r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7926
Expires: Mon, 28 Nov 2022 19:05:06 GMT
Date: Mon, 28 Nov 2022 16:53:00 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6530
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:53:00 GMT
Last-Modified: Mon, 28 Nov 2022 15:04:10 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10057
Expires: Mon, 28 Nov 2022 19:40:37 GMT
Date: Mon, 28 Nov 2022 16:53:00 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 16:19:32 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2008
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: w+93YNLgddg1s/nzIXjr64d6jJQc95JgxOMzBfkYtp/R2VxGMWYzLHje9KSfbDv6MiWT3JqDzKU=
x-amz-request-id: HSAR3Y9KCYXK8G2Q
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 16:42:08 GMT
age: 652
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
unitedfinancialsvcs.com/author/admin/
160.153.51.9200 OK 6.9 kB URL HTTP/1.1 unitedfinancialsvcs.com/author/admin/
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7220), with CRLF, LF line terminators
Hash 51b1439cc784e4027cb66a04566c2288
8d12c9bea2c20ee7b6d646b632d99b01c1cd0078
92e6ef888de813b62f2e14f1ffdb20b3324ad6c1c56ca9e610f5eab557cf62b9
Analyzer Verdict Alert fortinet Malware
GET /author/admin/ HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:00 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
X-Pingback: http://unitedfinancialsvcs.com/xmlrpc.php
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6936
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 16:53:00 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.google.com/jsapi?ver=4.0.37
142.250.74.164301 Moved Permanently 248 B URL HTTP/1.1 www.google.com/jsapi?ver=4.0.37
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash c30560cc9bc509145b259bb3b820b2cb
4d14dc424d4c516555cc8ce3465a779f75b439df
813c598f109329b3dc85b07b6f54798bf672b6642c03c7de325fabe34790a4c2
GET /jsapi?ver=4.0.37 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
HTTP/1.1 301 Moved Permanently
Location: https://www.gstatic.com/charts/loader.js?ver=4.0.37
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 28 Nov 2022 16:53:01 GMT
Expires: Mon, 28 Nov 2022 17:23:01 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 248
X-XSS-Protection: 0
fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic
142.250.74.10200 OK 487 B URL HTTP/1.1 fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic
IP 142.250.74.10:0
Hash dc778059840df0f6ac345ccd7e315848
939c55e7330ff8000a5da72bc85798bab6756aab
a5b0839dc035b4f9869ae8ea4e18bdc3fb1891c273a2400ff48f22171b77b6ef
GET /css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 28 Nov 2022 16:53:01 GMT
Date: Mon, 28 Nov 2022 16:53:01 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 5a25d9b5e105f02864c7b2277754f2a5
78ae4c570edbc3d2afc276d21bf4215554684f39
ee85d97c2b69819c808a00f17cfe0d05ae7a60cff155df7d2df8240add9ad103
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2306
Cache-Control: max-age=145013
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:53:01 GMT
Etag: "638471e0-116"
Expires: Wed, 30 Nov 2022 09:09:54 GMT
Last-Modified: Mon, 28 Nov 2022 08:31:28 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 5a25d9b5e105f02864c7b2277754f2a5
78ae4c570edbc3d2afc276d21bf4215554684f39
ee85d97c2b69819c808a00f17cfe0d05ae7a60cff155df7d2df8240add9ad103
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2306
Cache-Control: max-age=145013
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:53:01 GMT
Etag: "638471e0-116"
Expires: Wed, 30 Nov 2022 09:09:54 GMT
Last-Modified: Mon, 28 Nov 2022 08:31:28 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:53:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/charts/loader.js?ver=4.0.37
142.250.74.163200 OK 20 kB URL HTTP/2 www.gstatic.com/charts/loader.js?ver=4.0.37
IP 142.250.74.163:0
File type ASCII text, with very long lines (2134)
Hash f3341efa0432876b1697ccec98c33b01
55044e79afbe25d119b7b87dc7b5d1b3ec0c607a
6672904faeb4f203e0109279aa99d88f9e8690d2d696d80309ef50a974f88c77
GET /charts/loader.js?ver=4.0.37 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://unitedfinancialsvcs.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-type: text/javascript
access-control-allow-credentials: true
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gviz"
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-length: 19937
date: Mon, 28 Nov 2022 16:53:01 GMT
expires: Mon, 28 Nov 2022 17:53:01 GMT
cache-control: public, max-age=3600
last-modified: Wed, 23 Jun 2021 18:41:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:53:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 16:08:55 GMT
cache-control: public,max-age=3600
