r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7268
Expires: Fri, 09 Dec 2022 06:01:33 GMT
Date: Fri, 09 Dec 2022 04:00:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4914
Expires: Fri, 09 Dec 2022 05:22:19 GMT
Date: Fri, 09 Dec 2022 04:00:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4479
Expires: Fri, 09 Dec 2022 05:15:04 GMT
Date: Fri, 09 Dec 2022 04:00:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 03:08:17 GMT
content-type: application/json
age: 3128
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: bo+ZCOLnYTqR+nXA99EvwsujI9k2NJ3TWPc+VTV6pUMsh46WNYnU3tEJ+XIFqrFV9ZuLvQ1XjAA=
x-amz-request-id: F9PA67H3V4XKGRFS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 03:50:06 GMT
age: 619
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
lepplawfirm.com/
198.187.31.167301 Moved Permanently 707 B IP 198.187.31.167:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Fri, 09 Dec 2022 04:00:25 GMT
server: LiteSpeed
location: https://lepplawfirm.com/
x-turbo-charged-by: LiteSpeed
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 04:00:25 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 03:07:59 GMT
age: 3147
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash d5dbbb504cd7bfe86e759b3cf8e05694
40f6f9b0379cb778b626a05c244d34732fe6c6aa
aa0510ba9c5c34323f214d195f454b7adc52ff77d6b9008cc98b461de5eb50e0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 04:00:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 17:58:32 GMT
Expires: Wed, 14 Dec 2022 17:58:31 GMT
Etag: "40f6f9b0379cb778b626a05c244d34732fe6c6aa"
Cache-Control: max-age=481684,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776ad5745b7db51d-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4084
Cache-Control: max-age=108870
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:00:26 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:14:56 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
lepplawfirm.com/
198.187.31.167301 Moved Permanently 0 B IP 198.187.31.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
x-redirect-by: WordPress
location: https://www.lepplawfirm.com/
x-litespeed-cache: hit
content-length: 0
date: Fri, 09 Dec 2022 04:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.223.160.237101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.223.160.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hPClNWBT5bsCofFMS90Vfg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: e0ejBjY7fXVLd4pfXD2Xk/AJ4Ac=
www.lepplawfirm.com/
198.187.31.167200 OK 19 kB IP 198.187.31.167:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8047)
Hash 15f8ba30318e43031924826d3e6b0f8b
dbec9fac815920947f1d0d1586821f7c8c877ab7
659e4ce4b02512855d03b08058ec889eff8a0cbe83414d26b627aba78b9b5818
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
link: <https://www.lepplawfirm.com/wp-json/>; rel="https://api.w.org/", <https://www.lepplawfirm.com/wp-json/wp/v2/pages/1780>; rel="alternate"; type="application/json", <https://www.lepplawfirm.com/>; rel=shortlink
etag: "364-1670444948;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
content-length: 19199
date: Fri, 09 Dec 2022 04:00:26 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:00:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6ec5f6261a8262e9f94b29627f54cefe
7ac766cf2ac8c2d960ec033388a767ff8a7d45e2
5f6ee11d840909fc5272c2c32f7874d55f49d831abc88d527e35562d218890f9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:00:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.lepplawfirm.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
198.187.31.167200 OK 11 kB URL HTTP/2 www.lepplawfirm.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
IP 198.187.31.167:0
File type ASCII text, with very long lines (43771)
Hash d45207ee05c1f0c57dfa075e61405ccd
a8d35143a2d828a739ea0fdde75f97d33621e7ec
a9a4adbbcee31ec277f1bdd573eef97dc4341f29f2db3b5685a02dfe4d2fe9bb
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: text/css
last-modified: Mon, 04 Jul 2022 21:40:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10946
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
198.187.31.167200 OK 848 B URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
IP 198.187.31.167:0
Hash c962ba8e7d42ff9da18392b41dad5151
7b89bc5e6ad161df2e6d7f7fb3ad894aa04b827f
322a4949c5bdd82eb80c13bbbd407ce30a7ad226685c54270d246cb6960e524e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: text/css
last-modified: Mon, 11 Oct 2021 13:40:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 848
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/theme-core/css/front/style.css?ver=6.0.3
