ocsp.sectigo.com/
172.64.155.188 471 B IP 172.64.155.188:0
Hash e55f6f1fb5d2d030fa253a6eba9b50ec
26ab07b5a145e230ebb65fc07960405bf78afb79
30ba09958f69851b7f129d9a2dfe6d8ef2c884ba656d4d899b4a6db4c2f29b03
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 16 May 2023 20:00:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 14 May 2023 17:36:55 GMT
Expires: Sun, 21 May 2023 17:36:54 GMT
Etag: "26ab07b5a145e230ebb65fc07960405bf78afb79"
Cache-Control: max-age=422789,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c8634e6de9eb4f1-OSL
empressrealtors.com/na/?1
67.223.118.134302 Found 0 B URL User Request GET HTTP/2 empressrealtors.com/na/?1
IP 67.223.118.134:443
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /na/?1 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: /
content-type: text/html; charset=UTF-8
content-length: 0
date: Tue, 16 May 2023 20:00:24 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash 28cd6a035ac0aaa402ac7ccbb2f4adf9
2b7e3fafc63ab4491a80d78a9e8a912913985916
bf57059bd2bb56d2796f005ca744dd7d687460310a279ea7920177202c0ef149
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 16 May 2023 20:00:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
empressrealtors.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/css/main.css?ver=3.27.2
67.223.118.134200 OK 226 B URL GET HTTP/2 empressrealtors.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/css/main.css?ver=3.27.2
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (597), with no line terminators
Hash 93b5ee97153307872e164a67fe709ebf
051cdda625d47911acebdbfd9efead24002186c0
c21fd686ae22a8725218590b4585892ad5888917641b0e699107fd340aeb176a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/css/main.css?ver=3.27.2 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:26 GMT
content-type: text/css
last-modified: Thu, 04 May 2023 15:21:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 226
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2
67.223.118.134200 OK 12 kB URL GET HTTP/2 empressrealtors.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (48325)
Hash 47cdb0e81ea341ad27a1a0b0ba6b02d8
6195a67b0b7f7919f07309e2c8ce71f3d4729d03
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.2 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:26 GMT
content-type: text/css
last-modified: Thu, 30 Mar 2023 05:37:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11775
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-includes/css/classic-themes.min.css?ver=6.2
67.223.118.134200 OK 291 B URL GET HTTP/2 empressrealtors.com/wp-includes/css/classic-themes.min.css?ver=6.2
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
Hash 1a0804b1a9d09705657f91fe7cad4c5a
feeece6f0b3e0bcf090547c475329a2772f6b26b
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=6.2 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:26 GMT
content-type: text/css
last-modified: Thu, 30 Mar 2023 05:37:20 GMT
accept-ranges: bytes
content-length: 291
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/plugins/wp-user-profile-avatar/assets/css/frontend.min.css?ver=6.2
67.223.118.134200 OK 440 B URL GET HTTP/2 empressrealtors.com/wp-content/plugins/wp-user-profile-avatar/assets/css/frontend.min.css?ver=6.2
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (2382), with no line terminators
Hash ccf7a1defc3f24bd49a67798129f748d
b4b48f7338f5aca4a2b2735332a97bb142982237
014b0a9bb5910add421f00203ec72b9bb5bde266075a3fde9ccdb6b691a1b959
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wp-user-profile-avatar/assets/css/frontend.min.css?ver=6.2 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:26 GMT
content-type: text/css
last-modified: Tue, 31 Jan 2023 17:19:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 440
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/plugins/td-composer/assets/fonts/td-multipurpose/td-multipurpose.css?ver=969f3bb4333afe45565e713582b6de14
67.223.118.134200 OK 1.9 kB URL GET HTTP/2 empressrealtors.com/wp-content/plugins/td-composer/assets/fonts/td-multipurpose/td-multipurpose.css?ver=969f3bb4333afe45565e713582b6de14
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash 5e76d02872024db808e06edbd73cca4a
54d4b02dcf56f56c7fa0fef011668fb43f99a705
