r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9166
Expires: Sat, 03 Dec 2022 13:18:03 GMT
Date: Sat, 03 Dec 2022 10:45:17 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5025
Cache-Control: max-age=90583
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:45:17 GMT
Etag: "6389d3f3-1d7"
Expires: Sun, 04 Dec 2022 11:55:00 GMT
Last-Modified: Fri, 02 Dec 2022 10:31:15 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 03 Dec 2022 10:18:15 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1622
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7839
Expires: Sat, 03 Dec 2022 12:55:56 GMT
Date: Sat, 03 Dec 2022 10:45:17 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 3K/OX1Ayba1XGp6B0aXB+Y+uv5GM2EFlqr6ZMn2xU9H6GC3eUt7wbGueHLouISyCvygeTLfXp/Y=
x-amz-request-id: 1FP167GT40XH4VN2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 03 Dec 2022 09:46:31 GMT
age: 3526
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Dec 2022 10:45:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
sculpting.bizdemo.xyz/
192.232.251.94200 OK 28 kB IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047)
Hash f92bce503a52943dfe46f88cb1a9a4f6
a87a0cd982d209226dd5cec3b92369830ccdd2fd
3512d9f0b5419f407c61f6e99673a1cc6093a0663d8d95b30d0063d0b5a184fa
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:17 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 10:45:14 GMT
Accept-Ranges: bytes
Cache-Control: max-age=7200
Expires: Sat, 03 Dec 2022 12:45:17 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/html
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/ladda.min.css?ver=20.9
192.232.251.94200 OK 1.6 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/ladda.min.css?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (9022)
Hash 7a8ffc891e391d2599e2295109c1eed7
f0e834eb0eb3b93ea22fbe1e29c2a2e9de25a767
79119d0987be4165e5d2fd5e82c2031717ef7480330684b2f08fab5f0c2d23a9
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/ladda.min.css?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:17 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:17 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 1587
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:45:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sculpting.bizdemo.xyz/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
192.232.251.94200 OK 17 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (43771)
Hash 2a67a4888baa44de739f3fe56203ce07
da175eae57f26b655747d79f055477e3fee1abb9
3a4d7627476a0099ca4bcc101685f27de04cb49dd66ef842d72c6cda270599dd
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:17 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 12 Jul 2022 22:25:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:17 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 16594
Keep-Alive: timeout=5, max=75
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/themes/hello-elementor/theme.min.css?ver=2.6.0
192.232.251.94200 OK 3.7 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/themes/hello-elementor/theme.min.css?ver=2.6.0
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (15630), with no line terminators
Hash 529d04904ad186e4a39b2dc5bfad9c82
8ef7df43c0f1c86d3727cbda2b7f6b544eda9712
de660682cf307258e5d2ecccc62e8bc09e85c62da0ba9be00c07bfbb20f16acb
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/hello-elementor/theme.min.css?ver=2.6.0 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:17 GMT
Server: Apache
Last-Modified: Sun, 10 Jul 2022 16:53:28 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:17 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 3704
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/picker.classic.date.css?ver=20.9
192.232.251.94200 OK 1.4 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/picker.classic.date.css?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (4370), with no line terminators
Hash ef3f6d40a7b2ee7df68e3770b2b7cddd
41f81370666ba6edac6fc5ec0c5a8d1c4f7ebb3a
bb3db802399d3ac722e92c50e03f6a738a188af6386dd1209c566750fe3c21a0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/picker.classic.date.css?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:17 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:17 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 1366
Keep-Alive: timeout=5, max=75
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/bookly-addon-pro/frontend/modules/customer_profile/resources/css/customer-profile.css?ver=4.4
192.232.251.94200 OK 506 B URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-addon-pro/frontend/modules/customer_profile/resources/css/customer-profile.css?ver=4.4
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 013c3b324732747c46fc42b58654e44f
b5acf3bcd7facafe7a0613c7c338a44444a38d8a
d6ffef8b697116870f0feea732f171efc4fda2fee0ca6ba3a84ff767756a4c05
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-addon-pro/frontend/modules/customer_profile/resources/css/customer-profile.css?ver=4.4 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:17 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 09 Jul 2022 23:32:33 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:17 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 506
Keep-Alive: timeout=5, max=75
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/uploads/essential-addons-elementor/cb70d11b8.min.css?ver=1670064311
192.232.251.94200 OK 6.8 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/essential-addons-elementor/cb70d11b8.min.css?ver=1670064311
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (18820)
Hash dd5150cb30167eba252838c3012c16b1
3a55263eec2412686842cca271bdbc002840c11e
2d0920b399e9c5bc8af5221ac44fd2d2e70a75a198826666030e7ae3f6c178b3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/essential-addons-elementor/cb70d11b8.min.css?ver=1670064311 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:17 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 02 Dec 2022 23:01:37 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:17 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 6787
Keep-Alive: timeout=5, max=75
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/themes/hello-elementor/style.min.css?ver=2.6.0
192.232.251.94200 OK 2.2 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/themes/hello-elementor/style.min.css?ver=2.6.0
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (5839), with no line terminators
Hash 86ff3ca7cfb9bf149080927c45f1efc3
af50bcc5916291775f25ef742d42f1fb60493372
ee17aa6cf3c9daae0f2b979a3df12554d5b6c6967534069dee393fe195fbea2c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/hello-elementor/style.min.css?ver=2.6.0 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:17 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 10 Jul 2022 16:53:28 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:17 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 2245