198.187.31.167200 OK 707 B URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/theme-core/css/front/style.css?ver=6.0.3
IP 198.187.31.167:0
File type ASCII text, with CRLF line terminators
Hash 4260926574de63de423160d24c13b567
7c7afb79207e4f3b3679d46dadf301a71f980064
2327802c26d1a72cff40be743c89ddd463a52c62f1bfffe64ccc84eb7f3c8513
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/theme-core/css/front/style.css?ver=6.0.3 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: text/css
last-modified: Wed, 01 Jul 2020 17:02:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 707
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.3
198.187.31.167200 OK 9.2 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.3
IP 198.187.31.167:0
File type Unicode text, UTF-8 text, with very long lines (5178), with CRLF line terminators
Hash 91084012b4eafcd38f6cfc2875e82a53
64ba4bbdceb066ad26eb84f4db5ca9a10eed36f0
8b5d57fe4bfa9f73ac4f1c84d4ecf6b4770330898a12934799a4ccfcf9fea998
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.3 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: text/css
last-modified: Wed, 01 Jul 2020 17:02:29 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 9202
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/css/main.css?ver=6.0.3
198.187.31.167200 OK 8.6 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/css/main.css?ver=6.0.3
IP 198.187.31.167:0
File type assembler source, ASCII text
Hash bd92f323e8ce23aa97fe4045a80f084d
c33bfc26105538726060e2665c86ccdda33298ea
a36450331c46e23403bccba85e6a049bac5a3b66a83d74f9e4abce91a6357247
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/css/main.css?ver=6.0.3 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: text/css
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8554
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/css/vendor.css?ver=6.0.3
198.187.31.167200 OK 42 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/css/vendor.css?ver=6.0.3
IP 198.187.31.167:0
File type troff or preprocessor input, ASCII text, with very long lines (372)
Hash c6c6c96d1147f6b82d70c79fa99fd585
3f9a11afb9c832b7e0cf1fe4bac3a7912c474763
accd11a8dfa62ff84d64b7691fe366b9fffdf67efb72a9414f090e0694acbece
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/css/vendor.css?ver=6.0.3 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: text/css
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 41822
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/css/unit.css?ver=6.0.3
198.187.31.167200 OK 2.0 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/css/unit.css?ver=6.0.3
IP 198.187.31.167:0
File type ASCII text, with CRLF line terminators
Hash 9cbc72767fe13a67cd93b82cb99242c6
c6c7013220dd24df027b59c7a894f464e5daadb2
d2878c26296ed07b8318a517ecafe7e50cbd64322067f6aadf6f6fd4828025d1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/css/unit.css?ver=6.0.3 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: text/css
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2023
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/style.css?ver=6.0.3
198.187.31.167200 OK 2.3 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/style.css?ver=6.0.3
IP 198.187.31.167:0
File type ASCII text, with CRLF line terminators
Hash 336f98631f95fede34b0501f91ebc89a
25d4c51f0e06c9f97745e1b4bfc846cbdc372a9d
38ff3ebb8391b99e8d9ed569ab4d686f5050c6e4dc3449798a73e7bb38b3a31b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/style.css?ver=6.0.3 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: text/css
last-modified: Wed, 01 Jul 2020 16:58:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2332
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
198.187.31.167200 OK 30 kB URL HTTP/2 www.lepplawfirm.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 198.187.31.167:0
File type ASCII text, with very long lines (65447)
Hash 34f918ada1fe4f01c5a4b90065bbc37a
a731f6ce2d413805e39ae45994012b1bd5ea1e2b
eba158d5ab26a5a54a3dcfcea1072c636f44e92fc2eb30a3f27cd5be3f891dfc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Thu, 11 Mar 2021 01:37:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30273
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5
198.187.31.167200 OK 42 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5
IP 198.187.31.167:0
File type ASCII text, with very long lines (65358)
Hash 20075f07f46db048312caa6cb2503105
70643151fab045ef063454e3b4d11f8c8a7aaaf4
42a0a96fb5a0ee4a67cbf8d1e9ed136cae1cd8a5577f3210ecd3ad289fafbcba
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: text/css
last-modified: Wed, 01 Jul 2020 17:02:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 41954