485301e24ee204cd089ec16df7e66702b3a3dc906f5ea5ffcc414c303d647e1e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/td-composer/assets/fonts/td-multipurpose/td-multipurpose.css?ver=969f3bb4333afe45565e713582b6de14 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:26 GMT
content-type: text/css
last-modified: Wed, 01 Feb 2023 15:53:17 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1867
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash 28cd6a035ac0aaa402ac7ccbb2f4adf9
2b7e3fafc63ab4491a80d78a9e8a912913985916
bf57059bd2bb56d2796f005ca744dd7d687460310a279ea7920177202c0ef149
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 16 May 2023 20:00:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
empressrealtors.com/wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=969f3bb4333afe45565e713582b6de14
67.223.118.134200 OK 4.4 kB URL GET HTTP/2 empressrealtors.com/wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=969f3bb4333afe45565e713582b6de14
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (37612), with no line terminators
Hash 4f1c6d2e290a4f007be15155b9938c62
a4a1c79a652bae27f34be31cb278a425d035b74e
3ed2e42d3ce5e24dcb11cddde4126e4f07c3afc590f708ad2cfbf7669002f92e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=969f3bb4333afe45565e713582b6de14 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:26 GMT
content-type: text/css
last-modified: Wed, 01 Feb 2023 15:53:17 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4410
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/plugins/td-composer/assets/fonts/font-awesome/font-awesome.css?ver=969f3bb4333afe45565e713582b6de14
67.223.118.134200 OK 6.6 kB URL GET HTTP/2 empressrealtors.com/wp-content/plugins/td-composer/assets/fonts/font-awesome/font-awesome.css?ver=969f3bb4333afe45565e713582b6de14
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (327), with CRLF line terminators
Hash 7b890f66b0855446e94014b97cd17ca5
e9786063db5d36bc36f352a89dd182e083c04a6c
af49f53268c08752ca4c11e7f467dbb93d1c3a192a123c837e278869754f94f7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/td-composer/assets/fonts/font-awesome/font-awesome.css?ver=969f3bb4333afe45565e713582b6de14 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:26 GMT
content-type: text/css
last-modified: Wed, 01 Feb 2023 15:53:17 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6642
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
67.223.118.134200 OK 57 kB URL User Request GET HTTP/2 IP 67.223.118.134:443
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (9798), with CRLF, LF line terminators
Hash c5e95652317718317121d0627a06a2b3
6ff726f42b51e0452c4a77848eec12e792fdf07a
4cd81ee3149206b1422f67e33a488ebbd3cedb09c8888a8fa4695e4deb8baf50
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
link: <https://empressrealtors.com/wp-json/>; rel="https://api.w.org/", <https://empressrealtors.com/wp-json/wp/v2/pages/40>; rel="alternate"; type="application/json", <https://empressrealtors.com/>; rel=shortlink
x-litespeed-cache-control: public,max-age=604800
x-litespeed-tag: 806_HTTP.200,806_front,806_URL.6666cd76f96956469e7be39d750cc7d9,806_F,806_Po.40,806_PGS,806_
etag: "392-1684267226;br"
x-litespeed-cache: miss
content-encoding: br
vary: Accept-Encoding
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=969f3bb4333afe45565e713582b6de14
67.223.118.134200 OK 23 kB URL GET HTTP/2 empressrealtors.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=969f3bb4333afe45565e713582b6de14
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
Hash ca425705db44e98274052c1fc7626e58
fa6980f7dc0e1068d9f7d5aec5cee68cb4e9835b
690b96d2559591f91a037476ec10a31fa8c92fcccd97dd48136223cfb70e6299
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=969f3bb4333afe45565e713582b6de14 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:26 GMT
content-type: text/css
last-modified: Wed, 01 Feb 2023 15:53:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 23336
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/empress-realtors-logo-300x300.jpeg
67.223.118.134200 OK 12 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/empress-realtors-logo-300x300.jpeg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 488752c1914ced5c6d3dcc52e843cdc0
6527229b046ac6a0ddee877ae8c170b18c43b53b
efbcc3e62ed4504143a5bd94758063812287d138f5c9c0008ecc06eb027ecbfd