Keep-Alive: timeout=5, max=75
Content-Type: text/css
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 03 Dec 2022 10:11:17 GMT
cache-control: public,max-age=3600
age: 2041
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.6.7
192.232.251.94200 OK 1.6 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.6.7
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (13766)
Hash 802be6b67baa16e381ee1c5d1d06c973
c671b16428c604b5076e3e5a271704505509f777
50915eefa73a069f2bce4a5f4f4b1faf699fbc07cb3e8042decc19b27e628c27
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.6.7 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 1608
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/post-15.css?ver=1657404888
192.232.251.94200 OK 389 B URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/post-15.css?ver=1657404888
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1180), with no line terminators
Hash b056d89253eb165fe0fa37bbbbe8d51d
d287523be3af9d37fa228a9276b408b76cd0bf7c
d939cc9faf30cb01f167e1b58d10f7ac788f1d132562743f21436bb8d18c3dd2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-15.css?ver=1657404888 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 22:14:48 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 389
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
192.232.251.94200 OK 4.0 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (19082)
Hash 1a51c193793d105fc6aaddfc3bc05349
238e509973276daa145be273af1aba0fbb3801bf
69e8578f795564941f826ab314ab57c83da7fb6ca7d9221c8df5f1e9081ae6e3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 3978
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/global.css?ver=1657404889
192.232.251.94200 OK 9.8 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/global.css?ver=1657404889
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (50767)
Hash 306fa56302db87dd4fffeae679c892eb
1a57b85d31e239d6e04039ed20bcc62e4beb15a8
613b8037e0efc38995887304bf498df8ab40c07b7f1a28442e0b850dd821c9ca
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/global.css?ver=1657404889 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 22:14:49 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 9806
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 98fe7e5fd6b778bcdcc63028c3a49fbd
06b34160c344526fbe14ce41445b9fe76c0a878d
d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:45:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5014
Cache-Control: max-age=171907
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:45:18 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 10:30:25 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/post-226.css?ver=1670021517
192.232.251.94200 OK 8.5 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/post-226.css?ver=1670021517
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (43910), with no line terminators
Hash 20bc8e0a24d463fd5ceb4ed36f6d5861
185cb6efaf33aa48944acc1bc8fdacc094d04ecc
abc1ca82d65cc40b13fcf81248ae5cf8db82a3bfc5be0cab16d635d850d81bf7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-226.css?ver=1670021517 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 22:51:57 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 8539
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.6.7
192.232.251.94200 OK 31 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.6.7
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65497)
Hash 1305228f1ff8ac1717e68b7029acfbb7
c55d3375788048009b96abf5190f418fc614a70d
e3846e56741ebfe1dd020cd7531c3ebe9de059a3711efa1921a304ccb3c37df4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.6.7 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/post-195.css?ver=1670021840
192.232.251.94200 OK 1.5 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/post-195.css?ver=1670021840
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (9918), with no line terminators
Hash f2d57c6d22c2369035a1141b5e4285e7
cab8cc3621b51664c7533ca087fa68d4382e0967
94b8cb99df16bbf24e29f365822519781aaa35f9cb32d77db50582a1b37b177a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-195.css?ver=1670021840 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 22:57:20 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 1547
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/fluentform/public/css/fluent-forms-elementor-widget.css?ver=4.3.9
192.232.251.94200 OK 946 B URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/fluentform/public/css/fluent-forms-elementor-widget.css?ver=4.3.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3903)
Hash 67cbf7ea415201a5521b3dd32cc71f98
b64705fe4912d87e7253bb52eabb12011c2707cf
9e87f56c49300803de6dfcdd2ab7d7b0159d9929e02f363b643295f13bd136eb
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/fluentform/public/css/fluent-forms-elementor-widget.css?ver=4.3.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 12:16:05 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 946
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/post-201.css?ver=1670021517
192.232.251.94200 OK 751 B URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/post-201.css?ver=1670021517
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2991), with no line terminators
Hash 5ffbc14eda6dfc11fda631765e7b4d54
9bb9135c76ba53705a33123e410e1693a8ca6009
89fc0a4badb27af44667a75d483a79a48c643bea701f30fb17fcac1df2cff1ec
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-201.css?ver=1670021517 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 22:51:57 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 751
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
192.232.251.94200 OK 309 B URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (483)
Hash 0ea43e394ddaae5fdb710dbbc8869e58
3b0c93adc80720236096201db5cc2751e703996d
85225fffa21a94bfd954393d7471069ab227b98fd8b51cb5ab4af5488168a34e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 309
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
192.232.251.94200 OK 13 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (57726)
Hash dc63c0a8e2d5857cc7a00a4b5456dabb
ee29df5eb2a4bf3eb805b160551c1afd84b42599
035ef40b1dd3df1eefb2dd3c8c2096425727fb939b06f3aa0bc6ef91dafd5441
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 12577
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
192.232.251.94200 OK 308 B URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (489)
Hash 0a08469d24387f830bbaaa00b3c228ae
01f5dfeb8f93a32c9a8f66fe5940758109771fcd
3c7c29e5fc1193ff7ce24f72f77b2dc129e1a9434a97ef7b625f6f715531803c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 308
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.7.2
192.232.251.94200 OK 73 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.7.2
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65493)
Hash 12cfdb81d7783f05b6e3cb3b3fb88eb0
bcb9da4b9273a19a5448bdbc673cd5336abb234d