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3021
Expires: Fri, 09 Dec 2022 04:50:49 GMT
Date: Fri, 09 Dec 2022 04:00:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3021
Expires: Fri, 09 Dec 2022 04:50:49 GMT
Date: Fri, 09 Dec 2022 04:00:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3021
Expires: Fri, 09 Dec 2022 04:50:49 GMT
Date: Fri, 09 Dec 2022 04:00:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3021
Expires: Fri, 09 Dec 2022 04:50:49 GMT
Date: Fri, 09 Dec 2022 04:00:28 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oV7bB5Tek01MFi9x2tr_Wix13-UGlQPIt042XM0ALNUvVFYnu5DRcg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:38:26 GMT
age: 1322
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 18:34:32 GMT
age: 33956
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 07:15:07 GMT
age: 74721
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F884d1162-4377-487f-a056-b21117ef5001.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F884d1162-4377-487f-a056-b21117ef5001.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9cb76c68a8cd472600106cc118067868
6cee6b1828c709f68b995197ca943a5c393f86fb
009d9ba19043b03b5aceeb80b69bf249f19a0a225bdbfef7ab8691669cb64130
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F884d1162-4377-487f-a056-b21117ef5001.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8204
x-amzn-requestid: cf54b5f8-ede8-49d5-aa56-5d9de98e3ab8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjtKfEiToAMFSXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af576-6ddfe35c0b31074d6a07076f;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:06:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UfqFAlLedF6ZkfbGXhyYDcvu0porNJb6LPaeQ8p4dqWqsFD6iRgWLw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 15:50:07 GMT
age: 43821
etag: "6cee6b1828c709f68b995197ca943a5c393f86fb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955c6ac69b89f6cbd497df53fcb2ae1b
2506152cdd1056533116feb9350124356e570e54
fca1b303a554aa9cdd13c4769a1088e1905ef888ed703de17864fe76ff880abe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7217
x-amzn-requestid: be9196fc-3d43-49db-8522-8781cbf5a247
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUEDEWpIAMFqUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e6-04b24220213872ba378d3538;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4QlJZW4ZiPNVhOJbcRldanR8veym3l0sIBGa1Ym-4FOTT_utMQeZQg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 10:15:09 GMT
age: 63919
etag: "2506152cdd1056533116feb9350124356e570e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eb00a2a503a690cee3e4dd729b5bc9bd
cfb1e5bcab2148a777889680e6e36b9d7e8917ec
7e4583ae78ab597639f53669ac2d67d1ebd26be3278c2fc3fc95af934178c116
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7960
x-amzn-requestid: beadd240-39d0-407d-a890-6a095657cac3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEd8HC0oAMFUag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb459-44d4f63c62f58684782ef14a;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yL-FrFYh-3PuCZCpCHYg--ebTS7wMmMQ7IE2mgimDVsKWFEtKC2gVQ==
via: 1.1 74aa91fe819001bcedd882694f52b436.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 05:44:09 GMT
age: 80179
etag: "cfb1e5bcab2148a777889680e6e36b9d7e8917ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/theme-core/js/admin/el-scripts.js?ver=20151215
198.187.31.167200 OK 1.3 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/theme-core/js/admin/el-scripts.js?ver=20151215
IP 198.187.31.167:0
File type ASCII text, with very long lines (1435), with CRLF line terminators
Hash 900e5eb176f648bff63fe42d32767e50
02abbca76a640f06618cc567d53ff73c2578cf3f
27ee544824fd9b564e18b28ca34f3fc269348c5d9976105b8b9eba0f2fdb217e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/theme-core/js/admin/el-scripts.js?ver=20151215 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 17:02:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1274
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/images/logo4.jpg
198.187.31.167200 OK 9.2 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/images/logo4.jpg
IP 198.187.31.167:0
File type PNG image data, 208 x 214, 8-bit/color RGB, non-interlaced\012- data
Hash b0218dde08fa24d4c91a633d53b4520c
fbfd12c71064a78781dadd43261de4b4d5f4dd9f
6b0afbc22abf54b274dc67f441f31cb1a36aeb8a2e87f12aa132f6c4c30696e8
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/images/logo4.jpg HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: image/jpeg
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-length: 9203
