r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 30c30d01178fc74ac5266ee64c3ee85b
c0c2af8a864c00aa85a8775d55f85ab107150a3b
c15644f69fbfeb99074c7e9711dfc9452ee164fa78eb981b6bae4fb7e3585f2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5282
Expires: Fri, 18 Nov 2022 20:24:38 GMT
Date: Fri, 18 Nov 2022 18:56:36 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67f53a639d57dd6237b5be86fe4f6c1b
287f09532dc331228d09c20b75f4160e91e9800a
41913a8af366685c42af59e9d8e02fccedbe68a3313d2d9fe353deb0c1019075
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3795
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:36 GMT
Last-Modified: Fri, 18 Nov 2022 17:53:21 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 18 Nov 2022 18:44:49 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 707
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a38b6dd8a4cc335c026aebf2ed348b6
8a386e0ccb0ca4dc502746c45b2ebc3aa3f83cf8
8b4040a645cec1841a00a22765eb3a74978559daf15c54bd4b41b6b48aab7f95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B4040A645CEC1841A00A22765EB3A74978559DAF15C54BD4B41B6B48AAB7F95"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10786
Expires: Fri, 18 Nov 2022 21:56:22 GMT
Date: Fri, 18 Nov 2022 18:56:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: l7B3Wwac7D+3ruCH8FtZeuIVDSmCEMepVPbGUrO3SGBjsuaiQVT0Ezx81tlKbShsSxlZ5lyRLMI=
x-amz-request-id: NZ6VR9EQNFWFJCS3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 18 Nov 2022 18:53:01 GMT
age: 215
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 18 Nov 2022 18:56:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
quarksseg.com/lim/sanchezserra
216.172.172.29301 Moved Permanently 0 B URL HTTP/1.1 quarksseg.com/lim/sanchezserra
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /lim/sanchezserra HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 18 Nov 2022 18:56:36 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: https://quarksseg.com/lim/sanchezserra
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 18 Nov 2022 18:25:01 GMT
cache-control: public,max-age=3600
age: 1896
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fe40cc6ea871d80382b6082111393fbe
281f75d0a35dc8ef908bb0500e57abd86bd5388e
6d15422cdf7a6d72d06497188f27af893682314e82ac8a189a0ee2d798cb62d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6368
Cache-Control: max-age=143787
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:37 GMT
Etag: "63774b30-1d7"
Expires: Sun, 20 Nov 2022 10:53:04 GMT
Last-Modified: Fri, 18 Nov 2022 09:06:56 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 06d7a4154149c96a8fcb31b259ee3f20
7031fba5933f20f4502ab8451baa17b44f3e7568
c258dbca96df1715fdadcbf753009c75d3eb50f6e0db633428bb080bae70b3cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C258DBCA96DF1715FDADCBF753009C75D3EB50F6E0DB633428BB080BAE70B3CB"
Last-Modified: Fri, 18 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21562
Expires: Sat, 19 Nov 2022 00:55:59 GMT
Date: Fri, 18 Nov 2022 18:56:37 GMT
Connection: keep-alive
push.services.mozilla.com/
44.240.57.100101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.57.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1uIGFkeY4cgR91WlEe3dxQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gWIIbzhobNVSRivwy6rxgXJZveo=
quarksseg.com/lim/sanchezserra
216.172.172.29404 Not Found 16 kB URL HTTP/2 quarksseg.com/lim/sanchezserra
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9493), with CRLF, LF line terminators
Hash aff7489ab3cd07c46032f393ee8161d3
507dc3a32068a08ba12d4e0b93fb8ece534d93ce
4423b8c0f0b8bf33480e92be3508176685c21a4eae0e1245fac5d1652224d38c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /lim/sanchezserra HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://quarksseg.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 16415
content-type: text/html; charset=UTF-8
date: Fri, 18 Nov 2022 18:56:37 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
quarksseg.com/wp-includes/css/classic-themes.min.css?ver=1
216.172.172.29200 OK 189 B URL HTTP/2 quarksseg.com/wp-includes/css/classic-themes.min.css?ver=1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 22:15:16 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 189
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5
216.172.172.29200 OK 3.0 kB URL HTTP/2 quarksseg.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (10435), with no line terminators
Hash a6099ee677b6d930b6b878cf0cb08422
a2eb69454196d4250d624d25aaec587e97686642
755acd6dc98e63baff6d8b105b1bcaf63b79f935381fb3f32a79dace7faae0ac
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Nov 2022 21:20:23 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2985
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
quarksseg.com/wp-content/uploads/smile_fonts/icomoon-icomoonfree-16x16/icomoon-icomoonfree-16x16.css?ver=6.1.1
216.172.172.29200 OK 3.4 kB URL HTTP/2 quarksseg.com/wp-content/uploads/smile_fonts/icomoon-icomoonfree-16x16/icomoon-icomoonfree-16x16.css?ver=6.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (27934), with no line terminators
Hash a0fb5fb42906ea84209d5f81b21a4f64
4bcf344c0ef18a751ddbd3d9408d5121b3f924d1