b723a9d61905c058d95089b7d474b47fe74f11daf4e3e0d7dbe78ad93fd6ecb7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.7.2 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 22:14:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
push.services.mozilla.com/
35.83.91.138101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.83.91.138:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yeyzD+Qdsyfp4EAgn3rk+Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2Ke5WPT/t1hUjBVHiwyM1GmZSt0=
sculpting.bizdemo.xyz/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
192.232.251.94200 OK 4.6 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11126)
Hash acdb97105af28a7066790c6748ae2e1e
65794d2c5a9d04f747faf370bc8bacd330e69e5a
dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Wed, 29 Jun 2022 23:01:33 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 4618
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/ladda.min.js?ver=20.9
192.232.251.94200 OK 1.7 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/ladda.min.js?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3607)
Hash 0670f85198107dd57129430f905e9775
53837f9c4f99ff06b6fe6056fbd51f15e86e9362
78ff9d2b555e76f5e28bb3f6953f5641d089c9c9d5d63b5364045e79811f7815
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/ladda.min.js?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 1705
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/spin.min.js?ver=20.9
192.232.251.94200 OK 2.2 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/spin.min.js?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (4247)
Hash 994a9291cbba8a125c2de344eccbff91
898c31406134a3a07c69dae29b44e358d827d857
510d6828d366a575692c2b6151fa5fc7c51a2c94073cebd2cf590347cae4d893
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/spin.min.js?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 2212
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/hammer.min.js?ver=20.9
192.232.251.94200 OK 7.9 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/hammer.min.js?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (19579)
Hash 92049a2b3c1b994cb7d3c001bedd7159
29678903f8762326c126bee9423f1aa7e4003b32
226c717b5d7e987ae2f5cabe35397fbd00eada1c8b12a3db527767857b982a93
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/hammer.min.js?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 7949
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/jquery.hammer.min.js?ver=20.9
192.232.251.94200 OK 414 B URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/jquery.hammer.min.js?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 5e969a4415897775483f015c0c15e0fc
3d51a7a1ff14eb2250d296424d5454391f8471cf
5ead375701abdfb5ddbf68acf5911474320cfe5cda2c30d5edd46d3658de1c24
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/jquery.hammer.min.js?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 414
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
192.232.251.94200 OK 39 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65447)
Hash feb933ceca72e1d76b471ed9db278b0d
6179e8f9c9876a6c4df5e3138e9f8ee2ac25bcd1
9a525fa92f98fd5ac754d60ea6f3676bcaa3870dd9bf057c8c668399922c9bd0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Wed, 29 Jun 2022 23:01:33 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/picker.js?ver=20.9
192.232.251.94200 OK 3.8 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/picker.js?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (8031)
Hash 9433193318594749d283f9f6f2ba277d
8c738d4abb892175c40bb830530566cd221b1108
771e21a8566f0fa2b009032f9d0fb1a67151a9eb97b7ca84a0b9097f23a55993
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/picker.js?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 3766
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/bookly-addon-pro/frontend/modules/customer_profile/resources/js/customer-profile.js?ver=4.4
192.232.251.94200 OK 485 B URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-addon-pro/frontend/modules/customer_profile/resources/js/customer-profile.js?ver=4.4
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash db67716e8a35485c498b053ea093b404
94d699c816c139cb8359de7ba1e6c6a56c84e1ef
101db5be41970acff92ff288cd21fb03266b656963bf822098170ca1312e15d6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-addon-pro/frontend/modules/customer_profile/resources/js/customer-profile.js?ver=4.4 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:33 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 485
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/picker.date.js?ver=20.9
192.232.251.94200 OK 5.0 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/picker.date.js?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (12685)
Hash 09e0b7c1bb0b0c1b6d1cfe9d6162414a
80881c20da23dcb37c60aa0b009cc9a42e181114
09cc2ffba2db569018999372f5cf02e6f3d48757386e9a613e5373538cffb4b4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/picker.date.js?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 4989
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/intlTelInput.min.js?ver=20.9
192.232.251.94200 OK 11 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/intlTelInput.min.js?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (22399)
Hash e6a20115dd84d8cfa912833ffa93d550
ee40e2ff9bf131a7594bbc1a04b2fe912a5ade33
6489bc93c2645294631b91e78632a87f4f078b1c9b6ae58960cf150219df54ea
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/intlTelInput.min.js?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 10582
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
192.232.251.94200 OK 5.3 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Wed, 29 Jun 2022 23:01:33 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 5321
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=5.1.8
192.232.251.94200 OK 13 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=5.1.8
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (59158)
Hash e6b67e11736ae36a062b381717f2ea9f
a663a79bc8d42aa58bfea1351cc27e0d0b09c9b2
a07a94d36246d0b3e5b9b18e274e31995d0e23cda955babf5e350e91a879523d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=5.1.8 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 12862
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/bookly.min.js?ver=20.9
192.232.251.94200 OK 56 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/bookly.min.js?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (35190), with NEL line terminators
Hash df79a2f5cf310cce86fc38b46181b0aa
bdcbeba8bbd5edf66e7edb96ad551b6b73b2df68
35c640dede75cda8d7bbed7ba55440d4590e221fb7306b0a63c14d5fc25d2632
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/js/bookly.min.js?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:18 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=5.1.8
192.232.251.94200 OK 4.4 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=5.1.8