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
198.187.31.167200 OK 2.8 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
IP 198.187.31.167:0
File type ASCII text, with very long lines (9937), with no line terminators
Hash 4317b1c024df372435f6482deadddeb3
5c8824a17e40a44ea8fc51568b98bdb1e2e7fab5
3798fb16289ba55459fb6d3b2efa915e3c019c5942759abb7bd19a0ef622b85d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 19 Oct 2022 13:16:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2817
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
198.187.31.167200 OK 4.0 kB URL HTTP/2 www.lepplawfirm.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 198.187.31.167:0
File type ASCII text, with very long lines (11126)
Hash 7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 19:36:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3995
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
198.187.31.167200 OK 3.7 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
IP 198.187.31.167:0
File type HTML document, ASCII text, with very long lines (12310), with no line terminators
Hash dc6411bfa6891b75944f0074c945752d
03c1a8b686c287068c61ab90f58d905496d65085
96abeabc9cc7b4c2b7d46579f2827c67ccd02fbaef0343ae052f71accd381b0d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 19 Oct 2022 13:16:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3706
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution-active.js?ver=20151215
198.187.31.167200 OK 752 B URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution-active.js?ver=20151215
IP 198.187.31.167:0
Hash 5a371a0e465fa681f4c53b1ebcb4f8e0
d547a7c6fbdc9032540529629c4baabc3f9f14ad
a7eadb069b72457b368fe8e3833c7429ebb57df96f52fa4738acfbb1ba5d39ff
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/theme-core/js/revolution-active.js?ver=20151215 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 17:02:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 752
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/theme-core/js/main.js?ver=20151215
198.187.31.167200 OK 458 B URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/theme-core/js/main.js?ver=20151215
IP 198.187.31.167:0
Hash 3bab17e112299d061dcaf1c6d9c67112
c6ee39cde849433eb61c74740922fff689de075d
4134387a16250a63d466f1b9e27f5311c12497dce8e61c5ba10b6ff99d258e36
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/theme-core/js/main.js?ver=20151215 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 17:02:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 458
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution/extensions/revolution.extension.navigation.min.js?ver=20151215
198.187.31.167200 OK 6.7 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution/extensions/revolution.extension.navigation.min.js?ver=20151215
IP 198.187.31.167:0
File type ASCII text, with very long lines (25682)
Hash b0930b5f9e9a8dcb73dbf145572c700f
0831b18218cd738e27ac00a181f8352a7b67729c
4479e2af4ebbf1edd8282e8cac3044406359d07c13fc69304e0a38a5ba753c54
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/theme-core/js/revolution/extensions/revolution.extension.navigation.min.js?ver=20151215 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 17:02:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6678
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/js/modernizr-2.8.3.min.js?ver=1.0.0
198.187.31.167200 OK 6.0 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/js/modernizr-2.8.3.min.js?ver=1.0.0
IP 198.187.31.167:0
File type HTML document, ASCII text, with very long lines (14856)
Hash d28a3a6cc89f8d1af1c4f354ee0013cb
457bc78a4d6fb63dfd01b69ff45c8b7afe41f356
1e6321e05015600b85c1b3c56a62e073fd2c1a56a24b8a2bdc28d7ce80df7f24
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/js/modernizr-2.8.3.min.js?ver=1.0.0 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6009
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution/jquery.themepunch.revolution.min.js?ver=20151215
198.187.31.167200 OK 16 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution/jquery.themepunch.revolution.min.js?ver=20151215
IP 198.187.31.167:0
File type ASCII text, with very long lines (32001)
Hash b009e367d3f48377ee1faa64e7b935fb
d0cdab923a2610a0c1fbc3768ac9c4ea9266a81d
4c7539249997db67bc31512e9cdc026d6a1f6dd956a5e82ffec7fc793d32562d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/theme-core/js/revolution/jquery.themepunch.revolution.min.js?ver=20151215 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 17:02:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 15974