f7b983d7de134c3e8ac5d0a82501315cc97381b254c1e2716dcdb23242430e34
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/uploads/smile_fonts/icomoon-icomoonfree-16x16/icomoon-icomoonfree-16x16.css?ver=6.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:18:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3440
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/smile_fonts/icomoon-font-awesome-14x14/icomoon-font-awesome-14x14.css?ver=6.1.1
216.172.172.29200 OK 6.4 kB URL HTTP/2 quarksseg.com/wp-content/uploads/smile_fonts/icomoon-font-awesome-14x14/icomoon-font-awesome-14x14.css?ver=6.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (51198), with no line terminators
Hash 15a3d10faa1190c1de0b68a23da58511
6cc6aea28a3fd8c720eb316b8c472d8dd96c73ad
ce28c5836538cc26fe2ec96b10d4e8e7e10175a32ecb63a53f16a256fffb01d9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/uploads/smile_fonts/icomoon-font-awesome-14x14/icomoon-font-awesome-14x14.css?ver=6.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:17:57 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 6359
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/css/mainstyles.css?ver=3.16
216.172.172.29200 OK 1.2 kB URL HTTP/2 quarksseg.com/wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/css/mainstyles.css?ver=3.16
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 342cf75f0cf834205eadc2454daa8725
653ecdca8adc4b1c80ca9a21acd9d2fada55fe93
9d9a652f4cdd95f9af3f9f55957b7d70c72f622210dac6dc17e7f7d4d7540a4d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/css/mainstyles.css?ver=3.16 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 16 Nov 2022 21:19:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1179
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/smile_fonts/Defaults/Defaults.css?ver=6.1.1
216.172.172.29200 OK 4.6 kB URL HTTP/2 quarksseg.com/wp-content/uploads/smile_fonts/Defaults/Defaults.css?ver=6.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (27639), with no line terminators
Hash a74d8a9e6361e6170342143743d34e52
033d08f24f8768a1d7cd92ba1d049a011bb585eb
c55a939cb1bad24f59b12c0533db6a87fecaede91efe8d6e285ae44dbb7990d5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/uploads/smile_fonts/Defaults/Defaults.css?ver=6.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:17:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4644
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/smile_fonts/icomoon-numbers-32x32/icomoon-numbers-32x32.css?ver=6.1.1
216.172.172.29200 OK 410 B URL HTTP/2 quarksseg.com/wp-content/uploads/smile_fonts/icomoon-numbers-32x32/icomoon-numbers-32x32.css?ver=6.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1851), with no line terminators
Hash 92e03f27fac7448220a0b623aa889df0
420209a1369779e24d08ac2e2e71427ba509cf72
1da03956a34b70e4b3d8fd43de32c7baa73c19ab06285c68011d1e4434c30ede
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/smile_fonts/icomoon-numbers-32x32/icomoon-numbers-32x32.css?ver=6.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:18:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 410
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.15
216.172.172.29200 OK 16 kB URL HTTP/2 quarksseg.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.15
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (12602)
Hash c42d25887a300fbb3d1e60e3dafc474d
9e2f54ba32e11f803910b46b37e53fffd4485034
ac747f8a9c4d3b94ebe13a4d8301bb2193caf110cb0523bb50a0742a6d2f0303
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.15 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:48:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16533
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/smile_fonts/icomoon-brankic-32x32/icomoon-brankic-32x32.css?ver=6.1.1
216.172.172.29200 OK 2.5 kB URL HTTP/2 quarksseg.com/wp-content/uploads/smile_fonts/icomoon-brankic-32x32/icomoon-brankic-32x32.css?ver=6.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (20488), with no line terminators
Hash d9ce8a67f9617a2b17e2cbd24695a961
0e6e276f3e29bf54ff1e36eaf2fbe51694572224
f64e666d2893f64a1b4b85f42abea285694e2821065ad540e97d729c82e7a6f3
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/smile_fonts/icomoon-brankic-32x32/icomoon-brankic-32x32.css?ver=6.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:17:52 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2537
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/themes/dt-the7/fonts/icomoon-the7-font/icomoon-the7-font.min.css?ver=9.0.1.1
216.172.172.29200 OK 3.1 kB URL HTTP/2 quarksseg.com/wp-content/themes/dt-the7/fonts/icomoon-the7-font/icomoon-the7-font.min.css?ver=9.0.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (20277), with no line terminators
Hash 79d42d1ff1f1962c12eb5bfe8aff0a7c
031fa954fd00d887440885d052ac6e6ff1634c6f
08725de167490e50169931a8c57d053d231678f063ce09b41a79807c5ef5f35e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/dt-the7/fonts/icomoon-the7-font/icomoon-the7-font.min.css?ver=9.0.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:29:16 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3066
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/dt-the7-core/assets/css/post-type.min.css?ver=2.5.0.1