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/empress-realtors-logo-300x300.jpeg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:26 GMT
content-type: image/jpeg
last-modified: Tue, 31 Jan 2023 12:08:48 GMT
accept-ranges: bytes
content-length: 12222
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-includes/js/comment-reply.min.js?ver=6.2
67.223.118.134200 OK 1.2 kB URL GET HTTP/2 empressrealtors.com/wp-includes/js/comment-reply.min.js?ver=6.2
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (2946)
Hash 492f2c1a7ea7eb83fe42e0ff7cb51aa2
db36a77f6aaa2063bfbec02c2c0e967438c5a245
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/comment-reply.min.js?ver=6.2 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: application/javascript
last-modified: Sat, 09 Apr 2022 05:37:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1228
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
67.223.118.134200 OK 4.6 kB URL GET HTTP/2 empressrealtors.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (13326)
Hash 5cfa2b481de6e87c2190a0e3538515d8
0fccf3c8ab2c10b4dcc7970e64ce997ab1622f68
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: application/javascript
last-modified: Thu, 30 Mar 2023 05:37:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4603
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/plugins/td-cloud-library/assets/css/tdb_main.css?ver=f41b1d596d81a0ab113b1f85139ed2c2
67.223.118.134200 OK 5.4 kB URL GET HTTP/2 empressrealtors.com/wp-content/plugins/td-cloud-library/assets/css/tdb_main.css?ver=f41b1d596d81a0ab113b1f85139ed2c2
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (349)
Hash c6cad068034e014cd510682ef13389ce
7c55817cd5023091d9bb97734e059e232c3e2995
c8821d06dfd34ed87aeddfc12c30cd9095bdbbb50e74f2a4e1fe4a6d77431287
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/td-cloud-library/assets/css/tdb_main.css?ver=f41b1d596d81a0ab113b1f85139ed2c2 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: text/css
last-modified: Wed, 01 Feb 2023 15:53:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5396
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/plugins/td-composer/legacy/Newspaper/includes/demos/construction/demo_style.css?ver=12.2
67.223.118.134200 OK 645 B URL GET HTTP/2 empressrealtors.com/wp-content/plugins/td-composer/legacy/Newspaper/includes/demos/construction/demo_style.css?ver=12.2
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
Hash 2fd837f95858922624d29a87dd653385
1e767f1a7ba2023b368a302d3f02f3f84d64ef9b
e16639fb397a2abb3e66af607b29230da080531be609f773ea011964aa52c1f6
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/td-composer/legacy/Newspaper/includes/demos/construction/demo_style.css?ver=12.2 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: text/css
last-modified: Wed, 01 Feb 2023 15:53:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 645
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.27.2
67.223.118.134200 OK 2.2 kB URL GET HTTP/2 empressrealtors.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.27.2
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (7194), with no line terminators
Hash cf4ccbf3bb2ce36100c99edb058f6f4c
6741cfea61a7b995b3638b5bb59e3a809883e311
3650505bcdc0bf7865ef59099868f380ddc1a1ffe71644dec9d18fcd1d2e48e0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.27.2 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: application/javascript
last-modified: Thu, 04 May 2023 15:21:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2208
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/plugins/td-cloud-library/assets/js/js_posts_autoload.min.js?ver=f41b1d596d81a0ab113b1f85139ed2c2
67.223.118.134200 OK 1.9 kB URL GET HTTP/2 empressrealtors.com/wp-content/plugins/td-cloud-library/assets/js/js_posts_autoload.min.js?ver=f41b1d596d81a0ab113b1f85139ed2c2
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (544)
Hash 16468295668ab7f4b339ebf609e20c87
9da20a93ced7fe2e0bd2fa0a7b9cbf2c6f83794c
c34299966d31c0354eac70bc6fc85bedcfa88a5ec90973ce4f3cdc6c5d103bd8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/td-cloud-library/assets/js/js_posts_autoload.min.js?ver=f41b1d596d81a0ab113b1f85139ed2c2 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Feb 2023 15:53:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1874