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution/extensions/revolution.extension.slideanims.min.js?ver=20151215
198.187.31.167200 OK 6.4 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution/extensions/revolution.extension.slideanims.min.js?ver=20151215
IP 198.187.31.167:0
File type ASCII text, with very long lines (28128)
Hash b1d40493665e2aa09fde467040151b4c
6e7fc8a918eb0aabea5578c410a7fb61fc6584d3
f208bff0cc4b6beef7f4358753ea695b96cf995f51f4240f16f814c7d560daf4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/theme-core/js/revolution/extensions/revolution.extension.slideanims.min.js?ver=20151215 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 17:02:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6383
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/js/wow.min.js?ver=1.0.0
198.187.31.167200 OK 2.6 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/js/wow.min.js?ver=1.0.0
IP 198.187.31.167:0
File type ASCII text, with very long lines (8385)
Hash 107dc8412f1d1b5d592b7aa4e1cefe2b
8bf3c355236d4027cd8502e012385b6716208afa
36dc8ecf10c0d74fd942a7afc2304bb7f253c4479cd59f9945e39353ce0c6ae3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/js/wow.min.js?ver=1.0.0 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2572
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution/extensions/revolution.extension.layeranimation.min.js?ver=20151215
198.187.31.167200 OK 11 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution/extensions/revolution.extension.layeranimation.min.js?ver=20151215
IP 198.187.31.167:0
File type ASCII text, with very long lines (32013)
Hash 87cad64e3e429eb90f2241aced58c3b8
bd2cb68e7c67f447b1650df4b7364c904f703d6a
31ed66e8f577d0bbe81ef0d919c28fce3c50650c0248722565a06ab20b250fce
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/theme-core/js/revolution/extensions/revolution.extension.layeranimation.min.js?ver=20151215 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 17:02:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11404
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/js/bootstrap.min.js?ver=1.0.0
198.187.31.167200 OK 12 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/js/bootstrap.min.js?ver=1.0.0
IP 198.187.31.167:0
File type ASCII text, with very long lines (48664)
Hash 1920dcf98bdc1749f31cca2c8292382b
9ef9e32cd84342d91b482381406cc661a216fa10
f019376e66bddab543d57ee52002ff65d02dd74cdb32f437f3f4f1fa36fca994
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/js/bootstrap.min.js?ver=1.0.0 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12542
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/js/owl.carousel.min.js?ver=1.0.0
198.187.31.167200 OK 11 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/js/owl.carousel.min.js?ver=1.0.0
IP 198.187.31.167:0
File type ASCII text, with very long lines (32000)
Hash 1b649a193df8c648d381cdda8dd268b4
f01dcdb5e3ede69da1d3e8556dcd993f0105b61d
dd2f2af9b8d391f704ec91ab6ef3e32ff56afacc88ba92b8a8834ca562de8bcb
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/js/owl.carousel.min.js?ver=1.0.0 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10649
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/js/mixitup.min.js?ver=1.0.0
198.187.31.167200 OK 7.9 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/js/mixitup.min.js?ver=1.0.0
IP 198.187.31.167:0
File type ASCII text, with very long lines (29299), with CRLF line terminators
Hash e82551cef25df4d8c6c47d2b3be01dc6
575adc8ef98e33abb5a36f9031a858780f6bfe78
51b23ca958027df696ded1ab2b59a28ebe5e19d157be2e4debfcc2de3354ad7c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/js/mixitup.min.js?ver=1.0.0 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7883
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/js/skip-link-focus-fix.js?ver=1.0.0
198.187.31.167200 OK 329 B URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/js/skip-link-focus-fix.js?ver=1.0.0
IP 198.187.31.167:0
Hash 3a64800773bfe595b239b145544f53ae
b3823f6ad4af9d8d5fef257fb0e0f051fe862850
94a59e936d6899110fbfd966c8ad7e8913af5f3cede1026f7369854346147e5b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/js/skip-link-focus-fix.js?ver=1.0.0 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 329
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution/extensions/revolution.extension.actions.min.js?ver=20151215
198.187.31.167200 OK 2.3 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution/extensions/revolution.extension.actions.min.js?ver=20151215
IP 198.187.31.167:0
File type ASCII text, with very long lines (7860)
Hash c4b0570c01674d8858f5f75899a15608
e82c1914e6a9958be33c68308e2025212663cacd