216.172.172.29200 OK 10 kB URL HTTP/2 quarksseg.com/wp-content/plugins/dt-the7-core/assets/css/post-type.min.css?ver=2.5.0.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (43211)
Hash 4a3cd7782fce5f4dcfced61bfc8aeb8e
ef1c63842bf06d171ed954499459873ccbe41e2a
e7066bb18695bec461c60ad617c742a89f363588787cf1493f1a1636bd66b49f
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/dt-the7-core/assets/css/post-type.min.css?ver=2.5.0.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:18:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 9994
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/themes/dt-the7/fonts/FontAwesome/back-compat.min.css?ver=9.0.1.1
216.172.172.29200 OK 4.0 kB URL HTTP/2 quarksseg.com/wp-content/themes/dt-the7/fonts/FontAwesome/back-compat.min.css?ver=9.0.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (19124), with no line terminators
Hash 635a864c0b99f0e98951d41cfeb768a3
5a5689e68b9fc486f1bd7c963d3669640a50787d
40cbd5b2598889f6182e49a949a1a436e435df585e4a9215b720699cf06ef49b
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/dt-the7/fonts/FontAwesome/back-compat.min.css?ver=9.0.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:29:11 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4038
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/the7-css/post-type-dynamic.css?ver=dfef5b8d1166
216.172.172.29200 OK 1.9 kB URL HTTP/2 quarksseg.com/wp-content/uploads/the7-css/post-type-dynamic.css?ver=dfef5b8d1166
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 85947dd8bb9e94199cbdf73f6680586d
b8eece6321f96d5494df0a2c1137dc9f4b06d242
37de4c9053cdded5674a4a68b1bf55070663f8f3a65c93704cefd91ffe2bdca3
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/uploads/the7-css/post-type-dynamic.css?ver=dfef5b8d1166 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 11 Oct 2022 19:59:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1876
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/the7-css/mega-menu.css?ver=dfef5b8d1166
216.172.172.29200 OK 3.9 kB URL HTTP/2 quarksseg.com/wp-content/uploads/the7-css/mega-menu.css?ver=dfef5b8d1166
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 788d01d79746ef87f0fff86ba60e5daf
4f64c116a3a28532b45f0974ce395008b563d7e9
9e696ad44542f265b6176139456bd2a4a6340f591efbad61ca76fb8cc3e34397
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/uploads/the7-css/mega-menu.css?ver=dfef5b8d1166 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 11 Oct 2022 19:59:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3858
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
216.172.172.29200 OK 4.6 kB URL HTTP/2 quarksseg.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11126)
Hash acdb97105af28a7066790c6748ae2e1e
65794d2c5a9d04f747faf370bc8bacd330e69e5a
dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 18 Nov 2020 17:36:06 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4618
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/themes/dt-the7/fonts/FontAwesome/css/all.min.css?ver=9.0.1.1
216.172.172.29200 OK 13 kB URL HTTP/2 quarksseg.com/wp-content/themes/dt-the7/fonts/FontAwesome/css/all.min.css?ver=9.0.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (58209)
Hash d0c963f67d129b39ca78cc7e5ca6d6fe
a3ecf5fd7b82403ec5cf18ef50cae47a971de5be
7ba10a96dd9905b841be09091679a3b557f98f6386fda6f1f4ff68839cba7efd
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/dt-the7/fonts/FontAwesome/css/all.min.css?ver=9.0.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:56:02 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 12622
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/2018/09/logo_white-1.png
216.172.172.29200 OK 6.9 kB URL HTTP/2 quarksseg.com/wp-content/uploads/2018/09/logo_white-1.png
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 300 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash beecf310e55faeca1b018d5c3e9dc6df
1cccb4c8ea52a31f6d59879c4d71a3e67d308f93
85498518c0f9c689928d2bedef42d72ef544fbbe83b3243b3c12d86352e954dc
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2018/09/logo_white-1.png HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:14:43 GMT
accept-ranges: bytes
content-length: 6919
content-type: image/png
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/the7-css/the7-elements-albums-portfolio.css?ver=dfef5b8d1166
216.172.172.29200 OK 4.3 kB URL HTTP/2 quarksseg.com/wp-content/uploads/the7-css/the7-elements-albums-portfolio.css?ver=dfef5b8d1166
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 54be0f7ba04808ad640a9083311bb4c9
910c821e20179be1ddf2a3a892fa9fef88428d99
4fd339d8296edc0b2c97a45bdc4b6c7abc237df77fadca9e20b913001e5c4cad
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/uploads/the7-css/the7-elements-albums-portfolio.css?ver=dfef5b8d1166 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 11 Oct 2022 19:59:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4348
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.14.2
216.172.172.29200 OK 353 B URL HTTP/2 quarksseg.com/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.14.2
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 9fceac240f182c4cdfbf4c767c3655e8
