r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13988
Expires: Sun, 05 Feb 2023 18:00:53 GMT
Date: Sun, 05 Feb 2023 14:07:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3271
Expires: Sun, 05 Feb 2023 15:02:16 GMT
Date: Sun, 05 Feb 2023 14:07:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 13:36:18 GMT
content-type: application/json
age: 1887
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10690
Expires: Sun, 05 Feb 2023 17:05:55 GMT
Date: Sun, 05 Feb 2023 14:07:45 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: xbzilvJu6ttFraXoc09pGaBVdvNVpmgHC33YE6UeEqQb4WriR/I362IkGhVXCz8obxr4cTyiplPgKUQURkdC/w==
x-amz-request-id: NE55YWM8KE1BG3TS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 13:53:18 GMT
age: 867
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
the2faces.com/wp-content/download/File_pass1234.zip
131.153.56.226301 Moved Permanently 707 B URL HTTP/1.1 the2faces.com/wp-content/download/File_pass1234.zip
IP 131.153.56.226:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
GET /wp-content/download/File_pass1234.zip HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 05 Feb 2023 14:07:45 GMT
location: https://the2faces.com/wp-content/download/File_pass1234.zip
vary: User-Agent
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 14:07:45 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 13:49:07 GMT
age: 1118
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15549
Expires: Sun, 05 Feb 2023 18:26:55 GMT
Date: Sun, 05 Feb 2023 14:07:46 GMT
Connection: keep-alive
push.services.mozilla.com/
52.40.156.208101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.40.156.208:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kBfn5JarEhoDlIxyLT2SYw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: YVheNbUPmfGcpQaO4UV2LmvQNiM=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:07:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:07:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-239049377-1
216.58.207.200200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-239049377-1
IP 216.58.207.200:0
File type ASCII text, with very long lines (1759)
Hash 39bf45a34fb1a33e7325ef0548cf323a
6760dc01935da76520446ab8ac9c9d1614afed5d
a70cd829396c123183beea2fc45459d96bdc4f0c759d61561f14dbac15b33205
GET /gtag/js?id=UA-239049377-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Feb 2023 14:07:46 GMT
expires: Sun, 05 Feb 2023 14:07:46 GMT
cache-control: private, max-age=900
last-modified: Sun, 05 Feb 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43889
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:07:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:07:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
the2faces.com/wp-includes/css/dashicons.min.css?ver=6.1.1
131.153.56.226200 OK 35 kB URL HTTP/2 the2faces.com/wp-includes/css/dashicons.min.css?ver=6.1.1
IP 131.153.56.226:0
File type ASCII text, with very long lines (58981)
Hash 54c5bfb8a890d87139d9abfe01662c83
f9eddf5b8a3269e6d6fa40b4f13083705e6267c6
9685e5cabe4efc8c85e986725af8009b306416aad3ecc9086ca5bb12b84ce4ef
GET /wp-includes/css/dashicons.min.css?ver=6.1.1 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Thu, 04 Mar 2021 09:46:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 35110
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/woocommerce-payments/vendor/woocommerce/subscriptions-core/build/index.css?ver=5.3.1
131.153.56.226200 OK 326 B URL HTTP/2 the2faces.com/wp-content/plugins/woocommerce-payments/vendor/woocommerce/subscriptions-core/build/index.css?ver=5.3.1
IP 131.153.56.226:0
File type ASCII text, with very long lines (1411)
Hash e6024e94f2cdf7ff1da4c708978b252b
b394f60cab9b6c954550837e9c458444bb76ab21
bc6f40d1dc3dcb37a83cfae77f5612830ed9790683dc91f22d943d9180713d2e
GET /wp-content/plugins/woocommerce-payments/vendor/woocommerce/subscriptions-core/build/index.css?ver=5.3.1 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Thu, 02 Feb 2023 09:28:03 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 326
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/woocommerce-payments/dist/upe-blocks-checkout.css?ver=1.0
131.153.56.226200 OK 2.0 kB URL HTTP/2 the2faces.com/wp-content/plugins/woocommerce-payments/dist/upe-blocks-checkout.css?ver=1.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (5886)
Hash 17e267eebc51d0724b1d98c64e8a97f7
3451904e9f7b8068a59796b9743088f8f10e65b5
e9c0a8c94cadfa2c65c401f158d39a7014bc5c199ce72ee81f4007a4414ae7d7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce-payments/dist/upe-blocks-checkout.css?ver=1.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Thu, 02 Feb 2023 09:28:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1995
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
131.153.56.226200 OK 12 kB URL HTTP/2 the2faces.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 131.153.56.226:0
File type ASCII text, with very long lines (47826)
Hash c4d7cc056b49b00e05cc29cc59aa3d5a
48c426bec60099d2a8628df430ed682c72aab42a
8009c12f2674a8d38401f4b5faad1fef2cfcd18a8c927ed2561ae9d7de9b57b5
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 02:47:39 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 11616
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=9.1.5
131.153.56.226200 OK 1.8 kB URL HTTP/2 the2faces.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=9.1.5
IP 131.153.56.226:0
File type ASCII text, with very long lines (10435), with no line terminators
Hash f7237084ac82ea6a4f5bf1448c3a2148
60457635a5e809ee1199c61090d8e33b91e8e1f2
18a1cb7f08c1ace52a79f46d73461ed03bf8cf5c9e8a3687eacc3e04f08e7a09
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=9.1.5 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Fri, 13 Jan 2023 07:09:43 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1754
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=9.1.5
131.153.56.226200 OK 23 kB URL HTTP/2 the2faces.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=9.1.5
IP 131.153.56.226:0
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Hash 7764ef0866edd9e19f3bae0b3774154c
2a8091abd24aa9434f9c4374a34a584af19106c8
47c6e34db110643e3578fa035f62d990d69575305f466756efc84527fb0fa604
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=9.1.5 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Fri, 13 Jan 2023 07:09:43 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 23279
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-includes/css/classic-themes.min.css?ver=1