41f9d555d82d438b3d78402afd2e126184f6114dac822e2e6dfac90747810b0e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/theme-core/js/revolution/extensions/revolution.extension.actions.min.js?ver=20151215 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 17:02:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2253
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
198.187.31.167200 OK 4.6 kB URL HTTP/2 www.lepplawfirm.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP 198.187.31.167:0
File type ASCII text, with very long lines (15660)
Hash 0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Tue, 12 Apr 2022 15:26:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4619
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/js/jquery.waypoints.min.js?ver=1.0.0
198.187.31.167200 OK 2.5 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/js/jquery.waypoints.min.js?ver=1.0.0
IP 198.187.31.167:0
File type ASCII text, with very long lines (7808)
Hash c5caa8567f12989b5b77097e164196ac
a983cdf44314a6a2ab08b8c34290cc8861c0d8d8
5344e700c28cf98a8442240bf1f51a6de71b697369ab729ce1c90cfb42b3dea8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/js/jquery.waypoints.min.js?ver=1.0.0 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2461
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/js/jquery.counterup.min.js?ver=1.0.0
198.187.31.167200 OK 496 B URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/js/jquery.counterup.min.js?ver=1.0.0
IP 198.187.31.167:0
File type ASCII text, with very long lines (917)
Hash 2232520d40c725142b8050168dc2f6cb
7cfcb359e148c475a6bc291058376798827de022
c958cb4dad52ed8fac81b75ea4ef6e900bbbf084487470d6c95daa4a0c0b56ea
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/js/jquery.counterup.min.js?ver=1.0.0 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 496
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/js/custom.js?ver=1.0.0
198.187.31.167200 OK 2.2 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/js/custom.js?ver=1.0.0
IP 198.187.31.167:0
Hash 0eab6886407e17eed13a3eec705ee3a7
7879aff7ca3ecd5a69bb5459d1feef2f5a990f24
9727b69f2257d9b92b6c76f38bbc7713eb4fc939181ce87d16dc11485d1b8ae0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/js/custom.js?ver=1.0.0 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2173
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/js/navigation.js?ver=1.0.0
198.187.31.167200 OK 966 B URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/js/navigation.js?ver=1.0.0
IP 198.187.31.167:0
File type ASCII text, with CRLF line terminators
Hash 5be960ad967ddc97877059334e5d18c8
b36f2c62ec9974f5b88602e24b7fc8c56f99aeab
69d80fcc62d066293e69eaa33cafd726c68d47a1039190e9a28680096f2231db
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/js/navigation.js?ver=1.0.0 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 966
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5
198.187.31.167200 OK 5.5 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5
IP 198.187.31.167:0
File type ASCII text, with very long lines (20382)
Hash 1cc3bfea5fa80bf9f2a441e1295f9ec1
de1999503eb5fc6d064550306343487b76e0a3c8
4cdba162e790be8c9b7d86d25ef8e71958ca26d34b5850a50ae155520b41620b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 17:02:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5548
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.3
198.187.31.167200 OK 17 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.3
IP 198.187.31.167:0
File type ASCII text, with very long lines (64614), with CRLF line terminators
Hash 6a14a3cd55e65364d78e4d446374f9c9
c49d5dd44284393f46b8654f2b322cd8115c2975
8cc406a6925a4c5fd8328e053d09decedfa0abed1c5bb5e0f1e823722e013ab5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.3 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 17:02:29 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 17404
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8.3
198.187.31.167200 OK 37 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8.3
IP 198.187.31.167:0
File type ASCII text, with very long lines (27287), with CRLF line terminators
Hash 35a51e38495aaf16a9afbedea89516d9
12728c5a9fa3a4c8ce7eda5691898cdf9edd4098
f0e12559fca9076577202ec712d76767eabb2c0c17791176fdb8ccd3768dc45b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8.3 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 17:02:29 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 37078
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution/jquery.themepunch.tools.min.js?ver=20151215
198.187.31.167200 OK 36 kB URL HTTP/2 www.lepplawfirm.com/wp-content/plugins/theme-core/js/revolution/jquery.themepunch.tools.min.js?ver=20151215