age: 2646
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/style.css
160.153.51.9200 OK 4.9 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/style.css
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 34aee13ea6f26797003c564d58f14ae1
0e408edac46fc5efb5e434d26857335b870e7b2d
10d0b47bb6ede045c3a00704db5c94c9b5ebff355fc7b2fa8e31a32103fe4f9c
GET /wp-content/themes/unitedfinancial/css/style.css HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 09 Oct 2021 12:22:10 GMT
ETag: "9141392-7165-5cdea8b7fc080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4920
Keep-Alive: timeout=5
Content-Type: text/css
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/bootstrap-theme.css
160.153.51.9200 OK 1.8 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/bootstrap-theme.css
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
Hash 15837a056cefe43a4907b7cc53c48874
2c9716ad1f6b390e294e2f3dafde1d514900e7ec
c4eeeacef6ec72e9c84f88324a9442b47dd2f4a995a1a11e2a46b1b0d9e9ad78
GET /wp-content/themes/unitedfinancial/css/bootstrap-theme.css HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 09 Oct 2021 12:22:10 GMT
ETag: "9141388-3a58-5cdea8b7fc080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1803
Keep-Alive: timeout=5
Content-Type: text/css
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/media-queries.css
160.153.51.9200 OK 2.5 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/media-queries.css
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 547839ce4ac6a59185f6c354ee490b93
a892546d555636a286d03abe05cebf529f431c04
6762d0996b727a03aff74a58cc89ccb6a0a8eded62163fd928d1c0b39987d256
GET /wp-content/themes/unitedfinancial/css/media-queries.css HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 09 Oct 2021 12:22:10 GMT
ETag: "9141390-4e81-5cdea8b7fc080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2495
Keep-Alive: timeout=5
Content-Type: text/css
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/bootstrap-theme.min.css
160.153.51.9200 OK 1.7 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/bootstrap-theme.min.css
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (13015)
Hash 128d9658e9470ee477015a4ed0343df2
e37b1f5caf8b587af66e0bf95e5373572f073a9d
1834b4d68083f5396ef37f27502ad4fd5476372f1d48d4751531356d9f3ca6f5
GET /wp-content/themes/unitedfinancial/css/bootstrap-theme.min.css HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 09 Oct 2021 12:22:10 GMT
ETag: "914138a-3381-5cdea8b7fc080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1747
Keep-Alive: timeout=5
Content-Type: text/css
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/bootstrap.min.css
160.153.51.9200 OK 17 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/bootstrap.min.css
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65360), with CRLF line terminators
Hash d1bb806a2275a7322018606c1180e6cd
f2d19232b3c089f30a90e2d09504d108b62190d7
7ac191ea60e968eaa24e9dde63d34acc4173d44fb210e48b2f3c237a140032c9
GET /wp-content/themes/unitedfinancial/css/bootstrap.min.css HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:10 GMT
ETag: "914138d-18686-5cdea8b7fc080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17177
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/bootstrap.css
160.153.51.9200 OK 18 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/bootstrap.css
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type assembler source, ASCII text, with very long lines (540)
Hash 447621cf34340934ec43f83e7d75108b
2bedbda09ee53bbf1c5693fa00c80a3549a52617
29395e4250be8dc1cc398aed8019541075d3df018eb4144f9d7bac737b4a8d1e
GET /wp-content/themes/unitedfinancial/css/bootstrap.css HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 09 Oct 2021 12:22:10 GMT
ETag: "914138b-1d984-5cdea8b7fc080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18376
Keep-Alive: timeout=5
Content-Type: text/css
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/js/bootstrap.js
160.153.51.9200 OK 11 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/js/bootstrap.js
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (323)
Hash 597b5a8cccab30777a9d3bb20400da1d
4074e8d928c5be69b1342dc6a7d87d0cc2f7ad9c
d8a2114c4dda68c646647994ef79ed3a8617739f3ce5de69ea2f7f66b35ba39a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/unitedfinancial/js/bootstrap.js HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:11 GMT
ETag: "91413d9-d91f-5cdea8b8f02c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11331
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/js/bootstrap.min.js
160.153.51.9200 OK 7.9 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/js/bootstrap.min.js
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (28941)