d3c0a11d127441114f37eedbc6e6477899e734eb
17ffc5c191d988ca3a5ef946647351da20c4d7cee7dd7a76179c26dabd7b9f19
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.14.2 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Jan 2022 15:00:46 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 353
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/the7-css/media.css?ver=dfef5b8d1166
216.172.172.29200 OK 16 kB URL HTTP/2 quarksseg.com/wp-content/uploads/the7-css/media.css?ver=dfef5b8d1166
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 1cbdd0425e2a38bd707ba049cf54d90c
85a23bc6be3ec39688467a9aafac7001917110b7
db5e33bc40fab751d5a8b181e0fd0890bd65f9dbda3494afef26c0ac25b155e9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/uploads/the7-css/media.css?ver=dfef5b8d1166 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 11 Oct 2022 19:59:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16391
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/img/whatsapp-icon-square.svg
216.172.172.29200 OK 3.3 kB URL HTTP/2 quarksseg.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/img/whatsapp-icon-square.svg
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1519), with CRLF line terminators
Hash ab05929f6081f799659a6e5905d56c2f
e9644039f3997dc383be8d5f15d81ebe45a14260
825638f14825ca1f8e675f2820787132a2496f60094ff4d0de0d59e24d1cc1de
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/img/whatsapp-icon-square.svg HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 16 Nov 2022 21:19:05 GMT
accept-ranges: bytes
content-length: 3296
content-type: image/svg+xml
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/themes/dt-the7/style.css?ver=9.0.1.1
216.172.172.29200 OK 777 B URL HTTP/2 quarksseg.com/wp-content/themes/dt-the7/style.css?ver=9.0.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (521)
Hash bd07540e61d6a53a422f9afca5791776
0ad3b11c9f5e2c5309d52e8c212afccb3de057e5
6787293704aca91c1940da3cfe97f36312c303d0fd40703457e533465934c5f3
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/dt-the7/style.css?ver=9.0.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 19:43:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 777
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/themes/dt-the7/js/above-the-fold.min.js?ver=9.0.1.1
216.172.172.29200 OK 4.1 kB URL HTTP/2 quarksseg.com/wp-content/themes/dt-the7/js/above-the-fold.min.js?ver=9.0.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (9312), with no line terminators
Hash f275631202276c8e98a567de82bff052
86d483998c8abc89a92c38527e7d45f198a3813f
091c668579807f80039983acbdcd806079ca938e4101f2ef0b67a5a980f9fd11
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/dt-the7/js/above-the-fold.min.js?ver=9.0.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 19:51:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4086
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.2.0
216.172.172.29200 OK 372 B URL HTTP/2 quarksseg.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.2.0
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 0507d06596355ea2efd09bb9c5b0e46c
9ae0e8f7847222b09264ada703c182fd89011126
fefb5c10a704ffcb6c905a785ec2af387ff7169dbe548fa4784cc5782797d4c2
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.2.0 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:43:09 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 372
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.1.0
216.172.172.29200 OK 3.9 kB URL HTTP/2 quarksseg.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.1.0
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (9111)
Hash a9d79ad492f5d209828cf75ff095edb0
b969ee59c642ce462a2cea6b487f2b1d57a8a18a
c362ad1758080d8a6214b29639dd88f082394a603d4afa9f12d8a037f55f94e5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.1.0 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Nov 2022 21:20:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3949
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
216.172.172.29200 OK 5.3 kB URL HTTP/2 quarksseg.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Apr 2022 14:26:24 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5321
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.1.0
216.172.172.29200 OK 1.1 kB URL HTTP/2 quarksseg.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.1.0
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2938), with no line terminators
Hash 769e9d3f7fc383ec1a02024e39730474
4f5a5edf28ed19b48c5e40747ec6896f0df8f09e
4636689d57889e984a7a1a1c6e2516b7a2d951407ca826aaf505c50002e2b486
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.1.0 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Nov 2022 21:20:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1093
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.1.0
216.172.172.29200 OK 1.0 kB URL HTTP/2 quarksseg.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.1.0
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1668)
Hash 0bebfb5722cbc8ac04e62aa40698be49
3bc5e4f29cb19a2d80d46dee242dabf7e42c0fd3
70d02eabbadbe176455a2bb53d8d567feca69847c067a5274987a8bdc65e3c05