IP 198.187.31.167:0
File type ASCII text, with very long lines (27184)
Hash 99fad9870688aa88e55664c4d9dc9a00
ae27b7f82c272b98ebba82d123017bf3cb514fb8
4124c20d285ba0df06a7c131246c24f1ec0b28d2eda5c62df0876e367b2c2f80
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/theme-core/js/revolution/jquery.themepunch.tools.min.js?ver=20151215 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: application/javascript
last-modified: Wed, 01 Jul 2020 17:02:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 36079
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:00:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.lepplawfirm.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:41 GMT
expires: Tue, 05 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 292067
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/uploads/2020/07/testimonial-bg.jpg
198.187.31.167200 OK 102 kB URL HTTP/2 www.lepplawfirm.com/wp-content/uploads/2020/07/testimonial-bg.jpg
IP 198.187.31.167:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x730, components 3\012- data
Size 102 kB (102304 bytes)
Hash 5441679fa1db96d5e5c44640e133c8b8
5f531aeb2b69169e6b5e6be166f1c8de6da131dc
84cca38d82996fc31be1444c51dad639248bc68484767d8ae1f49c6132909cbc
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2020/07/testimonial-bg.jpg HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: image/jpeg
last-modified: Wed, 01 Jul 2020 17:18:27 GMT
accept-ranges: bytes
content-length: 102304
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 04:00:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lora/v26/0QIvMX1D_JOuMwr7Iw.woff2
216.58.207.227200 OK 36 kB URL HTTP/2 fonts.gstatic.com/s/lora/v26/0QIvMX1D_JOuMwr7Iw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 35660, version 1.0\012- data
Hash 0d0d3e5824e5e67a9e993960df2b67a9
328d67bb1d5899a7809df9f4385181863fd035f1
38da98e06ba18c4204f547d30572cd81a2dd3fd5438d306856d2617480ee8639
GET /s/lora/v26/0QIvMX1D_JOuMwr7Iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.lepplawfirm.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35660
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 08:31:54 GMT
expires: Fri, 08 Dec 2023 08:31:54 GMT
cache-control: public, max-age=31536000
age: 70115
last-modified: Mon, 15 Aug 2022 18:07:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/fonts/icomoon.ttf?ume250
198.187.31.167200 OK 9.2 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/fonts/icomoon.ttf?ume250
IP 198.187.31.167:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Hash 39853666212f395555151ba2a0defd32
d1226669c38bff9de1dc3eb178cafe40afb4834b
0ae38567ab90772c70bfabfe3d9bb7ff3fa6ca023546f5f873275c59a88471a7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/fonts/icomoon.ttf?ume250 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/wp-content/themes/fexa/assets/css/main.css?ver=6.0.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:29 GMT
content-type: font/ttf
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-length: 9224
date: Fri, 09 Dec 2022 04:00:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/images/service-bg.jpg
198.187.31.167200 OK 100 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/images/service-bg.jpg
IP 198.187.31.167:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x979, components 3\012- data
Hash d2ce994bed1c13fe73fb7d24d2779a28
2131dd1392db81b74d0fa93f460d695eb34ff963
c2ede9bb804b7cd50fa98625cfac8795059ea44244c8f3a1cf3fc270fad8a54e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/images/service-bg.jpg HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/wp-content/themes/fexa/assets/css/main.css?ver=6.0.3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:29 GMT
content-type: image/jpeg
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-length: 99926
date: Fri, 09 Dec 2022 04:00:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/themes/fexa/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
198.187.31.167200 OK 77 kB URL HTTP/2 www.lepplawfirm.com/wp-content/themes/fexa/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 198.187.31.167:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/fexa/assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.lepplawfirm.com/wp-content/themes/fexa/assets/css/vendor.css?ver=6.0.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:29 GMT
content-type: font/woff2
last-modified: Wed, 01 Jul 2020 16:58:26 GMT
accept-ranges: bytes
content-length: 77160
date: Fri, 09 Dec 2022 04:00:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/favicon.ico