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-includes/js/underscore.min.js?ver=1.13.4
67.223.118.134200 OK 7.2 kB URL GET HTTP/2 empressrealtors.com/wp-includes/js/underscore.min.js?ver=1.13.4
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (18798)
Hash f88d5720bb454ed5d204cbdb56901f6b
f1952292fde4b15936e9aac16b2b9896684db95b
726b820e44f6ab90ad991d30a4bf26d3a5d71493cbcd1fb1efd0d14e89b9df2a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/underscore.min.js?ver=1.13.4 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: application/javascript
last-modified: Wed, 28 Sep 2022 00:48:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7179
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/plugins/td-standard-pack/Newspaper/assets/css/td_standard_pack_main.css?ver=7b24cfa58e9ab053c98d141038fd6ac7
67.223.118.134200 OK 58 kB URL GET HTTP/2 empressrealtors.com/wp-content/plugins/td-standard-pack/Newspaper/assets/css/td_standard_pack_main.css?ver=7b24cfa58e9ab053c98d141038fd6ac7
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
Hash d0bac0cd5f1c53785b657a19344958f3
4d90d153dc8b3f737c0e02604510609bcbee5cc8
1008e0fea1bcea71d721ce0187eba5979aee7626901ea11940898b0db51320c0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/td-standard-pack/Newspaper/assets/css/td_standard_pack_main.css?ver=7b24cfa58e9ab053c98d141038fd6ac7 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:26 GMT
content-type: text/css
last-modified: Wed, 01 Feb 2023 15:53:28 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 58378
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.3
67.223.118.134200 OK 30 kB URL GET HTTP/2 empressrealtors.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.3
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (65447)
Hash 0e850a69bc7fd0acc2e92ce6eee87959
8be6d9e7f7a61ccf0b8eac8a8144d770b608a19c
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.3 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: application/javascript
last-modified: Thu, 30 Mar 2023 05:37:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30376
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/plugins/td-cloud-library/assets/js/js_files_for_front.min.js?ver=f41b1d596d81a0ab113b1f85139ed2c2
67.223.118.134200 OK 42 kB URL GET HTTP/2 empressrealtors.com/wp-content/plugins/td-cloud-library/assets/js/js_files_for_front.min.js?ver=f41b1d596d81a0ab113b1f85139ed2c2
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (1042)
Hash d477c3ff3f6101543b75ea53cf1bccad
70ab42e558730a6ac0f305fbda1b2bb94654c30c
195cc8d1cc568e2ad7f92ec4d0ce8fb785476f79d603a785c542ec16ceaacf84
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/td-cloud-library/assets/js/js_files_for_front.min.js?ver=f41b1d596d81a0ab113b1f85139ed2c2 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Feb 2023 15:53:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 42058
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/empress-realtors-logo.jpeg
67.223.118.134200 OK 101 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/empress-realtors-logo.jpeg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x600, components 3\012- data
Size 101 kB (100604 bytes)
Hash 9304d06f822a5db264a3cc678ca67bfa
c896ece8ec7fa3fe1753e512c9193dd8313fd69b
c89a77226116544dbb52f6468469758676d2eb15791cac1e8439625afd787b30
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/empress-realtors-logo.jpeg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:26 GMT
content-type: image/jpeg
last-modified: Tue, 31 Jan 2023 12:08:48 GMT
accept-ranges: bytes
content-length: 100604
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?ver=12.2
67.223.118.134200 OK 70 kB URL GET HTTP/2 empressrealtors.com/wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?ver=12.2
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (670)
Hash 94115c7276e980db410931913b96dd33
876630f8d8900c1956632cd8b3deb7ad2f6bebad
7ab56986ff9a66c35dcce1d3e2e2991e562a690e4e9d7388ea94f107cf49393f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?ver=12.2 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Feb 2023 15:53:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 70019
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3 471 B IP 142.250.74.3:0
Hash 4e8b3f6b8b295025bd61a839c02cc86b