Hash 56ef47b2faedaf94b14fb67113c739e9
361df64e2335d2841acf7d1396164b33d2dc4a5c
b51d94458b2de268999c836abf720da6ec03be2e4700b44b11e29c0d177184f5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/unitedfinancial/js/bootstrap.min.js HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:11 GMT
ETag: "91413da-72fb-5cdea8b8f02c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7886
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
unitedfinancialsvcs.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.8.1
160.153.51.9200 OK 477 B URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.8.1
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
Hash b56e9746621683c91c0daf3b5b78e188
6acd6ce074dac660576a38b42b74e4bd9d0db69a
38fdd9e10a900b7af22ade8104932e63cd05f69f6eab6340279a3da7e5904809
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.8.1 HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:25 GMT
ETag: "9140a8e-468-5cdea8c64a240-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 477
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/genericons/genericons.css?ver=3.0.3
160.153.51.9200 OK 19 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/genericons/genericons.css?ver=3.0.3
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (23046)
Hash ae3362090647674b63a13d5b11d6da2a
8f7e546aa30292c3927383da9dcbe26cdd8c8a75
42329536b8d979639a6daec69c405eabd066fdbf952e41961a1329719cb772c9
GET /wp-content/themes/unitedfinancial/genericons/genericons.css?ver=3.0.3 HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:09 GMT
ETag: "91413a0-7945-5cdea8b707e40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19329
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/style.css?ver=4.0.37
160.153.51.9200 OK 14 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/style.css?ver=4.0.37
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (417)
Hash e2fafc8f5e0747519c76266dd0223057
07493b6040e71170add9b3f3f57e58e127e74e7f
ccace2fa447b2be914572d8ef04ce1f03ce6b4087145de35c1080d0d4e786236
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/unitedfinancial/style.css?ver=4.0.37 HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:11 GMT
ETag: "9141370-12efc-5cdea8b8f02c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13951
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7ab2ef968cb6a3078f4b9cb2dda813d4
e669116047ca058a2c1b2999ff0ea8682719162c
6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5459
Cache-Control: max-age=150293
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 16:53:01 GMT
Etag: "63847a2f-1d7"
Expires: Wed, 30 Nov 2022 10:37:54 GMT
Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/js/jquery-1.11.0.min.js
160.153.51.9200 OK 34 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/js/jquery-1.11.0.min.js
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (32341)
Hash 327139a59175b3022d77ff2d8b4113ad
6b99d6a933fbe6c5fd12967387e05c9e2a6e2e19
5a78f006f49421326ca0872eb254935a6517cdf15fa7784f8a8a95bcb0ba61a1
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/unitedfinancial/js/jquery-1.11.0.min.js HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:11 GMT
ETag: "91413e5-179c2-5cdea8b8f02c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33544
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
unitedfinancialsvcs.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
160.153.51.9200 OK 3.3 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (7085), with CRLF, LF line terminators
Hash 42a547998f1eb013e5c9063b1e814797
42349fd33b5d3459b3e103a850f60a3341943748
ffbdda6ae84f88437ea5baa84297f68d79b544c50cca3388abe1978156372048
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:49 GMT
ETag: "91412d1-1d65-5cdea8dd2d840-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3255
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
unitedfinancialsvcs.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.50.0-2014.02.05
160.153.51.9200 OK 6.3 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.50.0-2014.02.05
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (15957)
Hash 72fd5cac7e281220c5ef308098c9ca12
9fa41a826e9a6c3b98bc39b032dcf3a766899e8a
f3625b21220b74f3ba874821e51a7a0cd800ed3d5878d4270cfe987052f34f8f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.50.0-2014.02.05 HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:25 GMT
ETag: "9140c46-40f6-5cdea8c64a240-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6348
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
unitedfinancialsvcs.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.8.1
160.153.51.9200 OK 2.9 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.8.1
