc375faddefecb1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /download/css/bege.jpeg HTTP/1.1
Host: mail.grop-wavgxkwhy.zxz1.my.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.grop-wavgxkwhy.zxz1.my.id/download/css/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 11 Dec 2023 13:16:41 GMT
Content-Type: image/jpeg
Content-Length: 283875
Connection: keep-alive
Last-Modified: Wed, 09 Feb 2022 15:22:32 GMT
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yY4pK2JV%2BbwzsoqOrlOmHzDJ4IK%2FDzGmpUOQbO0DBk22fKUJV1EHeBQAlqELGzwpwZOrW764aeGHvXLn5fhih68vGNp%2FUJERg6Pzn2aKR1w4Z9bpIBswtPhqyfk%2B18%2FERRH3s7aTiuiLxEhwiPst1hw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 833e00e3fa47b503-OSL
alt-svc: h2=":443"; ma=60

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (23)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1