6f7e0f94def3ab3598b7ca28b55ffbea70eb8af7
929a7fcc996f372faa8a61c673ab30a3c85f8962105c994a1d065bda5720f6b0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 16 May 2023 20:00:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:443
Requested by https://empressrealtors.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://empressrealtors.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 13 May 2023 07:44:41 GMT
expires: Sun, 12 May 2024 07:44:41 GMT
cache-control: public, max-age=31536000
age: 303346
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3 471 B IP 142.250.74.3:0
Hash 4e8b3f6b8b295025bd61a839c02cc86b
6f7e0f94def3ab3598b7ca28b55ffbea70eb8af7
929a7fcc996f372faa8a61c673ab30a3c85f8962105c994a1d065bda5720f6b0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 16 May 2023 20:00:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3 471 B IP 142.250.74.3:0
Hash 4e8b3f6b8b295025bd61a839c02cc86b
6f7e0f94def3ab3598b7ca28b55ffbea70eb8af7
929a7fcc996f372faa8a61c673ab30a3c85f8962105c994a1d065bda5720f6b0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 16 May 2023 20:00:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3 471 B IP 142.250.74.3:0
Hash 4e8b3f6b8b295025bd61a839c02cc86b
6f7e0f94def3ab3598b7ca28b55ffbea70eb8af7
929a7fcc996f372faa8a61c673ab30a3c85f8962105c994a1d065bda5720f6b0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 16 May 2023 20:00:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:443
Requested by https://empressrealtors.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://empressrealtors.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 13 May 2023 03:11:48 GMT
expires: Sun, 12 May 2024 03:11:48 GMT
cache-control: public, max-age=31536000
age: 319719
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:443
Requested by https://empressrealtors.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Hash 31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://empressrealtors.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 11:49:35 GMT
expires: Fri, 10 May 2024 11:49:35 GMT
cache-control: public, max-age=31536000
age: 461452
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:443
Requested by https://empressrealtors.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://empressrealtors.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 10 May 2023 00:16:36 GMT
expires: Thu, 09 May 2024 00:16:36 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 589431
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:443
Requested by https://empressrealtors.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Hash 31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://empressrealtors.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 11:49:35 GMT
expires: Fri, 10 May 2024 11:49:35 GMT
cache-control: public, max-age=31536000
age: 461452
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:443
Requested by https://empressrealtors.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE2:33:59:47:38:D7:4A:7A:9E:28:5D:EC:AA:94:7F:92:25:D2:B1:C4
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Hash 31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://empressrealtors.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 May 2023 11:49:35 GMT
expires: Fri, 10 May 2024 11:49:35 GMT
cache-control: public, max-age=31536000
age: 461452
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/concrete-texture.png
67.223.118.134200 OK 158 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/concrete-texture.png
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type PNG image data, 400 x 400, 8-bit colormap, non-interlaced\012- data
Size 158 kB (158313 bytes)
Hash f29b84bd27c0fd9b19872377ec858a65
3e936bf88666ddd92e254a18fd0cc35b9db074f1
84768a9179c0bb485c547346d40d45159a0acb70074cad000b53db9d4547ab7e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/concrete-texture.png HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: image/png
last-modified: Mon, 23 Jan 2023 16:22:42 GMT
accept-ranges: bytes
content-length: 158313
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3 471 B IP 142.250.74.3:0
Hash 4e8b3f6b8b295025bd61a839c02cc86b
6f7e0f94def3ab3598b7ca28b55ffbea70eb8af7