198.187.31.167404 Not Found 1.2 kB URL HTTP/2 www.lepplawfirm.com/favicon.ico
IP 198.187.31.167:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 09 Dec 2022 04:00:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.lepplawfirm.com/wp-content/uploads/2020/07/contact-bg.jpg
198.187.31.167200 OK 452 kB URL HTTP/2 www.lepplawfirm.com/wp-content/uploads/2020/07/contact-bg.jpg
IP 198.187.31.167:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1280, components 3\012- data
Size 452 kB (451796 bytes)
Hash efe0ac872a05103b44114bfa958dbcec
712a9b5af78671a6ab17d190b4dacca35b0277e3
65d73cd36331118f09c4a19d4318563a9d654d12cd565dda9d3cd858f5efeee2
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2020/07/contact-bg.jpg HTTP/1.1
Host: www.lepplawfirm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 04:00:27 GMT
content-type: image/jpeg
last-modified: Wed, 01 Jul 2020 17:18:19 GMT
accept-ranges: bytes
content-length: 451796
date: Fri, 09 Dec 2022 04:00:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F111d6163-0ce5-4897-9a84-a9cefa74d2a9.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F111d6163-0ce5-4897-9a84-a9cefa74d2a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e00cf5825452b2f69b0ac859dccb64ab
60aed079c48181cf46cef4d1aaa1c316a7ef7048
3aea2aa14407b6ac9d64d0f35111fec50f51632adfc39047c15bde4afd148a78
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F111d6163-0ce5-4897-9a84-a9cefa74d2a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7694
x-amzn-requestid: 0c67138c-1a6d-49ef-bd43-f9a7176679ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c2LZjFjrIAMFUSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63925909-764272151a0a4d284c6cb1bb;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 21:37:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aaEYG20Wueg557qEBq46sSUl3-_HxgZA73s-kPo3GmYgWgrGgFPl_Q==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:48:32 GMT
age: 22322
etag: "60aed079c48181cf46cef4d1aaa1c316a7ef7048"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
themebeer.com/themes/fexa/wp-content/uploads/2019/07/logo-white.png
45.79.75.12404 Not Found 0 B URL HTTP/1.1 themebeer.com/themes/fexa/wp-content/uploads/2019/07/logo-white.png
IP 45.79.75.12:0
GET /themes/fexa/wp-content/uploads/2019/07/logo-white.png HTTP/1.1
Host: themebeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 04:00:29 GMT
Server: Apache/2.4.29 (Ubuntu)
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://themebeer.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
themebeer.com/themes/fexa/wp-content/uploads/2019/07/logo-white.png
45.79.75.12404 Not Found 0 B URL HTTP/1.1 themebeer.com/themes/fexa/wp-content/uploads/2019/07/logo-white.png
IP 45.79.75.12:0
GET /themes/fexa/wp-content/uploads/2019/07/logo-white.png HTTP/1.1
Host: themebeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 04:00:27 GMT
Server: Apache/2.4.29 (Ubuntu)
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://themebeer.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
themebeer.com/themes/fexa/wp-content/uploads/2019/07/logo.png
45.79.75.12404 Not Found 0 B URL HTTP/1.1 themebeer.com/themes/fexa/wp-content/uploads/2019/07/logo.png
IP 45.79.75.12:0
GET /themes/fexa/wp-content/uploads/2019/07/logo.png HTTP/1.1
Host: themebeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 04:00:27 GMT
Server: Apache/2.4.29 (Ubuntu)
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://themebeer.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
themebeer.com/themes/fexa/wp-content/uploads/2019/07/logo.png
45.79.75.12404 Not Found 0 B URL HTTP/1.1 themebeer.com/themes/fexa/wp-content/uploads/2019/07/logo.png
IP 45.79.75.12:0
GET /themes/fexa/wp-content/uploads/2019/07/logo.png HTTP/1.1
Host: themebeer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 04:00:29 GMT
Server: Apache/2.4.29 (Ubuntu)
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://themebeer.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
fonts.googleapis.com/css?family=Lora%3A400%2C700%2C700i%2C700i%7COpen+Sans%3A300%2C400%2C600%2C700%2C800&subset=latin%2Clatin-ext
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lora%3A400%2C700%2C700i%2C700i%7COpen+Sans%3A300%2C400%2C600%2C700%2C800&subset=latin%2Clatin-ext
IP 142.250.74.106:0
GET /css?family=Lora%3A400%2C700%2C700i%2C700i%7COpen+Sans%3A300%2C400%2C600%2C700%2C800&subset=latin%2Clatin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.lepplawfirm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 04:00:27 GMT
date: Fri, 09 Dec 2022 04:00:27 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2