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (323)
Hash 26035cd7b9060c3c13e3628e7f4b63f2
04b68e6988dafc34925ed84574289264e4aee965
9aee6db451a43dbe0e12ff23832cc9998d65c8636fa97f80e1d304f8cac097c0
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.8.1 HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:25 GMT
ETag: "9140c47-26e3-5cdea8c64a240-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2926
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/js/functions.js?ver=20140616
160.153.51.9200 OK 1.6 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/js/functions.js?ver=20140616
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (323)
Hash 727fc0e8d516dbf5996a2688c7fda466
8ded5ef234e5ed14dca2e89d72a52674ee69d7f9
60fb4ec60a13864f4aec989202f9bbc13ae300db26a41fd7027f61d74007881d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/unitedfinancial/js/functions.js?ver=20140616 HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:11 GMT
ETag: "91413e3-ebe-5cdea8b8f02c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1649
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
unitedfinancialsvcs.com/wp-includes/js/jquery/jquery.js?ver=1.11.1
160.153.51.9200 OK 33 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-includes/js/jquery/jquery.js?ver=1.11.1
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (32086)
Hash 8496c9e64269a5ec21a010f451da6d7d
c0427964731cb31ac63c644a76455fc073d2657e
b585b21ed317b2f4530c92203889b3e78fea39ad5614f8587737a073793048f8
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.js?ver=1.11.1 HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:49 GMT
ETag: "91412e8-17784-5cdea8dd2d840-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33406
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: application/javascript
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
216.58.207.195200 OK 24 kB URL HTTP/1.1 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://unitedfinancialsvcs.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23580
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 22 Nov 2022 18:20:17 GMT
Expires: Wed, 22 Nov 2023 18:20:17 GMT
Cache-Control: public, max-age=31536000
Age: 513164
Last-Modified: Tue, 26 Apr 2022 15:48:56 GMT
Content-Type: font/woff2
push.services.mozilla.com/
100.20.30.105101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 100.20.30.105:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: OvQHRlV3LnVDt2voBDEw1g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3+senNbgJLBFnY49gEGg3ekHC4A=
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
216.58.207.195200 OK 22 kB URL HTTP/1.1 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Hash 1c6c65523675abc6fcd78e804325bd77
898d9808304dc157f5dcb18ca169ec6e2b96b3d7
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://unitedfinancialsvcs.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 22504
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 22 Nov 2022 21:36:19 GMT
Expires: Wed, 22 Nov 2023 21:36:19 GMT
Cache-Control: public, max-age=31536000
Age: 501402
Last-Modified: Tue, 26 Apr 2022 16:04:16 GMT
Content-Type: font/woff2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js
172.67.34.170200 OK 24 kB URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js
IP 172.67.34.170:0
Hash d613f0d43783848f21802a6053342d22
8bf598c25bc4b8b64be9e208d5f25a15276a1607
294441e16aee4f0151bd8769d20b3e90f9f9999638d4deaa5bca0b86f4220bb1
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:01 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 0
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0edf3c0af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
unitedfinancialsvcs.com/wp-content/uploads/2014/10/link.png
160.153.51.9200 OK 2.1 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/uploads/2014/10/link.png
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 75 x 75, 8-bit/color RGB, non-interlaced\012- data
Hash e9e24c0e368b919a04f2fe8f7844aef1
8800d9858e01bdf06607a93facbba1d21f7f863d
80ddb91cf071cbb8d8fe2211fbb9c5299d2092180d5e4dec80d0c16dcdba537c
GET /wp-content/uploads/2014/10/link.png HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:40 GMT
ETag: "9140f60-817-5cdea8d498400"
Accept-Ranges: bytes
Content-Length: 2071
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
unitedfinancialsvcs.com/wp-content/uploads/2014/10/sunlogo.png
160.153.51.9200 OK 1.4 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/uploads/2014/10/sunlogo.png
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 35 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash e0bfab28adac8c7bae194532766dbf0e
326a9cb76a32b08855df92376951e56b2e6e6610