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.1.0 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Nov 2022 21:20:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1000
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.1.0
216.172.172.29200 OK 792 B URL HTTP/2 quarksseg.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.1.0
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2139), with no line terminators
Hash 1ca3f41c13e0027acc45f0601f8b640f
cced34af0c6a59e9cee4229faa66ab39c7031506
d3bc5eaf4c6be9473dbba690825cce9a1a6f4accb6721dae7875efef54942f41
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.1.0 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Nov 2022 21:20:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 792
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/js/app.js?ver=3.16
216.172.172.29200 OK 541 B URL HTTP/2 quarksseg.com/wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/js/app.js?ver=3.16
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 3f070eb9c357cffd7e3f903d0510bb18
d15fc7ca8eab151184a0f0bc2fca8346b411e2b9
ac0bac8ee5b81e4cf73d40bb5ed2471a58315fba2534de1a09d7f41f98f52e28
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/js/app.js?ver=3.16 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 16 Nov 2022 21:19:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 541
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.1.0
216.172.172.29200 OK 1.2 kB URL HTTP/2 quarksseg.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.1.0
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (3029), with no line terminators
Hash 1d43db37790e13f685a3c696579e3b2c
ecd7d8bcf06c069e2f296726649b6959608abfbe
4207a6e0849fcaec34e8b6de5931cf3158aca1121c232039654b4144aea9552e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.1.0 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Nov 2022 21:20:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1203
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/dt-the7-core/assets/js/post-type.min.js?ver=2.5.0.1
216.172.172.29200 OK 8.1 kB URL HTTP/2 quarksseg.com/wp-content/plugins/dt-the7-core/assets/js/post-type.min.js?ver=2.5.0.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (22499), with no line terminators
Hash a4c893513d15b919aad4eb2cd93a320c
5689a2634759cb0ca67e741fe694c5ce92e3575f
9d0c66d5f4029cae1c412a378cebcbff1757b5ab0a2c522f3b103d44fd56b867
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/dt-the7-core/assets/js/post-type.min.js?ver=2.5.0.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:18:43 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 8079
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/smile_fonts/icomoon-free-social-contact-16x16/icomoon-free-social-contact-16x16.css?ver=6.1.1
216.172.172.29409 Conflict 83 B URL HTTP/2 quarksseg.com/wp-content/uploads/smile_fonts/icomoon-free-social-contact-16x16/icomoon-free-social-contact-16x16.css?ver=6.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/smile_fonts/icomoon-free-social-contact-16x16/icomoon-free-social-contact-16x16.css?ver=6.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3539
Expires: Fri, 18 Nov 2022 19:55:37 GMT
Date: Fri, 18 Nov 2022 18:56:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3539
Expires: Fri, 18 Nov 2022 19:55:37 GMT
Date: Fri, 18 Nov 2022 18:56:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3539
Expires: Fri, 18 Nov 2022 19:55:37 GMT
Date: Fri, 18 Nov 2022 18:56:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3539
Expires: Fri, 18 Nov 2022 19:55:37 GMT
Date: Fri, 18 Nov 2022 18:56:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d0b6106f00f9fd8b89c2d484a559a1a
399ac393209dcdac7d2188d7aa8d95f04570ef7c
5d8151c9eb558f4a2b8bd2952c6845606ddb0c27e36f6e49aca7e60908cd9fe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e93b023-2729-4761-a4ea-05612c0917fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3759
x-amzn-requestid: 8c91ac59-89dc-4218-b69f-0cebb29f301b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-wJHgxoAMF-hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab33-4dac305614a92bc52c038222;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:44:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mb2-PTjNmt06Wd5jOjQ5WoLY-0NgI80CKPXtwgzBt4n5km8Pu_WN0Q==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:50:49 GMT
age: 75949
etag: "399ac393209dcdac7d2188d7aa8d95f04570ef7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e567bc1-d4b1-4dd2-b17e-3595ad1753e5.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e567bc1-d4b1-4dd2-b17e-3595ad1753e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 35da1192dcadc6e329a9e60c16904301
90a146aef85765630a5e09e46a0a8682e204bec1
816d1387a3a91a82f0bdaa2b703b45aa30be206d30d4dd1e8ac5deca13de57ad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e567bc1-d4b1-4dd2-b17e-3595ad1753e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10281
x-amzn-requestid: 11dffc4e-71d7-4195-8890-62c8a2092728
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-77EWaIAMF3WA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7f-3c0dc7e43023af827ac26958;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 48wUhxwMgsEj2J01EWOTCfWLNZPwFrjjXd6V_uSp8yae4YtGTTVlxA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:14:12 GMT