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (26516)
Hash fdd462f58aee3f9349eabdefb5ca0b57
bb6e017d5537630516ccb98952593690a8c69864
ca51806fcedbe90dd613c4c28673af8693381806a5cb3b43dce2ea4f43e8b314
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=5.1.8 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 4436
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.7
192.232.251.94200 OK 3.0 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.7
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (10019)
Hash c2b5af6052f630a96e450e5e2a3cea52
00ca76a8828a1bbec1534eb10786804fd36492f2
58f6cc2d4fa3e528622102975fb62949dc0170bd47b588a67318d18552a57d59
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.7 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 2997
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/salon-booking-plugin-pro-cc/js/discount/salon-discount.js?ver=6.0.3
192.232.251.94200 OK 495 B URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/salon-booking-plugin-pro-cc/js/discount/salon-discount.js?ver=6.0.3
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 55273e3b0423b130aa416c2315d5213c
6da6b3467f8672c3768cc21328fab860ad6af25e
7f84f16f1ae204a78058f4c8ad75c881900d148a150de5ab9af9615c1238b488
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/salon-booking-plugin-pro-cc/js/discount/salon-discount.js?ver=6.0.3 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Mon, 11 Jul 2022 00:29:47 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 495
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/uploads/essential-addons-elementor/cb70d11b8.min.js?ver=1670064311
192.232.251.94200 OK 6.2 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/essential-addons-elementor/cb70d11b8.min.js?ver=1670064311
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (18660), with no line terminators
Hash c5c26bea461269c4404459cd427d9dca
03c78ee46cfa10017f10e1cc33c5bd969791c6c1
0f2ba26317da4f6216644108a938cc1983cd69b8ee0dabfd2624ac3799481507
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/essential-addons-elementor/cb70d11b8.min.js?ver=1670064311 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Fri, 02 Dec 2022 23:01:37 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 6221
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-includes/js/imagesloaded.min.js?ver=4.1.4
192.232.251.94200 OK 2.1 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (5477)
Hash f0bd7ad12acdee26cbb2701c1ba3610b
53c5d15129860868b60b74cb010b2c6050a64f69
e6d0cb19e56d22e8e511c23ca2bd233bedb40e3c7cf4ff38fe6f059bc7e0c64f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Wed, 29 Jun 2022 23:01:33 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 2103
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=5.1.8
192.232.251.94200 OK 4.4 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=5.1.8
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (14869)
Hash 7bab7ad64ffbd7846dd6819250b93e2e
c924918d540389aff62220088b6761f38a5da272
045250efe67364c953a91f6a60cf407ebb5cfdb2da04e84c3d98e5bab5eca9ba
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=5.1.8 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 4359
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.7.2
192.232.251.94200 OK 2.4 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.7.2
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (5141)
Hash 3411cbc32c50541a656bbf9301ff5b8e
8836e8166a9deb7769d45fafab614b98d41799fb
4fe0653e85f8865db1ce3385927be8d5e037556d33571ffdce2823c636967a41
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.7.2 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 22:14:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 2448
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.7
192.232.251.94200 OK 5.8 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.7
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (14448)
Hash 6927a5aa81bbba29cfc30dbd1c5d948e
cbb9a407b01a3b772f4c522534bbfaa084979421
004a40e9b0514d9c9b072735aeb4dec289fe6e8a5cfdbcceafa8a6309d223c81
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.7 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 5798
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.7
192.232.251.94200 OK 2.3 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.7
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (4918)
Hash cbd7eed220e5b1bb961b0c15b6057e23
f394c304e485b8e0b45e45f54a0d66d95493ef53
b970ce8c388d5eb0e502d4b8a577689e51da13cb3d6f352117536c1a7eba29f2
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.7 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 2315
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
192.232.251.94200 OK 2.7 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (6475), with no line terminators
Hash 45bd1d6f7fc3a4069fc6fd400b90c961
903c7e28c7141e9fc1bdb4dfc62d043a97a01e2d
c638a0057b4be0a61cfb65b1860a855a327397e9871f5dde28fa2f138fb394dc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Wed, 29 Jun 2022 23:01:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 2675
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
192.232.251.94200 OK 8.3 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (19138), with no line terminators
Hash e49f0561a452c9d04fb7d1510a23cc8c
9e8fc2e3129da4fe2790eee565a6478b864bea83
ab4f9f418b022ab34d617ee2f95d70afff005ed4d4d92e313ce84a56b40bce75
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Wed, 29 Jun 2022 23:01:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 8254
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3
192.232.251.94200 OK 1.7 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (4875)
Hash 6a452794a68bc140a53b30519b94edf6
68046f5611ba3cf5da1c46087609aff18f59fdc1
259990a9e6191a72a51ac9d038d0c52bb56d880a2b0d460b1fca3f3fee7961ed
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Wed, 29 Jun 2022 23:01:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 1712
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94
192.232.251.94200 OK 4.2 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash a72df5f7a597c541e18a33abef3c11f5
9500913a0a3fca9979a0aed9cb745926d9f86f83
258da631753c1d8d88fb1316024b671fa4a9ac87c9d6c4f38a45bc2c3bf9f3fc
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Wed, 29 Jun 2022 23:01:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 4234
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
192.232.251.94200 OK 3.7 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (12198), with no line terminators
Hash e2a8decccf4d0a6b925af707a36077a9
26a0febc9c3d91e75410f74b9ec62099ba1cbe90
09e0e638a6f53c0fdcfeeb8ae91f3a404bef47b471324e335e29be14a2aa87f7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 3747
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.2
192.232.251.94200 OK 7.5 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.2
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (21164)