131.153.56.226200 OK 144 B URL HTTP/2 the2faces.com/wp-includes/css/classic-themes.min.css?ver=1
IP 131.153.56.226:0
Hash fcbd239f30d9a6dd1f3637f291143d37
2871bf7d98af3f43e42f7fa32808048e7134fabf
c2f98e9d71f782b7a3266cd337c61ae6c8dcbb7203669c07852aa2ab65ab6144
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Wed, 02 Nov 2022 03:38:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 144
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/dokan-lite/assets/css/style.css?ver=1674724883
131.153.56.226200 OK 24 kB URL HTTP/2 the2faces.com/wp-content/plugins/dokan-lite/assets/css/style.css?ver=1674724883
IP 131.153.56.226:0
Hash 4ec594fda54ccfaaec77c4799b6e68bd
d0773f0dfdab53fb6fed186158c1eb1a171a6d5a
ef64264bd92fe3648900acd7da8ea66baa0ac55723e23cc9abd4f1c16ea184f7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/dokan-lite/assets/css/style.css?ver=1674724883 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Thu, 26 Jan 2023 09:21:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 23478
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/dokan-lite/assets/vendors/izimodal/iziModal.min.css?ver=1674724882
131.153.56.226200 OK 15 kB URL HTTP/2 the2faces.com/wp-content/plugins/dokan-lite/assets/vendors/izimodal/iziModal.min.css?ver=1674724882
IP 131.153.56.226:0
File type ASCII text, with very long lines (65454)
Hash cbaa659a636c37cef5cef02fc46a9b86
7a266273b2bbb897595e9e1db3284a11dabea848
eb0a7f1174de4b2ab05d7531b47bc4f81f3ac212b41aa0a98c81237e6e2cddef
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/dokan-lite/assets/vendors/izimodal/iziModal.min.css?ver=1674724882 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Thu, 26 Jan 2023 09:21:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 15326
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/dokan-lite/assets/vendors/font-awesome/font-awesome.min.css?ver=3.7.10
131.153.56.226200 OK 12 kB URL HTTP/2 the2faces.com/wp-content/plugins/dokan-lite/assets/vendors/font-awesome/font-awesome.min.css?ver=3.7.10
IP 131.153.56.226:0
File type ASCII text, with very long lines (59101)
Hash 521bdc9476b6af8d6df53302ba71d5c1
a2b0b9ae01c0bbdbd4f904e90fe213ee660e8151
6f9c8f02e0d415656a77d2008fae57203d91d192139c36597657d17351f7b5d1
GET /wp-content/plugins/dokan-lite/assets/vendors/font-awesome/font-awesome.min.css?ver=3.7.10 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Thu, 26 Jan 2023 09:21:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 12368
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/creame-whatsapp-me/public/css/joinchat.min.css?ver=4.5.16
131.153.56.226200 OK 3.9 kB URL HTTP/2 the2faces.com/wp-content/plugins/creame-whatsapp-me/public/css/joinchat.min.css?ver=4.5.16
IP 131.153.56.226:0
File type ASCII text, with very long lines (15269), with no line terminators
Hash b0063cc514a5a3d65b9f77d0caadbf6f
1d5f3c1f0ec5a6021aa4fe58b910bc05b97fc168
6a6c6e25ecc2ddbe2d7960a0f2f295a599d6435f31ca13a70e8a02fd22b7cbd2
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/creame-whatsapp-me/public/css/joinchat.min.css?ver=4.5.16 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Tue, 24 Jan 2023 07:03:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3926
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/css/bootstrap.min.css?ver=5.3.0
131.153.56.226200 OK 6.6 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/css/bootstrap.min.css?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (35650)
Hash 026d844d282821b5a413f0868741b8bb
efe182122ea695755b439729b26cc06b7d13ac06
fbb2f79b1f9dbb3c30a87955224ccdadc8cd252bb811ece01f70f33a3d1a1c5a
GET /wp-content/themes/basel/css/bootstrap.min.css?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Wed, 14 Sep 2022 13:46:03 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 6584
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel-child/style.css?ver=5.3.0
131.153.56.226200 OK 144 B URL HTTP/2 the2faces.com/wp-content/themes/basel-child/style.css?ver=5.3.0
IP 131.153.56.226:0
Hash 0816bf54f1164028fac8042937dcb3f4
09f54b8da4bc35e4092787f3532807373a2d0bf3
fd69ad4801fef76e5f128f5197180720190c69a31b696b51f04096d74c27963f
GET /wp-content/themes/basel-child/style.css?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Wed, 14 Sep 2022 13:45:55 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 144
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.9.0
131.153.56.226200 OK 4.0 kB URL HTTP/2 the2faces.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.9.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (34217)
Hash e00926a3c189b2f2396d96d90ac77785
f61219b1a1e4924051c4e5c7acb70cd925173bdb
30a6fd0e5a3610d5074e2a634513348ff8a5a92510d45c6c2621d6bda6b2fd27
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/v4-shims.min.css?ver=6.9.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Wed, 14 Sep 2022 13:59:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3952
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.9.0
131.153.56.226200 OK 12 kB URL HTTP/2 the2faces.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.9.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (56243)
Hash bc62c79810f6d9ff2023a3ce01fb17e8
c176d3254f491913c5567d35c85d0d02c6c9300a
abe49ff5c57ab5013f8eac78076ef149837282fce42df3f0f526cb440e3d155b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.9.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Wed, 14 Sep 2022 13:59:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 11779
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/uploads/2023/01/basel-dynamic-1674414489.css?ver=5.3.0
131.153.56.226200 OK 4.5 kB URL HTTP/2 the2faces.com/wp-content/uploads/2023/01/basel-dynamic-1674414489.css?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (29994)
Hash 86d00c01feae86a039890384b47b2786
a4f5f8d30604d073f83d4921dc98868280a48407
2492b3e877dc679c45d4906dc4a010a56d4fb151948a5895c7cc76175a7857e8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2023/01/basel-dynamic-1674414489.css?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Sun, 22 Jan 2023 19:08:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 4460
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
131.153.56.226200 OK 4.0 kB URL HTTP/2 the2faces.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 131.153.56.226:0
File type ASCII text, with very long lines (11126)
Hash 7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 21:36:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3995
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/dokan-lite/assets/vendors/izimodal/iziModal.min.js?ver=3.7.10