age: 74546
etag: "90a146aef85765630a5e09e46a0a8682e204bec1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb1ea6fe-f968-42eb-9bb6-5965ae4e6ce6.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb1ea6fe-f968-42eb-9bb6-5965ae4e6ce6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5fb6d72b647aabea33ab4017f4a0847
ed93ac946111340a254b92f8ce27e8be93ae87e8
0782ed4ffaea8f9487461d5a9b0c241d30dfe057676753b24e180d0a94efad99
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb1ea6fe-f968-42eb-9bb6-5965ae4e6ce6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7045
x-amzn-requestid: e8dace8b-0cc8-4ea0-b47a-e42a66576f72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-K3EuCIAMFsmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376aa45-71c191e462be52006858817b;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: S0Sq8vuP-MbcuYVx_WFXTkmrY966mBTY1Qpowx_E_to1tDk1b8R-Bw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:52:11 GMT
age: 75868
etag: "ed93ac946111340a254b92f8ce27e8be93ae87e8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
quarksseg.com/wp-content/themes/dt-the7/js/main.min.js?ver=9.0.1.1
216.172.172.29200 OK 140 kB URL HTTP/2 quarksseg.com/wp-content/themes/dt-the7/js/main.min.js?ver=9.0.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Size 140 kB (139789 bytes)
Hash 3a27a7a63a0ce83182e847c60773156d
828f1546e5cd9daae66d595104fcf26d38075aa8
5445675c90e3d2daaff3e2876859e25c55d10d29e84eccf8957950429c10633a
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/dt-the7/js/main.min.js?ver=9.0.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 19:51:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: 4778d1bd-28c3-4665-89da-046e356087f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjyD1HE-oAMF0QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637163b1-53c7330c5fd36d3c4d9e6aed;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:37:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CHi9V7-WaWmG6Y0249CZJnhe_RjvleaGFVXoOnJ62cjrcXoLLKwzgw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 18:45:50 GMT
age: 649
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dd26f9e-1666-47e7-91b0-4b371ede5e61.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dd26f9e-1666-47e7-91b0-4b371ede5e61.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30ad43f65949e7e22e73292e3d684f3d
9404b0071027ac7ec0055a9edfbd607e3a8ae501
b97961cbd2245f9927c1c0406451449d28cca24c98c534cace78321ac62eeeb2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dd26f9e-1666-47e7-91b0-4b371ede5e61.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5955
x-amzn-requestid: fe915fbe-b1dc-4fbd-8a10-1cb46e08f56c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqPjHloIAMFidw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755730-16deb73f48305b0139b1d9bd;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qtpQ9y_8ohoqKpvTx-mWM439VyjZnpmTKKCEAEnknL3CVN8ZkiJaYQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 21:39:46 GMT
age: 76613
etag: "9404b0071027ac7ec0055a9edfbd607e3a8ae501"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 16bbadb18616687351d4047aedc2ab45
979123c7ad6726befbbab2c07b50ecca31aa2d18
de8231c6ee426b7a76ebf574998dec11ce908efc0a745c2182fb7b61c5915e9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 71821131fa0825a241bb6f95ad63a26a
4c676dbf861c2fca225bd1b9620237246ddfc724
f2dbe2a5c73657c35a660931a44cda1c1641c5b277ceea3d8fd7b4bfcacaf5ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 71821131fa0825a241bb6f95ad63a26a
4c676dbf861c2fca225bd1b9620237246ddfc724
f2dbe2a5c73657c35a660931a44cda1c1641c5b277ceea3d8fd7b4bfcacaf5ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 71821131fa0825a241bb6f95ad63a26a
4c676dbf861c2fca225bd1b9620237246ddfc724
f2dbe2a5c73657c35a660931a44cda1c1641c5b277ceea3d8fd7b4bfcacaf5ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 71821131fa0825a241bb6f95ad63a26a
4c676dbf861c2fca225bd1b9620237246ddfc724
f2dbe2a5c73657c35a660931a44cda1c1641c5b277ceea3d8fd7b4bfcacaf5ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 71821131fa0825a241bb6f95ad63a26a
4c676dbf861c2fca225bd1b9620237246ddfc724
f2dbe2a5c73657c35a660931a44cda1c1641c5b277ceea3d8fd7b4bfcacaf5ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-N32TDMQ
142.250.74.168200 OK 38 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-N32TDMQ
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash fe31db00c3f18826f52cee7fe9933064
ad6a86f7b31fe2a29c9bfd3706a6ade6dc9adc9b
7cbbb47a11f07cdb83d3dd44f0db4e731cfefe49c778b4f7b784ec6f72fed662
GET /gtm.js?id=GTM-N32TDMQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 18 Nov 2022 18:56:39 GMT
expires: Fri, 18 Nov 2022 18:56:39 GMT
cache-control: private, max-age=900
last-modified: Fri, 18 Nov 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 38477
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
216.58.207.195200 OK 46 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://quarksseg.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Nov 2022 21:13:13 GMT
expires: Tue, 14 Nov 2023 21:13:13 GMT