Hash b143d57552a1033062b36814012c8f1d
897132b22b41fc8853ee5dee57d32c38cbe6892e
aca6748e9d2150ae71aacc2ac730f66c849459b222ce08f14d4a0a3bb8ef5608
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.2 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 22:14:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 7508
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.6.7
192.232.251.94200 OK 1.2 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.6.7
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2577)
Hash 159281ac01a46f042b38d0d44cf3eb7a
54677be6b1cf85899d2ab1a6fada531ca5613d29
0738d3f931e8df2b67f3be1ec216b103560266c56cc38fdafae055bcb807ffea
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.6.7 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 1151
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
192.232.251.94200 OK 8.2 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash a0a1c8194f131320e1798f90a7b1262a
3346d35be1f2e4886f19e7fcc0cc96ee4753d9ed
7f618ab13cec0933ec2c61fa2b580ad77ca41522028649677494219fa9ce56db
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Wed, 29 Jun 2022 23:01:33 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 8169
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
192.232.251.94200 OK 4.2 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (10544)
Hash 552977febe8ef2c71b0806dfaefd2552
01baebfd09383c5d44f066e7b5540fcca6a5eae4
7895907f5a4f54c08c4705b1a194e21c556d68027c5e0a70d4c05b377e712b1d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 4200
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.7
192.232.251.94200 OK 15 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.7
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (37920)
Hash f3028a179ea0a9864e047d69ba09dd86
84c7242760730284170a4d30733ee46365f38355
b62b659bbf6a9008af15083266d3481da4614c8b736b094f495d946d183ed56e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.7 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 14837
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.7.2
192.232.251.94200 OK 46 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.7.2
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65493)
Hash 4c781da499a2a36022030ae93364df97
023f2a356409148643639afcda8df82018ec7a1a
72b2a38bd433a6524b01d429ec597366b455d092d36f52ac4296a563db2f72c3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.7.2 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 22:14:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14256
Expires: Sat, 03 Dec 2022 14:42:55 GMT
Date: Sat, 03 Dec 2022 10:45:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14256
Expires: Sat, 03 Dec 2022 14:42:55 GMT
Date: Sat, 03 Dec 2022 10:45:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14256
Expires: Sat, 03 Dec 2022 14:42:55 GMT
Date: Sat, 03 Dec 2022 10:45:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14256
Expires: Sat, 03 Dec 2022 14:42:55 GMT
Date: Sat, 03 Dec 2022 10:45:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14256
Expires: Sat, 03 Dec 2022 14:42:55 GMT
Date: Sat, 03 Dec 2022 10:45:19 GMT
Connection: keep-alive
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
192.232.251.94200 OK 47 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65280)
Hash 6d3f8ba511b26a2b5e2555673e996be4
d5a3c1ed68beeeafc4da01d71a6b7ce0f19f985e
955d1e858ec91ca4b3f5c845421692afc83dcbca3dd52577f746e18278f45315
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20049904-a818-4d1c-9585-79edf76dcc61.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20049904-a818-4d1c-9585-79edf76dcc61.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9b77186d0d93f7ccfe729edd9d184af3
458aa485b9abef3b72427d308a172d1c24eceabd
8bed5a8e56e8c43fcbdc807245c2b651d014a06368574e57a25b718399a4a701
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20049904-a818-4d1c-9585-79edf76dcc61.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6966
x-amzn-requestid: 2b40c185-e050-4bfd-9b08-bb70e6f89824
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfAb7Ev3oAMFnrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389144c-65301ace20da6f580ed77e82;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 20:53:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qweaKZsigecnsWw0Cqz_dizuuFZmXkK1gGP0EN3pZx-yYK6eF7YjUg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 05:22:26 GMT
age: 19373
etag: "458aa485b9abef3b72427d308a172d1c24eceabd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 06:00:50 GMT
age: 17069
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.6.7
192.232.251.94200 OK 17 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.6.7
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (43069)
Hash fad4413b7223d3561e8212f9c430b4bf
8c8febd4709918c91c908ce3779dc9553a83e1d7
f856bea9ba9b08baf41bd3ef3c54659e4113ea1b51827fc78c8c3de64dd66c8a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.6.7 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 16875
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: application/javascript
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3abdcce275bb9723b4ac1d0c38cc8891
91f0d888c38db0899f106b652e3dcac062648099
ff411fc0d5abaf519d6600961ec51ad71ad9a02e23cc02ad818e27f0324b3d1e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F528dcb40-0960-4efd-98b7-a07004a61b22.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7657
x-amzn-requestid: c0dbd862-41cf-4fa8-ab6b-256763c63fbf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ciZN1Fo6IAMF9EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a6f25-554ffbc83fd70c557437120f;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ElvfdUly4Rb3YOQyMO2C_VelFUe6xcFbMh6x5fNrRzGjKCITdGSwLQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 21:37:47 GMT
age: 47252
etag: "91f0d888c38db0899f106b652e3dcac062648099"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ffa12df550123f63b20f67437cd8a04
398fd2d837c73f54c4591b69cd683f29bdf9184a
fd9ac4396488098923c27531295e64475047dd008a901e59915109a73a69f305
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F652bfe35-9b09-4fba-b7b5-c6bd90cccdbe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6119
x-amzn-requestid: b0bf3aed-f968-4ebb-953e-35300d74ef16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdCe8GgNIAMFQag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63884ac5-4b20ca67753e65c5232660f5;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 06:33:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: axyk2U1R7AX1RVQmdc303S2S2CUs_RgphyeYPsbGveGHMAjY3KEzdw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 13:19:35 GMT
age: 77144
etag: "398fd2d837c73f54c4591b69cd683f29bdf9184a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XvG2dAUeB914GQ1qJwQRHovAtra8OSjG-CsXeR8UOBq5r8qVjEbPBQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 22:39:04 GMT
age: 43575