929a7fcc996f372faa8a61c673ab30a3c85f8962105c994a1d065bda5720f6b0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 16 May 2023 20:00:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
empressrealtors.com/wp-content/uploads/2023/01/project1.jpg
67.223.118.134200 OK 104 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/project1.jpg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, progressive, precision 8, 569x800, components 3\012- data
Size 104 kB (103676 bytes)
Hash 4696d0cfc808fcdc4e3042d30cbc6fa4
1c054d8190579ce690073dc6b37b217fe704ede1
b96543cc81afb22709e350535f81f26e8a681db862df1c0447c8f801c187c43b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/project1.jpg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: image/jpeg
last-modified: Mon, 23 Jan 2023 16:22:23 GMT
accept-ranges: bytes
content-length: 103676
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/home-architecture.jpg
67.223.118.134200 OK 151 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/home-architecture.jpg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, progressive, precision 8, 800x509, components 3\012- data
Size 151 kB (150643 bytes)
Hash ce5845010419a804eb240418a2508047
afeab728db098b779da80c5ad37b397f1bf1b918
f8cc7623067ca7f01e85e939b3cc395c290cb24d80f0bcba7b366907da5a02ef
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/home-architecture.jpg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: image/jpeg
last-modified: Mon, 23 Jan 2023 16:22:10 GMT
accept-ranges: bytes
content-length: 150643
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/int2.jpg
67.223.118.134200 OK 113 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/int2.jpg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, progressive, precision 8, 1146x630, components 3\012- data
Size 113 kB (113006 bytes)
Hash 353544ccc2d7a5879cc095d29b6e19c9
04cf6f40394ee711cca7c5e6ed111da65ac7af75
f8b5cc5befe31a9c2f4348c53268671a54376ced92723227af1a401fc67a9e4f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/int2.jpg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: image/jpeg
last-modified: Mon, 23 Jan 2023 16:22:17 GMT
accept-ranges: bytes
content-length: 113006
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/xxx_achievements_xxx.jpg
67.223.118.134200 OK 101 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/xxx_achievements_xxx.jpg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, progressive, precision 8, 1920x864, components 3\012- data
Size 101 kB (101433 bytes)
Hash 738f41f6b68ba90f35a0b02af399f3c7
9ffd9697a647289438fe2d24034e99daf3bad998
23ea70a068eedb8f77699970c466a43e75ff408a7f17e3d1cb25c224c75bfe35
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/xxx_achievements_xxx.jpg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: image/jpeg
last-modified: Mon, 23 Jan 2023 16:23:08 GMT
accept-ranges: bytes
content-length: 101433
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/themes/Newspaper/images/icons/newspaper.woff?221
67.223.118.134200 OK 34 kB URL GET HTTP/2 empressrealtors.com/wp-content/themes/Newspaper/images/icons/newspaper.woff?221
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 33488, version 0.0\012- data
Hash bb0574723470bd3c09c4d4715629a5c9
4817181afef126cd667dd08ff00e377fbc0faca7
d2054b9fb412f742d8d13aa75a48e59b830094999f9000ae8c69916e11b8d805
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/Newspaper/images/icons/newspaper.woff?221 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/wp-content/themes/Newspaper/style.css?ver=12.2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: font/woff
last-modified: Wed, 01 Feb 2023 15:53:12 GMT
accept-ranges: bytes
content-length: 33488
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/xxx_experience_xxx.jpg
67.223.118.134200 OK 89 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/xxx_experience_xxx.jpg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, progressive, precision 8, 500x588, components 3\012- data
Hash baae234ab5e8cf9f72f031504fcd6b68
05709013dc1ba1f7c984d41b9da001870319d634
dd6d89db6572c542db6e4289dcd5c6457b3cf5d2150876f4fc7cccca51a373a4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/xxx_experience_xxx.jpg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: image/jpeg
last-modified: Mon, 23 Jan 2023 16:22:40 GMT
accept-ranges: bytes
content-length: 89230