cache-control: public, max-age=31536000
age: 337406
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/2018/09/footer.jpg
216.172.172.29200 OK 27 kB URL HTTP/2 quarksseg.com/wp-content/uploads/2018/09/footer.jpg
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1500x500, components 3\012- data
Hash 7c98982b166e164a00ed024e2892a81b
86689aee7e424ad5bd3f04e7a8792abe9852c432
1811505b18f7c9538d048e46da4911f004f583f745597ed0a38a0771ee47cb63
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2018/09/footer.jpg HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/wp-content/uploads/the7-css/custom.css?ver=dfef5b8d1166
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:14:04 GMT
accept-ranges: bytes
content-length: 26894
content-type: image/jpeg
date: Fri, 18 Nov 2022 18:56:39 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/2018/09/pag.jpg
216.172.172.29200 OK 54 kB URL HTTP/2 quarksseg.com/wp-content/uploads/2018/09/pag.jpg
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1500x350, components 3\012- data
Hash 3494c5a6e23e668a9f6235d92d7e022e
b553cf3e0ff666a71e974baebe84dd7b49a0e6a3
715c5c12ad71f54f2f7b42f0417abe9b8d6403792d73cee9c546e00f1cbbf31f
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2018/09/pag.jpg HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/wp-content/uploads/the7-css/custom.css?ver=dfef5b8d1166
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:14:48 GMT
accept-ranges: bytes
content-length: 53839
content-type: image/jpeg
date: Fri, 18 Nov 2022 18:56:39 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/themes/dt-the7/fonts/icomoon-the7-font/icomoon-the7-font.ttf?wi57p5
216.172.172.29200 OK 48 kB URL HTTP/2 quarksseg.com/wp-content/themes/dt-the7/fonts/icomoon-the7-font/icomoon-the7-font.ttf?wi57p5
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, the7-default-font\012- data
Hash 71f9dfd69c5a3adbbb31a994bffb7b36
97fbd02448d6db534ddfe4bcdc3df7ec5d92af9a
e0394e418d7858c3f9fabb6897f4e9364cf86a23a809127690f467ad111f190d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/dt-the7/fonts/icomoon-the7-font/icomoon-the7-font.ttf?wi57p5 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/wp-content/themes/dt-the7/fonts/icomoon-the7-font/icomoon-the7-font.min.css?ver=9.0.1.1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:29:16 GMT
accept-ranges: bytes
content-length: 48020
content-type: font/ttf
date: Fri, 18 Nov 2022 18:56:39 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/themes/dt-the7/fonts/FontAwesome/webfonts/fa-solid-900.woff2
216.172.172.29200 OK 80 kB URL HTTP/2 quarksseg.com/wp-content/themes/dt-the7/fonts/FontAwesome/webfonts/fa-solid-900.woff2
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format (Version 2), TrueType, length 79464, version 331.524\012- data
Hash b3e460fdd8d304a121b44183473d7522
7ad1ee10d7762fa348e20725cf5e669a36a4360c
15809710190c5c2edbf07f0db683ade85fb801f8ff08a2dbb93eea9d0d4e6df2
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/dt-the7/fonts/FontAwesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://quarksseg.com/wp-content/themes/dt-the7/fonts/FontAwesome/css/all.min.css?ver=9.0.1.1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:56:07 GMT
accept-ranges: bytes
content-length: 79464
content-type: font/woff2
date: Fri, 18 Nov 2022 18:56:39 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 16bbadb18616687351d4047aedc2ab45
979123c7ad6726befbbab2c07b50ecca31aa2d18
de8231c6ee426b7a76ebf574998dec11ce908efc0a745c2182fb7b61c5915e9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 71821131fa0825a241bb6f95ad63a26a
4c676dbf861c2fca225bd1b9620237246ddfc724
f2dbe2a5c73657c35a660931a44cda1c1641c5b277ceea3d8fd7b4bfcacaf5ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
quarksseg.com/wp-content/uploads/2018/09/favicon.png
216.172.172.29200 OK 1.9 kB URL HTTP/2 quarksseg.com/wp-content/uploads/2018/09/favicon.png
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 715f53862b8d93aedadf5788dbfd9e93
7395b916619e916df03672b330630a451b9c91e6
c114c653a6e19767944f8ae67c59d09a2a569adc0877a71a2ba93a88a53bd34d
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2018/09/favicon.png HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:14:00 GMT
accept-ranges: bytes
content-length: 1901
content-type: image/png
date: Fri, 18 Nov 2022 18:56:39 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/?wc-ajax=get_refreshed_fragments
216.172.172.29200 OK 561 B URL HTTP/2 quarksseg.com/?wc-ajax=get_refreshed_fragments
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JSON data\012- HTML document, ASCII text, with very long lines (1501), with no line terminators
Hash 6b890d95b9c854959e26f8c10fe360f8
a510ba47466e8aa8b06a1f311303f51d75228fb9
d7360d65e0464c8c268dbb513f1787bdb2f0d31cc1689259b8967334d8c42d84
Analyzer Verdict Alert quad9 Sinkholed
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: https://quarksseg.com
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://quarksseg.com
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-robots-tag: noindex
vary: Accept-Encoding
content-encoding: gzip
content-length: 561
content-type: application/json; charset=UTF-8