131.153.56.226200 OK 6.3 kB URL HTTP/2 the2faces.com/wp-content/plugins/dokan-lite/assets/vendors/izimodal/iziModal.min.js?ver=3.7.10
IP 131.153.56.226:0
File type ASCII text, with very long lines (26121)
Hash 91ce159caf50998948319127c37c4e7d
6f46beccb340c70479677bc46351b303e0af36b3
fdb861bc3a04bb7cb3d6c3020fd76a608cd3040cb6232bffabb690e156de81f0
GET /wp-content/plugins/dokan-lite/assets/vendors/izimodal/iziModal.min.js?ver=3.7.10 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 09:21:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 6294
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/dokan-lite/assets/vendors/i18n/jed.js?ver=3.7.10
131.153.56.226200 OK 11 kB URL HTTP/2 the2faces.com/wp-content/plugins/dokan-lite/assets/vendors/i18n/jed.js?ver=3.7.10
IP 131.153.56.226:0
File type C source, ASCII text, with very long lines (2360)
Hash a5aa56e6e343546b92a297db83df0330
d498ed3e33e9758731ae4d2a91cf8bc249d0703b
0840e77aa17acafce66967f8c8718dc2bed26d678a0c97397e2991f59bbe7016
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/dokan-lite/assets/vendors/i18n/jed.js?ver=3.7.10 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 09:21:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 10647
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/dokan-lite/assets/js/helper.js?ver=1674724881
131.153.56.226200 OK 2.2 kB URL HTTP/2 the2faces.com/wp-content/plugins/dokan-lite/assets/js/helper.js?ver=1674724881
IP 131.153.56.226:0
Hash d39e7b4992194f7797d6c5cfb1f6654f
3be4b07cee18084d472a677618139e0c41c52812
e36d1ea6250f81b8d09e74a37ed7251bae282e0b01158c45fe5f63f31d98b7de
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/dokan-lite/assets/js/helper.js?ver=1674724881 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 09:21:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2169
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.3.0
131.153.56.226200 OK 3.2 kB URL HTTP/2 the2faces.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (9111)
Hash 078e27719ab2b91e57a3d06d05bf24d8
ee2c8af72d9dbb148d4101a374f6026d0c9c3044
1c8b599f3f7bfa8d7950d95a171f2c873d051960a91c91e22304293596e5b890
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Fri, 13 Jan 2023 07:09:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3247
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.3.0
131.153.56.226200 OK 972 B URL HTTP/2 the2faces.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.3.0
IP 131.153.56.226:0
File type HTML document, ASCII text, with very long lines (3029), with no line terminators
Hash 5ed77e0c59800f40061b5c322cff21fa
ced9d401d300dd1fc676a673bbf7e6360beb402d
3b284b8a096256e6cd0d9cbf2cb4b36505e71c0d7b2227fcd3132dddbeea18cc
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Fri, 13 Jan 2023 07:09:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 972
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.9.0
131.153.56.226200 OK 321 B URL HTTP/2 the2faces.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.9.0
IP 131.153.56.226:0
Hash 159e4731a0ffba6862ee2a1bbcc8a805
7fb2a5ca7a80d96187fda406d0a1b7db23867fa7
c6f102a76dc397d94cfbadcd292d64bb45acaa29b0391b41a9f1cc68c2274ae2
GET /wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.9.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:59:45 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 321
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.2
131.153.56.226200 OK 12 kB URL HTTP/2 the2faces.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.2
IP 131.153.56.226:0
File type Unicode text, UTF-8 text, with very long lines (12602)
Hash cdb90190b5ea021c4ef8063197c44cde
bdfe193197018331389d1fbf71f86142e896628b
7c1f2dc0d2badaa024cf7257448f42bf37ec0d160366d65ff15832ba5fae03e9
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.2 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Thu, 06 Oct 2022 16:53:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 11947
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.3
131.153.56.226200 OK 2.9 kB URL HTTP/2 the2faces.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.3
IP 131.153.56.226:0
File type ASCII text, with very long lines (10565), with no line terminators
Hash 70f3b9dd6a51a766210411d4ed0752de
5507f795072da10842897292e32c24b8cbf7827d
8ad70d44d761d4e24fdcdd496c7d529c52c68a7c7dce2471104d4efa2d01ca89
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.3 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 09:21:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2911
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.3
131.153.56.226200 OK 3.9 kB URL HTTP/2 the2faces.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.3
IP 131.153.56.226:0
File type HTML document, ASCII text, with very long lines (12761), with no line terminators
Hash 15650873a686136e7436d22dc1fd1113
d5dcae162c6e16d522f3fb829d69e098b9314c74
9648e9d80b4e797e35d03315f648a2e6f58e6d5c2efb662d3c89e2ab1ed52416
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.3 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 09:21:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3876
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.3.0
131.153.56.226200 OK 899 B URL HTTP/2 the2faces.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (1668)
Hash 22d65ba38528349e705d912ce26bf8ac
c89ba006009043d93b88ff155b4fec8797330550
6253bcb85e4267ad3ba843145534e729ee2c1d7e85e5b4ab5b2e074ae636bca3
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Fri, 13 Jan 2023 07:09:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 899
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.3.0
131.153.56.226200 OK 677 B URL HTTP/2 the2faces.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (2139), with no line terminators
Hash a43fc0dde8fdd69656ad0957e62849c7
4b07cf702ac8a770c8cbffc22b9a788b6e5389ba
1ce3d0493424870c81deec0ec41de0592d2af9f91cd8081cd40a1d7ea89b614f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Fri, 13 Jan 2023 07:09:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 677
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.3.0
131.153.56.226200 OK 934 B URL HTTP/2 the2faces.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (2938), with no line terminators
Hash cf25dd071a208312bdc07f34d2cee027
76119563119eaae392ecc8903c989d98d0b93002
8635ba2cad8f887e72779bd526f8738ff6343c74cba715caf2eddea383ba7ce6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Fri, 13 Jan 2023 07:09:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 934
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/creame-whatsapp-me/public/js/joinchat.min.js?ver=4.5.16