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/home-garden.jpg
67.223.118.134200 OK 145 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/home-garden.jpg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, progressive, precision 8, 800x509, components 3\012- data
Size 145 kB (144891 bytes)
Hash d09aa319050e78f01fb9e65696ab5a7e
ff75d544e2203b4f6e2136c8edbc094cabbd8627
216c630654390533dda85b123015009a203654a7192e87342bdf02d414dd6f81
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/home-garden.jpg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: image/jpeg
last-modified: Mon, 23 Jan 2023 16:22:11 GMT
accept-ranges: bytes
content-length: 144891
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/plugins/td-composer/assets/fonts/td-multipurpose/td-multipurpose.ttf
67.223.118.134200 OK 130 kB URL GET HTTP/2 empressrealtors.com/wp-content/plugins/td-composer/assets/fonts/td-multipurpose/td-multipurpose.ttf
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Size 130 kB (129596 bytes)
Hash d298563afb36ab47c7ad74da6eb85ae7
a1b856e0f086653b9e602c9d619e5b4394caf0ec
95c06a3e6c28a512b08155b23f867f4699ce33d79ef8ef7a229ee6a33a6c83f6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/td-composer/assets/fonts/td-multipurpose/td-multipurpose.ttf HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/wp-content/plugins/td-composer/assets/fonts/td-multipurpose/td-multipurpose.css?ver=969f3bb4333afe45565e713582b6de14
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: font/ttf
last-modified: Wed, 01 Feb 2023 15:53:17 GMT
accept-ranges: bytes
content-length: 129596
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/ambiance-foreshore-estate.jpeg
67.223.118.134200 OK 114 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/ambiance-foreshore-estate.jpeg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x575, components 3\012- data
Size 114 kB (114027 bytes)
Hash 32c4b4dd6fbd2e11ca6ee2ec583b6e3d
9c5ddbd1339c232a3705f3ebaa330ebca2eac99b
e0edd93077965a5eb9857588b0a0c54401533e03e1a326ff25175f982040a190
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/ambiance-foreshore-estate.jpeg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:28 GMT
content-type: image/jpeg
last-modified: Tue, 31 Jan 2023 10:48:35 GMT
accept-ranges: bytes
content-length: 114027
date: Tue, 16 May 2023 20:00:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=12.2
142.250.74.106200 OK 101 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=12.2
IP 142.250.74.106:443
Requested by https://empressrealtors.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT
File type gzip compressed data, max compression\012- data
Size 101 kB (101093 bytes)
Hash 24e455d97461067e6dd30e60fff11ffd
0639f33c4ee15eb5b102b039a310a2ccbe79b6ba
9818c96b179600bc2a9304732ae003ff451a9cd3bd012d629de2dce0b230002b
GET /css?family=Open+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=12.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 16 May 2023 20:00:26 GMT
date: Tue, 16 May 2023 20:00:26 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/ambiance-2.0-ajah-lagos.jpeg
67.223.118.134200 OK 217 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/ambiance-2.0-ajah-lagos.jpeg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x1066, components 3\012- data
Size 217 kB (217367 bytes)
Hash d1f1f062afdf55e3f50a5ddbc9fc27a5
e9baa9c298858485fc2feb39d53438721288c0cf
5f6f1ee48d42b305883c1521234f9a03eb2e38960a72b6426305d95d3f117c02
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/ambiance-2.0-ajah-lagos.jpeg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:28 GMT
content-type: image/jpeg
last-modified: Tue, 31 Jan 2023 11:01:31 GMT
accept-ranges: bytes
content-length: 217367
date: Tue, 16 May 2023 20:00:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/monte-carlo.jpeg
67.223.118.134200 OK 247 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/monte-carlo.jpeg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1167x636, components 3\012- data
Size 247 kB (247056 bytes)
Hash ffaa2006f76ddd8c79d6d0484c58bd58
9fcd0022e80b2c09ca18116d2bfa4f621041eb07
1f65c4e1bfbe12b62eb5de47cbf829035d27007d43ecb9abd2903e2528251529
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/monte-carlo.jpeg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:28 GMT