date: Fri, 18 Nov 2022 18:56:39 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 24e839b9f3c854f1059813baa2c678a5
be2078cbfd0e0ed2de69e22e76c5c83aba9c656e
35b72207dddd79dce8c7f0bc72243dc70d0a9190b15fd344c790224513b8f810
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 18 Nov 2022 18:56:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-FQDCK5X6PT>m=2oeb90&_p=395530897&cid=1613058177.1668797798&ul=en-us&sr=1280x1024&_s=1&sid=1668797797&sct=1&seg=0&dl=https%3A%2F%2Fquarksseg.com%2Flim%2Fsanchezserra&dt=P%C3%A1gina%20n%C3%A3o%20encontrada%20-%20Quarks%20Seguran%C3%A7a&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-FQDCK5X6PT>m=2oeb90&_p=395530897&cid=1613058177.1668797798&ul=en-us&sr=1280x1024&_s=1&sid=1668797797&sct=1&seg=0&dl=https%3A%2F%2Fquarksseg.com%2Flim%2Fsanchezserra&dt=P%C3%A1gina%20n%C3%A3o%20encontrada%20-%20Quarks%20Seguran%C3%A7a&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-FQDCK5X6PT>m=2oeb90&_p=395530897&cid=1613058177.1668797798&ul=en-us&sr=1280x1024&_s=1&sid=1668797797&sct=1&seg=0&dl=https%3A%2F%2Fquarksseg.com%2Flim%2Fsanchezserra&dt=P%C3%A1gina%20n%C3%A3o%20encontrada%20-%20Quarks%20Seguran%C3%A7a&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://quarksseg.com
Connection: keep-alive
Referer: https://quarksseg.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://quarksseg.com
date: Fri, 18 Nov 2022 18:56:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7d16e5ff718353c095d266b080fe547f
fa7c5c9a1d16355859196271f3d13f3850931888
9a94d8eb20cc56d0898b1e2b80c0006ebbef75c15ad94e907050c5be4e19a960
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20ddb38f-d459-45e6-9351-068a5306b3a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10349
x-amzn-requestid: fc85e078-a81a-4fed-899e-15249961f59c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bw-7tHGLIAMF00Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376ab7d-4224d193517794684fcdc0ad;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UK-XD_8EcfPwfLb-QVwfLr8aG-sqVBoUJcbPb5hKAlQS68eOxdgM5g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 22:03:27 GMT
age: 75198
etag: "fa7c5c9a1d16355859196271f3d13f3850931888"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.15
216.172.172.29200 OK 0 B URL HTTP/2 quarksseg.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.15
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.15 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:48:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
216.172.172.29200 OK 0 B URL HTTP/2 quarksseg.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 22:46:24 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,600,700|Raleway:300,400,500,600,700|Roboto:400,600,700|Montserrat:400,600,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,600,700|Raleway:300,400,500,600,700|Roboto:400,600,700|Montserrat:400,600,700
IP 142.250.74.10:0
GET /css?family=Open+Sans:400,600,700|Raleway:300,400,500,600,700|Roboto:400,600,700|Montserrat:400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 18 Nov 2022 18:56:38 GMT
date: Fri, 18 Nov 2022 18:56:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
quarksseg.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
216.172.172.29200 OK 0 B URL HTTP/2 quarksseg.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Nov 2022 21:36:33 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5
216.172.172.29200 OK 0 B URL HTTP/2 quarksseg.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Nov 2022 21:20:23 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/themes/dt-the7/css/main.min.css?ver=9.0.1.1
216.172.172.29200 OK 0 B URL HTTP/2 quarksseg.com/wp-content/themes/dt-the7/css/main.min.css?ver=9.0.1.1
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/dt-the7/css/main.min.css?ver=9.0.1.1 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 19:50:32 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.15
216.172.172.29200 OK 0 B URL HTTP/2 quarksseg.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.15
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.15 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 20:48:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/the7-css/custom.css?ver=dfef5b8d1166
216.172.172.29200 OK 0 B URL HTTP/2 quarksseg.com/wp-content/uploads/the7-css/custom.css?ver=dfef5b8d1166
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/uploads/the7-css/custom.css?ver=dfef5b8d1166 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 11 Oct 2022 19:59:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2
quarksseg.com/wp-content/uploads/the7-css/compatibility/wc-dt-custom.css?ver=dfef5b8d1166
216.172.172.29200 OK 0 B URL HTTP/2 quarksseg.com/wp-content/uploads/the7-css/compatibility/wc-dt-custom.css?ver=dfef5b8d1166
IP 216.172.172.29:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/uploads/the7-css/compatibility/wc-dt-custom.css?ver=dfef5b8d1166 HTTP/1.1
Host: quarksseg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://quarksseg.com/lim/sanchezserra
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 11 Oct 2022 19:59:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Fri, 18 Nov 2022 18:56:38 GMT
server: Apache
X-Firefox-Spdy: h2