131.153.56.226200 OK 2.6 kB URL HTTP/2 the2faces.com/wp-content/plugins/creame-whatsapp-me/public/js/joinchat.min.js?ver=4.5.16
IP 131.153.56.226:0
File type ASCII text, with very long lines (8183), with no line terminators
Hash dd9f80be12465f5947a4092e7281a4f6
33eb8ea448e4907593f7c298a170a27ffb8b4f41
0c7145959da577724a50b2d350cc2ce3c53465901ed3ce3c47e4978577df3984
GET /wp-content/plugins/creame-whatsapp-me/public/js/joinchat.min.js?ver=4.5.16 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 07:03:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2574
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js?ver=6.9.0
131.153.56.226200 OK 9.7 kB URL HTTP/2 the2faces.com/wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js?ver=6.9.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (32004)
Hash a59589dc39fc1194c21e30ba6dc9b38d
7572fdf7363426efc1eae71f22c9a39ce582e8a6
d6854a032133a0b7056be48ce7840a1a650404a728affca98b5a2c76f4cd427a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js?ver=6.9.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:59:47 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 9727
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.9.0
131.153.56.226200 OK 5.4 kB URL HTTP/2 the2faces.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.9.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (20096)
Hash d385615f80b24edcab28fcd843b10439
d4b636256c5a9220fe54730d739d988eb67362df
e4c4c14bab6df61e63807a474a2e45200369cce7a1f544f45482d80b3f15707f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.9.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:59:45 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 5444
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/jquery.magnific-popup.min.js?ver=5.3.0
131.153.56.226200 OK 7.4 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/jquery.magnific-popup.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (21014)
Hash 3a40837be19c52858d8bd03b5e50c277
fff22e3b2869a91f3f5ac39beb752805ff71c41f
3cba67c320d0544bd6a7f2fac5b82651393dbbcecc9a847a25189ffde5c84a3a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/jquery.magnific-popup.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 7368
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/owl.carousel.min.js?ver=5.3.0
131.153.56.226200 OK 11 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/owl.carousel.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (32012)
Hash e7f534d7847d30ce1f023300bdedccde
025369b6684d983e230bedbdc430aea6d82fdda7
67d07203123b203687b3e2a9c8aabdb06e0d0f16142548f7ba08d43a33045963
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/owl.carousel.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 10691
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/photoswipe.min.js?ver=5.3.0
131.153.56.226200 OK 12 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/photoswipe.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (31568)
Hash 228f67095641742446fa2c28590088d8
da8b59210ae15f88faba9a8514764767aa59eaa3
021b64bc2c7e549f42386fc209b93bbcbebf3fec1362e6eec15f57789de9e817
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/photoswipe.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 11805
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/photoswipe-ui-default.min.js?ver=5.3.0
131.153.56.226200 OK 3.5 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/photoswipe-ui-default.min.js?ver=5.3.0
IP 131.153.56.226:0
File type HTML document, ASCII text, with very long lines (9663)
Hash d0d2710db942b8c17656fd2c0c7ea62a
496b2b699c815afcc80e420952dc275de7a9a0a7
ffb00bef0ad8e5f2a13d3750021bb5e6a99901dd8f6361f958aade9b771d47ef
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/photoswipe-ui-default.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3538
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/slick.min.js?ver=5.3.0
131.153.56.226200 OK 8.1 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/slick.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (32254)
Hash ddf84dc70c8b452d42e62d2a5586c773
d7d945009accdbb768833945bcdce83a349591e6
ea1150ab1386121ad50b153326560ddb35ef06293f1aace38b016721ed64b4b7
GET /wp-content/themes/basel/js/slick.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 8117
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/jquery.justifiedGallery.min.js?ver=5.3.0
131.153.56.226200 OK 3.3 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/jquery.justifiedGallery.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (10292)
Hash 1e95496f427976d8aa9d80cca7f98210
52fe65bf6eaa3bd03555ef9fa9a1707539eeb9c5
a0d4b0eb1f771b91279250798221316e21efa8d4258cbb0930724576a5ed8430
GET /wp-content/themes/basel/js/jquery.justifiedGallery.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3269
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/imagesloaded.pkgd.min.js?ver=5.3.0
131.153.56.226200 OK 2.2 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/imagesloaded.pkgd.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (6832)
Hash 714c62965ea6a282884385a58aa6214b
9e44d8c1ff92cc14254649029f3001c8e7e4af30
509edd584d1bb4be3dc00cbf7276ea2b498ae703f5da5d8a9f8597cd50094831
GET /wp-content/themes/basel/js/imagesloaded.pkgd.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:17 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2233
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/jquery.pjax.min.js?ver=5.3.0
131.153.56.226200 OK 3.1 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/jquery.pjax.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (8226)
Hash b6567593e8d4e119b250add08d42862e
2ac0ae88446b18a57c381109734e692479e7a384
1d723c00f7113036f43f378b8f84293a60b35fc3c0c299e0ccb3dfdde4d4c19e
GET /wp-content/themes/basel/js/jquery.pjax.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3139
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/jquery.countdown.min.js?ver=5.3.0
131.153.56.226200 OK 1.5 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/jquery.countdown.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (3811)
Hash 7d22afb240f34ab9ab9a48ce961875af
fc563c95773bcc66133b8338c2bb904920ada2b7
5baabbe0b1401cdd72e13d6635d096ed71e563572d2c599f0554bca8032f5382
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/jquery.countdown.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1505
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/packery-mode.pkgd.min.js?ver=5.3.0