8af45be0d3f881fb20b6afd53078121c1886242545b56b30619fd73bc0146380
GET /wp-content/uploads/2014/10/sunlogo.png HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:40 GMT
ETag: "9140fcd-59f-5cdea8d498400"
Accept-Ranges: bytes
Content-Length: 1439
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/images/footer-logo.png
160.153.51.9200 OK 8.8 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/images/footer-logo.png
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 212 x 74, 8-bit/color RGBA, non-interlaced\012- data
Hash 73ede32888b184d1dce9a7c275d6f0e4
aec93b3b5eee90ed49852554bd5d1116a303e945
e2fdab5826f27756957464e4638ec37a09badbbafd58c7dd32d2c068e13aaaf3
GET /wp-content/themes/unitedfinancial/images/footer-logo.png HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:11 GMT
ETag: "91413c0-2245-5cdea8b8f02c0"
Accept-Ranges: bytes
Content-Length: 8773
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
unitedfinancialsvcs.com/wp-content/uploads/2014/10/harp-img.jpg
160.153.51.9200 OK 56 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/uploads/2014/10/harp-img.jpg
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 370x259, components 3\012- data
Hash ae9ea5e2734e416e7562a1983a3d97e1
7fa7cb31a1ccdd266f51cd47a9355e960e2c2696
92eae8522a1169f237b34c27f25a2fe7a2ffff8b85ad2a79a387c6f36a3a53e1
GET /wp-content/uploads/2014/10/harp-img.jpg HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:40 GMT
ETag: "9140c6d-da87-5cdea8d498400"
Accept-Ranges: bytes
Content-Length: 55943
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
unitedfinancialsvcs.com/wp-content/uploads/2014/10/va-img.jpg
160.153.51.9200 OK 43 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/uploads/2014/10/va-img.jpg
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 370x259, components 3\012- data
Hash 3c0ce0c45baa965cd46d231d2b2edf91
2bc2f7418336f63d7e6795609d0c607c647cbbce
220c004dcf6e7c31c247e7fa239d67763866f8693cd305b65cb8831843289959
GET /wp-content/uploads/2014/10/va-img.jpg HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:40 GMT
ETag: "9140ff7-a8c0-5cdea8d498400"
Accept-Ranges: bytes
Content-Length: 43200
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
unitedfinancialsvcs.com/wp-content/uploads/2014/10/fha-img.jpg
160.153.51.9200 OK 54 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/uploads/2014/10/fha-img.jpg
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 370x259, components 3\012- data
Hash c3a38e351fbc1749572872c431160c94
8dfd416350fb9b230caf360ea890c21cb8613679
b0a46b6d611149dfccf57033250ed67271932ddbcd2f13801c62d3daf81e1abc
GET /wp-content/uploads/2014/10/fha-img.jpg HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:01 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:40 GMT
ETag: "9140c6a-d3dd-5cdea8d498400"
Accept-Ranges: bytes
Content-Length: 54237
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/jpeg
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/fonts/ftrabk__-webfont.woff
160.153.51.9200 OK 20 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/fonts/ftrabk__-webfont.woff
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type Web Open Font Format, TrueType, length 20508, version 1.0\012- data
Hash 3986cd9f87c9300e09bd4d6661da459a
55b6a90ec42d7c04759a778a643510abbf7fc90f
606aca753aede4c403fd343dd799d9677ecf7cbbaea3e08794e1930918905755
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/unitedfinancial/fonts/ftrabk__-webfont.woff HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/style.css
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:02 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:10 GMT
ETag: "91413ab-501c-5cdea8b7fc080"
Accept-Ranges: bytes
Content-Length: 20508
Vary: Accept-Encoding
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: font/woff
unitedfinancialsvcs.com/wp-content/plugins/logo-manager/logo.png
160.153.51.9200 OK 20 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/plugins/logo-manager/logo.png
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 373 x 140, 8-bit/color RGBA, non-interlaced\012- data
Hash d916281eaa11d4b495c399b0499e3aa2
bf6d3e7ff4785af4253c399e4788010d9d2b4bea
6f89d1c325b8baee63908d3adf91259e6dc545e044a7f67abe8653f899154f38
GET /wp-content/plugins/logo-manager/logo.png HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:02 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:24 GMT
ETag: "9140a9e-4eb8-5cdea8c556000"
Accept-Ranges: bytes
Content-Length: 20152
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/images/pattern-light.svg
160.153.51.9200 OK 540 B URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/images/pattern-light.svg
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Hash ff69a6fd14bf4770b36a8880bf53dda8