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/picker.classic.css?ver=20.9
192.232.251.94200 OK 603 B URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/picker.classic.css?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1208)
Hash 130de38568e19bc15656a949fd51b5dd
e521556481eb8d1a329b3f5edbd93cfcf850ab72
98e1d518a87ea5eed9aa0b35a764a8287b2a998aec10a7ffeff509870e9077d1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/picker.classic.css?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 603
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.7.2
192.232.251.94200 OK 1.4 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.7.2
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3235)
Hash 7212337450ba87c3ab795c3841ae535e
14398b97d3a4b8582db4dedbdf6f451df58b82d3
09e133edb6e265b26a0aca887d087df0f3b18d77fe52839f423b9cb94307a244
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.7.2 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 22:14:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 1437
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: application/javascript
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/intlTelInput.css?ver=20.9
192.232.251.94200 OK 3.2 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/intlTelInput.css?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (20761), with no line terminators
Hash 695205ecb44a5906d054040d382055e2
e33ef605b5a11539eac3b101a64920c37bd86eb0
98864a8edd54e970784087c240e7921d4fb245621ba668671a08ff64f9ce3ea4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/intlTelInput.css?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 3173
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/css
sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/bookly-main.css?ver=20.9
192.232.251.94200 OK 9.2 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/bookly-main.css?ver=20.9
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 59f29d9971deccb4ac4dc099bedc9730
3a2f61eb4867487a205b0b89250518a1e60cbc56
adcf7c12a98c74f8c0eb60641609f595bf9fbc303ae9569ecb1f133b6c6e1b9b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookly-responsive-appointment-booking-tool/frontend/resources/css/bookly-main.css?ver=20.9 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:19 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 23:32:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 9237
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:45:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sculpting.bizdemo.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 227486
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/chivo/v18/va9I4kzIxd1KFrBoQeM.woff2
142.250.74.35200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/chivo/v18/va9I4kzIxd1KFrBoQeM.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 31216, version 1.0\012- data
Hash 9d57cf636bfec7981ca5ce494303afd5
442c8d98b87190d0937dfba2e55b500bfc8a95d8
64aa7a01c38e5f51aa6b7cd48decf2bd9ef228857df6ff47b0f58b38c1bdfc30
GET /s/chivo/v18/va9I4kzIxd1KFrBoQeM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sculpting.bizdemo.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31216
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 06:58:04 GMT
expires: Wed, 29 Nov 2023 06:58:04 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 17 Nov 2022 15:51:07 GMT
content-type: font/woff2
age: 359236
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
142.250.74.35200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sculpting.bizdemo.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 12:29:21 GMT
expires: Fri, 01 Dec 2023 12:29:21 GMT
cache-control: public, max-age=31536000
age: 166559
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
142.250.74.35200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sculpting.bizdemo.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:28:50 GMT
expires: Thu, 30 Nov 2023 19:28:50 GMT
cache-control: public, max-age=31536000
age: 227790
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/josefinsans/v25/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2
142.250.74.35200 OK 27 kB URL HTTP/2 fonts.gstatic.com/s/josefinsans/v25/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 26592, version 1.0\012- data
Hash c2d66029cf6ae68a19e1398fc02feda6
c37e5907e49d2ed5b11f59841a3d16c911da7a5c
3701f4ae604d8fccb4ddca393e076a456aebfb06c1a9d94c1c13089293f55716
GET /s/josefinsans/v25/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sculpting.bizdemo.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26592
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 22:37:52 GMT
expires: Sun, 26 Nov 2023 22:37:52 GMT
cache-control: public, max-age=31536000
age: 562048
last-modified: Mon, 11 Jul 2022 20:56:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:45:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/rajdhani/v15/LDI2apCSOBg7S-QT7pa8FvOreec.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/rajdhani/v15/LDI2apCSOBg7S-QT7pa8FvOreec.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15688, version 1.0\012- data
Hash d5448938a162ccb434b09f4572c0191f
be9eae3d1d9f4fbd2208e0fd3c871b17b65b6516
5b7e4a6f97163c2636724d4de90304fc895653dcfe64c67a7a22f26331ca5c5f
GET /s/rajdhani/v15/LDI2apCSOBg7S-QT7pa8FvOreec.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sculpting.bizdemo.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15688
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 08:27:09 GMT
expires: Fri, 01 Dec 2023 08:27:09 GMT
cache-control: public, max-age=31536000
age: 181091
last-modified: Wed, 27 Apr 2022 15:41:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:45:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/d04667980ea54d0ca5395e11bf72df1f-1.jpg
192.232.251.94200 OK 17 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/d04667980ea54d0ca5395e11bf72df1f-1.jpg
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x300, components 3\012- data
Hash f76b434a47cdcdf204c997205400c8d2
7181d6427a8c2d17ed6766e2755c1647c2ae62b2
2b5ad6eceb8dd3cdfce8d6898e7f30746ea7df488230bf03f04e1f0e9097abd1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/d04667980ea54d0ca5395e11bf72df1f-1.jpg HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sun, 10 Jul 2022 17:01:25 GMT
Accept-Ranges: bytes
Content-Length: 16559
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: image/jpeg
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/body-sculptig-images-1.jpg
192.232.251.94200 OK 4.6 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/body-sculptig-images-1.jpg
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 312x162, components 3\012- data
Hash 1a661f6f05fcb151fdd36c5c4c7fb070
7e3514fba19c9f3e3731748061e4e34ee346a1c7
fe46d86817580b11041dbf06a2cbefb594c7b06aa3455f93893f14d8130ff544
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/body-sculptig-images-1.jpg HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/post-226.css?ver=1670021517