131.153.56.226200 OK 10 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/packery-mode.pkgd.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (30452)
Hash 6223bc3e2a8d692f000b7154cfd0b550
3cedf1a9544699e2648ddf69e46ec275dce14aca
bc34b0e7b372928fcdf13ff9a209e29dc98c09b9e466e123f907887953bd21a1
GET /wp-content/themes/basel/js/packery-mode.pkgd.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 9953
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/jquery.autocomplete.min.js?ver=5.3.0
131.153.56.226200 OK 4.2 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/jquery.autocomplete.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (12783)
Hash b54a02cc0c2a4a93454e7068baae53ae
775244817eb0a43a5d4071b9305c1f3eb378f50d
8e1d72fed1f5f91eeb3c92879f43c0604aac968bc2026cf3d7ba27caa7ef6e44
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/jquery.autocomplete.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:17 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 4183
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/threesixty.min.js?ver=5.3.0
131.153.56.226200 OK 2.5 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/threesixty.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (7483)
Hash 3770633436c4bb470b7e3bfc62a85d1f
ad05a38defd31e487aa3984bd2d9efcc7f500508
430514a58d3ec941a9b9db11fd2fa70f851243a99690f5c22c10c43ceb6ff20a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/threesixty.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2489
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/jquery.nanoscroller.min.js?ver=5.3.0
131.153.56.226200 OK 3.2 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/jquery.nanoscroller.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (10166)
Hash 9f0070b4fdd55ad221818235ba070935
8b8c3c2bf26604bf81f6981ac0363d14e121fdef
1c3a8f501ffb3cec62c7030a3e89d637dce065b6558bb332dca892d12f2e66c7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/jquery.nanoscroller.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3225
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/jquery.panr.min.js?ver=5.3.0
131.153.56.226200 OK 560 B URL HTTP/2 the2faces.com/wp-content/themes/basel/js/jquery.panr.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (1331)
Hash a4be0a2bf19b0e5db8ec1920b692207b
6cb6aea62dc3e9a89de45bb7d776f29cc7535644
3be6d5a68692ca56de4e2ba4168bb80d3d554eda551345ea0b9ab158b003dd1c
GET /wp-content/themes/basel/js/jquery.panr.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 560
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/jquery.parallax.min.js?ver=5.3.0
131.153.56.226200 OK 280 B URL HTTP/2 the2faces.com/wp-content/themes/basel/js/jquery.parallax.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (558)
Hash 557a3d596d9d0710571d20bb3189a90c
9d8d366d1cf30e101397caba445efad5d66450fd
58c8c078be07c4b7128e3004e7c0b4dfd4ef28ce1d1d7f350b121a8519e00743
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/jquery.parallax.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 280
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/vivus.min.js?ver=5.3.0
131.153.56.226200 OK 3.5 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/vivus.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (10993)
Hash bb8d9156a243646327ca5b3f6d1045ea
9f047d63274fa75983e6d4964e49cfe4b49843e7
5387002ab82bddfd826ba00bfa8cf5861ea019587f76e851f629ef617e700ab6
GET /wp-content/themes/basel/js/vivus.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:27 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3525
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/moment-timezone-with-data.min.js?ver=5.3.0
131.153.56.226200 OK 9.0 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/moment-timezone-with-data.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (32503)
Hash a9287564402df92b22d4318351fa2ed3
06e3163431f4e0e9bf72d83654610f26cd97d9be
98d95e93da6e63775767f96e35861e7fa92c5c07b4c19d4e2751a3ee3e7cf6ce
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/moment-timezone-with-data.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 9025
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/fastclick.min.js?ver=5.3.0
131.153.56.226200 OK 2.3 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/fastclick.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (7767)
Hash e25fb1e55f8d35c05082b2f2554b428c
18882d6b8ffe2b2a62179d130c24a404bc21c818
7fe3d504393a8506da381d9a780200f831332789eab58b1b0fb7c5676d06c9a8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/fastclick.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:15 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2297
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/jquery.parallax-scroll.min.js?ver=5.3.0
131.153.56.226200 OK 1.2 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/jquery.parallax-scroll.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (3137), with no line terminators
Hash f4aab89eacc93c750284e5ce7d09140f
3614678e0018490b1cab314eb85b0cfadc108171
5fb231595049cc81ba78f37c62d5c904cd1000ceb9ae2f2a004bd661924edf64
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/jquery.parallax-scroll.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1234
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/device.min.js?ver=5.3.0
131.153.56.226200 OK 1.1 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/device.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (3061), with no line terminators
Hash 68d6ff45b78bce2cb185f1accc7c8c2c
8d5eca8a131063bcbc2f5f5409e20b92a99eacea
dc68ae48c2ed65b26f9e56a67b414d53dfab95e8b7a736706ce9783fbbc4f243
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/device.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:15 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1115
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/waypoints.min.js?ver=5.3.0
131.153.56.226200 OK 2.5 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/waypoints.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (7808)
Hash f53208e094eb231fcd21c6bda22490df
d1b02fb04420a00f22a44acce998c17fdbf2b241
be64d68cd4e74961bd733727b7a68fc3e9c6ca38d77fce07225d2e7c067c40b9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/waypoints.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:28 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2460
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/functions.min.js?ver=5.3.0
131.153.56.226200 OK 22 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/functions.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (32021)
Hash 43803249da6db20edeba74eb13924939