17cd37397248191b8b6e6e3aaa4d9fd0e87cccef
93b5a10cc952e6cf5e162e462598d14898ca5e00a3f450e9afaae97d0ede2bf3
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/unitedfinancial/images/pattern-light.svg HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/style.css?ver=4.0.37
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:02 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:11 GMT
ETag: "91413c8-21c-5cdea8b8f02c0"
Accept-Ranges: bytes
Content-Length: 540
Vary: Accept-Encoding
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/svg+xml
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/fonts/opensans-regular.woff
160.153.51.9200 OK 68 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/fonts/opensans-regular.woff
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type Web Open Font Format, TrueType, length 67528, version 1.10\012- data
Hash 75454077207a97d55604aa5b946cce86
8f74819c28af7f495fca89687e1fe91c0016a655
630f1dcdb34acef63fd0c2a1b70da7698d0264e638cfc86eea65ddb4299d4ffc
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/unitedfinancial/fonts/opensans-regular.woff HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/style.css
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:02 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:10 GMT
ETag: "91413b3-107c8-5cdea8b7fc080"
Accept-Ranges: bytes
Content-Length: 67528
Vary: Accept-Encoding
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: font/woff
unitedfinancialsvcs.com/wp-content/uploads/2014/10/fb.png
160.153.51.9200 OK 1.7 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/uploads/2014/10/fb.png
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 75 x 75, 8-bit/color RGB, non-interlaced\012- data
Hash e5936df239621aa2d4e22e7cfef3045b
45e74ebef8cd0e20b294627d7e3b720edac2d18f
3ea38de6233b45ee8667137590299323f1ab14ec0b012654b1bcbf8a9caba9cc
GET /wp-content/uploads/2014/10/fb.png HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:02 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:40 GMT
ETag: "9140c67-6bc-5cdea8d498400"
Accept-Ranges: bytes
Content-Length: 1724
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/png
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/images/favicon.ico
160.153.51.9200 OK 1.4 kB URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/images/favicon.ico
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
File type MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel\012- data
Hash 0e1eab5161f52b45fa827f69a2a4890a
61fecf22acda0bdd42cb4900b3a828177bf5e551
37c64b2fc484e1d4e6974cb008fba3246af270e8f9285ddf6560e11e6828ad27
GET /wp-content/themes/unitedfinancial/images/favicon.ico HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/author/admin/
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 16:53:02 GMT
Server: Apache
Last-Modified: Sat, 09 Oct 2021 12:22:11 GMT
ETag: "91413be-57e-5cdea8b8f02c0"
Accept-Ranges: bytes
Content-Length: 1406
Vary: Accept-Encoding
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: image/x-icon
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 1.4 kB URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Hash 4ff8d42a481a43dae01f635422d42695
22a35e4627aa3f999ca53d13db1a768208d42baa
447d0f03c137fe60082d7082ece0663abd78ba70353eaa48bbf006cad5f5c6b6
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0fb9070af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6065
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 16:53:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6065
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 16:53:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8bb181e3f5ca898c6e31a8efc2e28291
eda3a91f8e2cbc5467da08ad85e6f6a30702b66c
0e943aacb4a46480ab031ef294a0e089976ec125c331c15116b6c79f6b0f2ff0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6065
Expires: Mon, 28 Nov 2022 18:34:08 GMT
Date: Mon, 28 Nov 2022 16:53:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F955ba04e-80cb-43a1-bc6a-3e502a79144e.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F955ba04e-80cb-43a1-bc6a-3e502a79144e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9a6e5f60b87d3879606a6707feb37a73
373c96c2e0006d70954d4b4ebd850f62f558e92c
1ae48f692f44d357e21eec708b46f22c36a3de21be8d0f1c2035d197e0aa89de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F955ba04e-80cb-43a1-bc6a-3e502a79144e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9546
x-amzn-requestid: 60e352b5-ab38-4975-bf26-500f0a639a2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFfulExwIAMFzQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637edff6-1364912f7fd292da6453a83e;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 03:07:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qtRAIXoswvTgNWZzaQE1WHZQXoJRtK9nKpusFtXH3pDRHH_DZtsLFw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 11:59:09 GMT