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Mon, 11 Jul 2022 20:47:06 GMT
Accept-Ranges: bytes
Content-Length: 4552
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: image/jpeg
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/diet-pills-for-women.jpg
192.232.251.94200 OK 20 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/diet-pills-for-women.jpg
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=1, copyright=Bigstock], baseline, precision 8, 600x440, components 3\012- data
Hash 995507889cbae99ffe59d62ecea72a24
7e91e555d459b3db78c997c93a1dbf6096e87d7c
849c60690da79fee8386f5eee57f284b3a96258fa178fdc620a4376f3735b9fb
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/diet-pills-for-women.jpg HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/post-226.css?ver=1670021517
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sun, 10 Jul 2022 17:00:51 GMT
Accept-Ranges: bytes
Content-Length: 20201
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: image/jpeg
fonts.gstatic.com/s/rajdhani/v15/LDI2apCSOBg7S-QT7pbYF_Oreec.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/rajdhani/v15/LDI2apCSOBg7S-QT7pbYF_Oreec.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15732, version 1.0\012- data
Hash ad9c55ecf03998391f7149c29543452a
dcd4cf87ae721dd01a6ee29be033c7d70f9c198d
433a7007e4747a02a790167a6efa2625855f013970ba49b9b739a5d3db8b2601
GET /s/rajdhani/v15/LDI2apCSOBg7S-QT7pbYF_Oreec.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sculpting.bizdemo.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15732
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 15:48:05 GMT
expires: Wed, 29 Nov 2023 15:48:05 GMT
cache-control: public, max-age=31536000
age: 327435
last-modified: Wed, 27 Apr 2022 16:21:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:45:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:45:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/josefinslab/v20/lW-5wjwOK3Ps5GSJlNNkMalnqg6v.woff2
142.250.74.35200 OK 19 kB URL HTTP/2 fonts.gstatic.com/s/josefinslab/v20/lW-5wjwOK3Ps5GSJlNNkMalnqg6v.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 18756, version 1.0\012- data
Hash 2418d539cb98fa7283decf2f6cac0071
9bb6df14931fdd480abe579b3d8cbde3975285ac
42e2188226f22170e8c5b32e0591705221b9126610a84f145c8ce589734b07f6
GET /s/josefinslab/v20/lW-5wjwOK3Ps5GSJlNNkMalnqg6v.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sculpting.bizdemo.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18756
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 08:33:55 GMT
expires: Fri, 01 Dec 2023 08:33:55 GMT
cache-control: public, max-age=31536000
age: 180685
last-modified: Mon, 11 Jul 2022 20:59:21 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash baaba92c2ccd740f080a25a9ea5cb3ad
3322d5a9fb0b3a2ec83247eac9865234cbcefece
5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Dec 2022 10:45:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/Sculpting-960w.jpg
192.232.251.94200 OK 30 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/Sculpting-960w.jpg
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, baseline, precision 8, 960x660, components 3\012- data
Hash 3413c69473b98b9ee9137bf3cf17318d
152ef2332d668f1f199711d3523dd5709c2c2f46
5ca9ac8a0cb027acdffe669959194f60d2e73d63f86e7894e0cee52900b26b4d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/Sculpting-960w.jpg HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/wp-content/uploads/elementor/css/post-226.css?ver=1670021517
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sun, 10 Jul 2022 17:01:07 GMT
Accept-Ranges: bytes
Content-Length: 30112
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: image/jpeg
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
192.232.251.94200 OK 77 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format (Version 2), TrueType, length 76764, version 331.-31261\012- data
Hash f7307680c7fe85959f3ecf122493ea7d
fce0da592a3e536d6d5df5b50cb513398d8c5161
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=5.1.8
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Content-Length: 76764
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: font/woff2
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/4aea5391-gl-image-12.png
192.232.251.94200 OK 76 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/4aea5391-gl-image-12.png
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 350 x 380, 8-bit colormap, non-interlaced\012- data
Hash de35721630c44baecc7237f3432878e8
2dd38c167ca1e3cd66d062e64f9479c1fb16067d
a8e5ce87059a5106f294c64ef43e8640c801ccc11a9e3e91352f4095746b2e17
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/4aea5391-gl-image-12.png HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 12:21:14 GMT
Accept-Ranges: bytes
Content-Length: 76138
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: image/png
sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.15.0
192.232.251.94200 OK 92 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.15.0
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format (Version 2), TrueType, length 92444, version 1.0\012- data
Hash e5d9164498f1649084fe6fb95d3ad593
29e71123f8ef22f20f8d50bc4caac9db6e04a824
1525cd3ea05d1c00e4b385e781749c3bac5c01570b5800198bec0a252bb6c715
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.15.0 HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 11:55:17 GMT
Accept-Ranges: bytes
Content-Length: 92444
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: font/woff2
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/closeup-portrait-beautiful-mulatto-girl-blue-t.jpg
192.232.251.94200 OK 45 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/closeup-portrait-beautiful-mulatto-girl-blue-t.jpg
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 626x417, components 3\012- data
Hash c3a0b76ee20cf078b1fb8b3231b70612
14cbe12d1e2cb0ba4bead8bbcef8a80272818958
4e54031271c18233c9f347f8cfdd6427d104f3dff320710be6bb67bf46267b65
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/closeup-portrait-beautiful-mulatto-girl-blue-t.jpg HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sun, 10 Jul 2022 17:01:06 GMT
Accept-Ranges: bytes
Content-Length: 45042
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: image/jpeg
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/cb5e424d-gl-image-3.png
192.232.251.94200 OK 83 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/cb5e424d-gl-image-3.png
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 350 x 380, 8-bit colormap, non-interlaced\012- data
Hash c61dbbb7bb619c4955b1736e85a89dbe
8fe9a004e062e59eae8c41d2e0b0006cb6893a9b
8bade0258e19bb6fccacf542f30e81a4ac2f9bb15adeccc9d952a4010d2aee88
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/cb5e424d-gl-image-3.png HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 12:21:09 GMT