3c80708ada408c7a3babdda471c2bcda546f4be0
219f6f377c0399d37daefafd495d3025ffebaf3007b64d0d4f60746d6f0bf68e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/functions.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 21788
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-includes/js/underscore.min.js?ver=1.13.4
131.153.56.226200 OK 7.2 kB URL HTTP/2 the2faces.com/wp-includes/js/underscore.min.js?ver=1.13.4
IP 131.153.56.226:0
File type ASCII text, with very long lines (18798)
Hash f4bb18d2e152ba945cb63980362f40e9
925f93a6c4ee411e97d8dc3186f9d66c4b5169ab
16ab496a6c74f5f272f7a5c31e9cb69c753fea994396ef6deacf641180ad317b
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/underscore.min.js?ver=1.13.4 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 03:38:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 7179
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-includes/js/wp-util.min.js?ver=6.1.1
131.153.56.226200 OK 690 B URL HTTP/2 the2faces.com/wp-includes/js/wp-util.min.js?ver=6.1.1
IP 131.153.56.226:0
File type ASCII text, with very long lines (1391)
Hash ebe552e54e3815c6867913d252ff2a79
4982bd9ba944833e821be18419ad8408290f5d75
8b0aedc73b1d41ab59c0ad42553259c90458cfb72b149946a3bae3298c012e40
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-util.min.js?ver=6.1.1 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 03:38:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 690
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.min.js?ver=7.3.0
131.153.56.226200 OK 3.4 kB URL HTTP/2 the2faces.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.min.js?ver=7.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (13880), with no line terminators
Hash 459fba86094e948f2046f4607bc0c02f
5b41f2b77e93fdcd7e8f0f5d1c50dd51b8a45f7c
71feb5b709466deb028daa294a0f3eb5f8f6658cdb912a463162f6d1404d5412
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart-variation.min.js?ver=7.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Fri, 13 Jan 2023 07:09:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3431
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.9.0
131.153.56.226200 OK 42 kB URL HTTP/2 the2faces.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.9.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (65358)
Hash 6d4b0d5a5a72ede7cb1b41f1888b1472
36bf958ff03d07059e93bd8388f75ba5cbf9044b
f4adbeefd0b26c8c194986bb2f09825ddad65a562ae5718de1e76d7ba653a0d1
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.9.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Wed, 14 Sep 2022 13:59:47 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 42034
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
131.153.56.226200 OK 30 kB URL HTTP/2 the2faces.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 131.153.56.226:0
File type ASCII text, with very long lines (65447)
Hash 3a1740685bd5c0bbd5f2b812e1eb7fb4
488e07695da787fed18361c50292aef35abb5e81
4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 03:38:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 30324
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/dokan-lite/assets/vendors/sweetalert2/sweetalert2.all.min.js?ver=1674724881
131.153.56.226200 OK 18 kB URL HTTP/2 the2faces.com/wp-content/plugins/dokan-lite/assets/vendors/sweetalert2/sweetalert2.all.min.js?ver=1674724881
IP 131.153.56.226:0
File type ASCII text, with very long lines (42890)
Hash bce5123b1c88ee06bad587768c307904
8ab95da62b9d26e1da5b2364b26031d2c4ed29ae
876d4906504bb7380271c7ab6ee0ddb7eaac4d65ed46913de023eb8d9800d4e5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/dokan-lite/assets/vendors/sweetalert2/sweetalert2.all.min.js?ver=1674724881 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 09:21:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 17585
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-includes/js/dist/vendor/moment.min.js?ver=2.29.4
131.153.56.226200 OK 18 kB URL HTTP/2 the2faces.com/wp-includes/js/dist/vendor/moment.min.js?ver=2.29.4
IP 131.153.56.226:0
File type ASCII text, with very long lines (57929), with no line terminators
Hash adc8e5e289033608a7aae2bda440d515
5cc51f365289bcd3224089d0ac42bda85d1b0be6
224103b39dd02aedf6b1197021b0abf49991cb2a1ba16983a901abc71a7ae08b
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/dist/vendor/moment.min.js?ver=2.29.4 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 03:38:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 18191
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/TweenMax.min.js?ver=5.3.0
131.153.56.226200 OK 35 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/TweenMax.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 720453b24b12d3415eea7fa3cf152e38
94da835bd2b6b8122facc7a5f4c711ad503b8ce8
fcf382a17b24e35dc672e0b8de33bbdf468fac9834bef504ab3ae51d658330dc
GET /wp-content/themes/basel/js/TweenMax.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:27 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 35204
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/js/moment.min.js?ver=5.3.0
131.153.56.226200 OK 17 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/js/moment.min.js?ver=5.3.0
IP 131.153.56.226:0
File type ASCII text, with very long lines (32013)
Hash c2c3d81ef3fea8f495f441190ab79a59
d0af7f627f648b6f1925047152d04fb0f8be9fe0
944f814ff450e31700bbf59311bb71d71b456b39190d436c14bd42dc1d793076
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/js/moment.min.js?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Wed, 14 Sep 2022 13:46:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 16697
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.2
131.153.56.226200 OK 101 kB URL HTTP/2 the2faces.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.2
IP 131.153.56.226:0
File type ASCII text, with very long lines (64288)
Size 101 kB (101419 bytes)
Hash f0c6dcea1ad106d9d868e404f2b53471
b88cc8ed95ae068c81dd617fe25776ebaac077bf
5dd56a73b90c84e85337750b768e7f2d6da617c8e2fb398ae2969588bb8fd4e0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.2 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Fri, 07 Oct 2022 21:55:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 101419
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/uploads/2022/10/The2Faces-Logo1a-1.png
131.153.56.226200 OK 90 kB URL HTTP/2 the2faces.com/wp-content/uploads/2022/10/The2Faces-Logo1a-1.png
IP 131.153.56.226:0
File type PNG image data, 900 x 383, 8-bit/color RGBA, non-interlaced\012- data
Hash 377c793106bb0aeb96399f865ac4a5bd