content-type: image/jpeg
last-modified: Tue, 31 Jan 2023 10:29:42 GMT
accept-ranges: bytes
content-length: 247056
date: Tue, 16 May 2023 20:00:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/xxx_worker_xxx.jpg
67.223.118.134200 OK 594 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/xxx_worker_xxx.jpg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, progressive, precision 8, 1920x1080, components 3\012- data
Size 594 kB (593996 bytes)
Hash 63ecdf8bf49054fcd7f5d41ec1d67baa
5bd9f1a504c1f6927312e7d8cf241eb9d8616305
d566af45e34f8867247a7556b935a90ebdff6cd552dd842b9f8deeca7899f1f5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/xxx_worker_xxx.jpg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:27 GMT
content-type: image/jpeg
last-modified: Mon, 23 Jan 2023 16:22:28 GMT
accept-ranges: bytes
content-length: 593996
date: Tue, 16 May 2023 20:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/empress-realtors-logo.jpeg
67.223.118.134200 OK 101 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/empress-realtors-logo.jpeg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x600, components 3\012- data
Size 101 kB (100604 bytes)
Hash 9304d06f822a5db264a3cc678ca67bfa
c896ece8ec7fa3fe1753e512c9193dd8313fd69b
c89a77226116544dbb52f6468469758676d2eb15791cac1e8439625afd787b30
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/empress-realtors-logo.jpeg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:28 GMT
content-type: image/jpeg
last-modified: Tue, 31 Jan 2023 12:08:48 GMT
accept-ranges: bytes
content-length: 100604
date: Tue, 16 May 2023 20:00:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/empress-realtors-logo.jpeg
67.223.118.134200 OK 101 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/empress-realtors-logo.jpeg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x600, components 3\012- data
Size 101 kB (100604 bytes)
Hash 9304d06f822a5db264a3cc678ca67bfa
c896ece8ec7fa3fe1753e512c9193dd8313fd69b
c89a77226116544dbb52f6468469758676d2eb15791cac1e8439625afd787b30
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/empress-realtors-logo.jpeg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:28 GMT
content-type: image/jpeg
last-modified: Tue, 31 Jan 2023 12:08:48 GMT
accept-ranges: bytes
content-length: 100604
date: Tue, 16 May 2023 20:00:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/themes/Newspaper/style.css?ver=12.2
67.223.118.134200 OK 153 kB URL GET HTTP/2 empressrealtors.com/wp-content/themes/Newspaper/style.css?ver=12.2
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (378)
Size 153 kB (152592 bytes)
Hash 2c9a219798bc89364b7ec7466741b624
ee84585825a438c422e6ff74f826c97216228183
99b17728d81082e7a6e0f8ed2f61b8bb249f1b08c8fe07e9503c18f12a8d797e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/Newspaper/style.css?ver=12.2 HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:26 GMT
content-type: text/css
last-modified: Wed, 01 Feb 2023 15:53:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 24432
date: Tue, 16 May 2023 20:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
empressrealtors.com/wp-content/uploads/2023/01/camberwall-advantage-3-ikate-lekki.jpeg
67.223.118.134200 OK 100 kB URL GET HTTP/2 empressrealtors.com/wp-content/uploads/2023/01/camberwall-advantage-3-ikate-lekki.jpeg
IP 67.223.118.134:443
Requested by https://empressrealtors.com/
Certificate IssuerSectigo Limited
Subjectempressrealtors.com
Fingerprint3F:AC:BC:50:28:5A:CD:79:95:8F:6D:DB:B8:D3:BF:D3:6D:B9:6C:92
ValidityMon, 23 Jan 2023 00:00:00 GMT - Tue, 23 Jan 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x682, components 3\012- data
Size 100 kB (100140 bytes)
Hash 7c32746bcb3c22896267fd1cd4bb1fa8
f195122f7a626a5384df59c052934e1659c1d847
8b0270beb777a0d6f8d49cdb7c30a3b8597bb2d721c85562e0e756d3b4fe9ec4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2023/01/camberwall-advantage-3-ikate-lekki.jpeg HTTP/1.1
Host: empressrealtors.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empressrealtors.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 23 May 2023 20:00:28 GMT
content-type: image/jpeg
last-modified: Tue, 31 Jan 2023 11:12:03 GMT
accept-ranges: bytes
content-length: 100140
date: Tue, 16 May 2023 20:00:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2