Accept-Ranges: bytes
Content-Length: 83184
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: image/png
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/f190334a-logo.png
192.232.251.94200 OK 1.7 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/f190334a-logo.png
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 197 x 132, 8-bit colormap, non-interlaced\012- data
Hash da0cfc4d3e79ed9b6e4c9cb4cffa4e04
3314aba162f58981e32df21ac39b64036fcd9eb8
e10040f2ebf0fe068f7c8cff16839ff80bd8f7c917424ab3f2aae168b60e8752
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/f190334a-logo.png HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 20:19:09 GMT
Accept-Ranges: bytes
Content-Length: 1705
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: image/png
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/laser-lipo-1-e1657472961699-1.jpg
192.232.251.94200 OK 74 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/laser-lipo-1-e1657472961699-1.jpg
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=17, height=3840, bps=218, PhotometricIntepretation=RGB, description=Beautician conducting fat reducting therapy with cold medical laser, manufacturer=Canon, model=Canon EOS 5D Mark III, orientation=upper-left, width=5760], baseline, precision 8, 512x450, components 3\012- data
Hash 7c52da51e2ac2be18d01959667b67bdd
512852dcac5476fa8ac0536dabf7c383da9d4724
395ff7768f6c0eaad92a2c182ccdcb63310a0763b1c02fc116a13650eaece2a0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/laser-lipo-1-e1657472961699-1.jpg HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sun, 10 Jul 2022 17:10:06 GMT
Accept-Ranges: bytes
Content-Length: 74220
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: image/jpeg
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/maxresdefault-1-1-e1657473189925-1.jpg
192.232.251.94200 OK 56 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/maxresdefault-1-1-e1657473189925-1.jpg
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 854x720, components 3\012- data
Hash 9aecf01b2431cf4c447f3dcd3ecc6998
2dc1bd39b76ecbf49ba91b213adee3cd7bede358
f1eaa18457157e4fd58b6a434dc0e3bfa46cc048174dd26c5c80e8aa93f3ad08
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/maxresdefault-1-1-e1657473189925-1.jpg HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sun, 10 Jul 2022 17:13:40 GMT
Accept-Ranges: bytes
Content-Length: 55658
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: image/jpeg
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/afe54f18-aervice-bg-1.png
192.232.251.94200 OK 2.1 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/afe54f18-aervice-bg-1.png
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 450 x 450, 8-bit colormap, non-interlaced\012- data
Hash 2e90a2c167e5d38fb3eb1fc311c590a8
dc93bd986da6c26a018709e2a072fa92745e51ba
19be5c0d28654aeef39aa7581a9ca6201a526aff6ff1e175c29eecd68dfdf72f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/afe54f18-aervice-bg-1.png HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sat, 09 Jul 2022 12:13:40 GMT
Accept-Ranges: bytes
Content-Length: 2056
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: image/png
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/Chemical-Peels-body-contouring-10.png
192.232.251.94200 OK 318 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/Chemical-Peels-body-contouring-10.png
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1000 x 667, 8-bit colormap, non-interlaced\012- data
Size 318 kB (317688 bytes)
Hash 238ef9325d697faa32e03c057a2645c9
076928ce6f9a69333646045908d05810edc45c1f
a51b59fea7e0c5d2c5c5520c758e67e74ea63e593850885f8fbe7fb047fc4a62
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/Chemical-Peels-body-contouring-10.png HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sun, 10 Jul 2022 17:01:19 GMT
Accept-Ranges: bytes
Content-Length: 317688
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: image/png
sculpting.bizdemo.xyz/wp-content/uploads/2022/07/Whipple-skin-tightning-options-1536x1165.jpg
192.232.251.94200 OK 183 kB URL HTTP/1.1 sculpting.bizdemo.xyz/wp-content/uploads/2022/07/Whipple-skin-tightning-options-1536x1165.jpg
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=12, description=concept of aging and skin care. face of young woman and an old woman with wrinkles, manufacturer=NIKON CORPORATION, model=NIKON D800, orientation=upper-left, xresolution=270, yresolution=278, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2014:02:14 23:45:38], baseline, precision 8, 1536x1165, components 3\012- data
Size 183 kB (182987 bytes)
Hash 376a6f49b41b2e967df5bafcc767c276
384e5f97b787a94794dc9f4cb178e0223a9488a7
76a6c98be647964fb311436a335a348066a4eb56e69d70e8982c691e28c7a9c5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/07/Whipple-skin-tightning-options-1536x1165.jpg HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:20 GMT
Server: Apache
Last-Modified: Sun, 10 Jul 2022 17:01:12 GMT
Accept-Ranges: bytes
Content-Length: 182987
Cache-Control: max-age=86400
Expires: Sun, 04 Dec 2022 10:45:20 GMT
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: image/jpeg
sculpting.bizdemo.xyz/favicon.ico
192.232.251.94200 OK 0 B URL HTTP/1.1 sculpting.bizdemo.xyz/favicon.ico
IP 192.232.251.94:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: sculpting.bizdemo.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
HTTP/1.1 200 OK
Date: Sat, 03 Dec 2022 10:45:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Link: <http://sculpting.bizdemo.xyz/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=af8284acf6a51a18f6fd98e9114129a4; path=/; HttpOnly
X-Endurance-Cache-Level: 2
X-nginx-cache: WordPress
Content-Length: 0
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CJosefin+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CJosefin+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRajdhani%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CChivo%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.3
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CJosefin+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CJosefin+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRajdhani%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CChivo%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.3
IP 142.250.74.106:0
GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CJosefin+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CJosefin+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRajdhani%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CChivo%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.3 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sculpting.bizdemo.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Dec 2022 10:45:17 GMT
date: Sat, 03 Dec 2022 10:45:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2