7e3a0d7a7ccc75184c463d81cb7f6ac928418217
63bdde344a828a47e603d674cee7a9547d0531b07b164982c2e55080e9317bd3
GET /wp-content/uploads/2022/10/The2Faces-Logo1a-1.png HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: image/png
last-modified: Mon, 31 Oct 2022 20:31:13 GMT
accept-ranges: bytes
content-length: 89505
date: Sun, 05 Feb 2023 14:07:46 GMT
vary: User-Agent
X-Firefox-Spdy: h2
the2faces.com/wp-content/uploads/2022/10/The2FacesLogo.png
131.153.56.226200 OK 50 kB URL HTTP/2 the2faces.com/wp-content/uploads/2022/10/The2FacesLogo.png
IP 131.153.56.226:0
File type PNG image data, 600 x 507, 8-bit/color RGBA, non-interlaced\012- data
Hash c646b3af231c0f19795dd4d3a6f5d4df
047ed4f9bcb338bf6228bbb66c8dbebb09d7a8e6
67c6ba71a192de60a39a507b155910f33c2795d8b9749e648619ea1ce1d7b59b
GET /wp-content/uploads/2022/10/The2FacesLogo.png HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: image/png
last-modified: Mon, 31 Oct 2022 20:17:29 GMT
accept-ranges: bytes
content-length: 49624
date: Sun, 05 Feb 2023 14:07:46 GMT
vary: User-Agent
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5164
Expires: Sun, 05 Feb 2023 15:33:51 GMT
Date: Sun, 05 Feb 2023 14:07:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5164
Expires: Sun, 05 Feb 2023 15:33:51 GMT
Date: Sun, 05 Feb 2023 14:07:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5164
Expires: Sun, 05 Feb 2023 15:33:51 GMT
Date: Sun, 05 Feb 2023 14:07:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:24:01 GMT
age: 9826
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:42:59 GMT
age: 37488
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: 6a8c6487-6069-47d1-afa1-648626f85439
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqGg5oAMFV-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-0a772cde1e6fba6d7da97435;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CHWhIpyzhoPtMUplzh1430Q9FfCM1wkTc_hQsgQk6InM9tYBPGYnNg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:05:45 GMT
age: 57722
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e7140400336984afc6093c1246f863
59e0b21cdf4cfdac3f1ea05badd007727939ac42
4d927e74922159db5d07b9947fa1021cff74bb7b55759960cb3941d05c1e8f11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9579
x-amzn-requestid: 377c182d-43e8-4251-8731-6364d29fb955
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRFs0oAMFreQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-1ad3e68f50fc15707ec0406a;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sUtUjqOLpq42m22bLgmLggmPbtatZC01og_xzkVI1o8rJtAnvhvqHA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 14:15:26 GMT
age: 85941
etag: "59e0b21cdf4cfdac3f1ea05badd007727939ac42"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:30:31 GMT
age: 9436
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a032104cf4ccc6ea31f163ca16386487
a0573916c3d72f0554928963c0a74413fdcb3558
8ba7b6e9b3fa28f6fd27f5f006cedac10f50d7da6c109155a2476cf04f4df932
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8909
x-amzn-requestid: 29f57721-99ae-4927-b324-b0a40668e2f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqEPuIAMFqpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-156c25027894630b61e5770c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 6-RtedWR4ubEBwe85bNcobzqb2Cy9aEUzyT3tlhJ95zD5SgiuS7coA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:18:03 GMT
age: 56984
etag: "a0573916c3d72f0554928963c0a74413fdcb3558"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:07:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/karla/v23/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2
216.58.207.227200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/karla/v23/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 21248, version 1.0\012- data
Hash 481105857aba99f91faa3cd9a360e8e1
a2d8dcb59555878d359c2bebbc8be6985d26d7d2
f8c2240958cb1fff47d921ca0f3097f9e7403ada01af2382477ef42c404c38d4
GET /s/karla/v23/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://the2faces.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 10:14:49 GMT
expires: Sat, 03 Feb 2024 10:14:49 GMT
cache-control: public, max-age=31536000
age: 186778
last-modified: Mon, 11 Jul 2022 20:38:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:07:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
the2faces.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-solid-900.woff2
131.153.56.226200 OK 76 kB URL HTTP/2 the2faces.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-solid-900.woff2
IP 131.153.56.226:0
File type Web Open Font Format (Version 2), TrueType, length 75760, version 330.32636\012- data
Hash 832f6e62aaf3909d6b94c8a9c1e4dd51
4a06418cb56a66af5a1c0f59791469dea1dc87fa
8556fd48cf33ca3028e3fff4042979f224987ee317cc9032dd5bba996b363009
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://the2faces.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.9.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:47 GMT
content-type: font/woff2
last-modified: Wed, 14 Sep 2022 13:59:46 GMT
accept-ranges: bytes
content-length: 75760
date: Sun, 05 Feb 2023 14:07:47 GMT
vary: User-Agent
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:07:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
the2faces.com/wp-content/themes/basel/fonts/basel-font.woff?v=5.3.0
131.153.56.226200 OK 8.1 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/fonts/basel-font.woff?v=5.3.0
IP 131.153.56.226:0
File type Web Open Font Format, TrueType, length 8096, version 1.0\012- data
Hash 86b8298a7cbf60b3f3794c0420ba8ff1
7700471e85f1319e14e1024b62ad6778ba4a33bb
43ac0e033311820c6d1208caffb7672ee831e82fad2d4d333cf5b2ac43412478
GET /wp-content/themes/basel/fonts/basel-font.woff?v=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://the2faces.com/wp-content/uploads/2023/01/basel-dynamic-1674414489.css?ver=5.3.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:47 GMT
content-type: font/woff
last-modified: Wed, 14 Sep 2022 13:46:07 GMT
accept-ranges: bytes
content-length: 8096
date: Sun, 05 Feb 2023 14:07:47 GMT
vary: User-Agent
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/fonts/Simple-Line-Icons.woff?v=5.3.0
131.153.56.226200 OK 53 kB URL HTTP/2 the2faces.com/wp-content/themes/basel/fonts/Simple-Line-Icons.woff?v=5.3.0
IP 131.153.56.226:0
File type Web Open Font Format, TrueType, length 53444, version 2.0\012- data
Hash 0bbfc705e37a927ce2ae72b749b3154d
c7f8307972e263ccb2de346cfd4890ae3ad15c7e
72bbd904eec22882287e50b2f64987560c8646abc0b8e942366a272a4fe7cd39