age: 17634
etag: "373c96c2e0006d70954d4b4ebd850f62f558e92c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:43 GMT
age: 68480
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78b1389f425425d0450c94d900404dc4
53b12a8702f7c5b7cc697e2a24da824d9434be65
0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:26 GMT
age: 67897
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 10 kB URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Hash ff542544f7c342f87be46c4857aa4bb6
46758763eadd6bcf4571b7a676e92da5f06cc9fd
0c1bea492d32d94496626a4ddc3e22cd99078c8817f68660bdc90d5fe2cb5085
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0fb9030af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a1a4e00f1f15827cf651f373863c379
70c2a238f06ca7e56ef80c83738e081bf0de3330
3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGDTEFSeIAMF3rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 08:11:39 GMT
age: 31284
etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZJu4cMNnQTavxqB1MnRFluzfZC59BcUnIHgXh9h6LJWYgsFL83rHoQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 16:15:25 GMT
age: 2258
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0fd9390af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0f78900af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:01 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: MISS
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0a7d200af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:01 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 0
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0f38230af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0fa8ca0af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0ff9660af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e102a170af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:01 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: MISS
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0abd710af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:01 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 0
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0f382e0af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0f788a0af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0fb8fb0af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0fb8fd0af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0fb9000af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/images/top_nav_li_img.png
160.153.51.9404 Not Found 0 B URL HTTP/1.1 unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/images/top_nav_li_img.png
IP 160.153.51.9:0
ASN #398101 GO-DADDY-COM-LLC
GET /wp-content/themes/unitedfinancial/images/top_nav_li_img.png HTTP/1.1
Host: unitedfinancialsvcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/wp-content/themes/unitedfinancial/css/style.css
HTTP/1.1 404 Not Found
Date: Mon, 28 Nov 2022 16:53:02 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
X-Pingback: http://unitedfinancialsvcs.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=5
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:01 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 0
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0edf250af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:01 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 0
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0f382b0af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:01 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 0
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0f38200af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?sdb.dancewithme.biz/db.js HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0fb8de0af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
172.67.34.170200 OK 0 B URL HTTP/2 pastebin.com/raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0
IP 172.67.34.170:0
Analyzer Verdict Alert fortinet Malware
GET /raw/YzGdiMeP?pastebin.com/raw/YzGdiMeP?saskmade.net/head.js?ver=3.0.0 HTTP/1.1
Host: pastebin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://unitedfinancialsvcs.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 16:53:02 GMT
content-type: text/plain; charset=utf-8
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
cache-control: public, max-age=1801
cf-cache-status: HIT
age: 1
last-modified: Mon, 28 Nov 2022 16:53:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 77149e0fb9020af6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2