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/fonts/Simple-Line-Icons.woff?v=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://the2faces.com/wp-content/uploads/2023/01/basel-dynamic-1674414489.css?ver=5.3.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:47 GMT
content-type: font/woff
last-modified: Wed, 14 Sep 2022 13:46:08 GMT
accept-ranges: bytes
content-length: 53444
date: Sun, 05 Feb 2023 14:07:47 GMT
vary: User-Agent
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2
131.153.56.226200 OK 75 kB URL HTTP/2 the2faces.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2
IP 131.153.56.226:0
File type Web Open Font Format (Version 2), TrueType, length 75368, version 330.32636\012- data
Hash 859c4002d9954718cac1ddea5555698f
2392ce297c92bcf2c7d5a4c461a582dadc8039c8
5054ab369966fea3657ac6af00c3bc47bdc9e7b5114e61d1764be06213ca9781
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://the2faces.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/all.min.css?ver=6.9.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:47 GMT
content-type: font/woff2
last-modified: Wed, 14 Sep 2022 13:59:46 GMT
accept-ranges: bytes
content-length: 75368
date: Sun, 05 Feb 2023 14:07:47 GMT
vary: User-Agent
X-Firefox-Spdy: h2
the2faces.com/wp-content/uploads/2022/11/favico2fa1.png
131.153.56.226200 OK 20 kB URL HTTP/2 the2faces.com/wp-content/uploads/2022/11/favico2fa1.png
IP 131.153.56.226:0
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash fc578fb38830e5d30649ca5afdf15d7c
b43cef8e9f77751492f5f1711834ee1f9747741d
8b944702fd41b1ea683fa899ecababedf5e961381afc4cc49850f112341d1295
GET /wp-content/uploads/2022/11/favico2fa1.png HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:47 GMT
content-type: image/png
last-modified: Tue, 01 Nov 2022 16:58:11 GMT
accept-ranges: bytes
content-length: 19582
date: Sun, 05 Feb 2023 14:07:47 GMT
vary: User-Agent
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sun, 05 Feb 2023 13:45:20 GMT
expires: Sun, 05 Feb 2023 15:45:20 GMT
cache-control: public, max-age=7200
age: 1348
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
the2faces.com/?wc-ajax=get_refreshed_fragments
131.153.56.226200 OK 284 B URL HTTP/2 the2faces.com/?wc-ajax=get_refreshed_fragments
IP 131.153.56.226:0
File type JSON data\012- , ASCII text, with very long lines (570), with no line terminators
Hash afa72a9de169557010693a4ce454acf5
467e6806be68eae67172c01dfa3d262c0fe6ead1
a02dbf8ed811e732d91dbc094714eccd93550dda8e24bf0d2958438fbf161764
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: https://the2faces.com
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
access-control-allow-origin: https://the2faces.com
access-control-allow-credentials: true
x-content-type-options: nosniff
x-robots-tag: noindex
content-type: application/json; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-length: 284
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Sun, 05 Feb 2023 14:07:48 GMT
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-Z4SEZ08TMD>m=45je3210&_p=912283657&gdid=dZTNiMT&cid=879202572.1675606109&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675606108&sct=1&seg=0&dl=https%3A%2F%2Fthe2faces.com%2Fwp-content%2Fdownload%2FFile_pass1234.zip&dt=P%C3%A1gina%20no%20encontrada%20%E2%80%93%20The2Faces&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-Z4SEZ08TMD>m=45je3210&_p=912283657&gdid=dZTNiMT&cid=879202572.1675606109&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675606108&sct=1&seg=0&dl=https%3A%2F%2Fthe2faces.com%2Fwp-content%2Fdownload%2FFile_pass1234.zip&dt=P%C3%A1gina%20no%20encontrada%20%E2%80%93%20The2Faces&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-Z4SEZ08TMD>m=45je3210&_p=912283657&gdid=dZTNiMT&cid=879202572.1675606109&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675606108&sct=1&seg=0&dl=https%3A%2F%2Fthe2faces.com%2Fwp-content%2Fdownload%2FFile_pass1234.zip&dt=P%C3%A1gina%20no%20encontrada%20%E2%80%93%20The2Faces&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://the2faces.com
Connection: keep-alive
Referer: https://the2faces.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://the2faces.com
date: Sun, 05 Feb 2023 14:07:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
the2faces.com/wp-content/download/File_pass1234.zip
131.153.56.226404 Not Found 0 B URL HTTP/2 the2faces.com/wp-content/download/File_pass1234.zip
IP 131.153.56.226:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/download/File_pass1234.zip HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
x-powered-by: PHP/7.4.33
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <https://the2faces.com/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Sun, 05 Feb 2023 14:07:46 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Karla%3A400%2C400italic%2C700%2C700italic%7CLato%3A100%2C100italic%2C300%2C300italic%2C400%2C400italic%2C700%2C700italic%2C900%2C900italic&ver=5.3.0
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Karla%3A400%2C400italic%2C700%2C700italic%7CLato%3A100%2C100italic%2C300%2C300italic%2C400%2C400italic%2C700%2C700italic%2C900%2C900italic&ver=5.3.0
IP 142.250.74.74:0
GET /css?family=Karla%3A400%2C400italic%2C700%2C700italic%7CLato%3A100%2C100italic%2C300%2C300italic%2C400%2C400italic%2C700%2C700italic%2C900%2C900italic&ver=5.3.0 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 14:07:46 GMT
date: Sun, 05 Feb 2023 14:07:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
the2faces.com/wp-content/themes/basel/style.min.css?ver=5.3.0
131.153.56.226200 OK 0 B URL HTTP/2 the2faces.com/wp-content/themes/basel/style.min.css?ver=5.3.0
IP 131.153.56.226:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/basel/style.min.css?ver=5.3.0 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: text/css
last-modified: Wed, 14 Sep 2022 13:46:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 113551
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2
the2faces.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.2
131.153.56.226200 OK 0 B URL HTTP/2 the2faces.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.2
IP 131.153.56.226:0
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.2 HTTP/1.1
Host: the2faces.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://the2faces.com/wp-content/download/File_pass1234.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:07:46 GMT
content-type: application/javascript
last-modified: Thu, 06 Oct 2022 22:20:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 59937
date: Sun, 05 Feb 2023 14:07:46 GMT
X-Firefox-Spdy: h2