firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 06 Sep 2022 17:04:20 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rzha8WpZ0nRa3WLdTZb1OM5ZxsR9QWGp8ESuupRoYTpLjAwwQCPj-g==
Age: 2041
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15876
Expires: Tue, 06 Sep 2022 22:02:57 GMT
Date: Tue, 06 Sep 2022 17:38:21 GMT
Connection: keep-alive
banksoftrust.com/
68.65.122.58301 Moved Permanently 707 B IP 68.65.122.58:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Tue, 06 Sep 2022 17:38:21 GMT
server: LiteSpeed
location: https://banksoftrust.com/
x-turbo-charged-by: LiteSpeed
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 06 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: h4im9TZj-UwIq24mGH8pLvH1TNWE1Q_Z2c31chACG2iTpnmQ6wv7BQ==
age: 58984
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 17:38:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 06 Sep 2022 17:38:18 GMT
Expires: Tue, 06 Sep 2022 17:42:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: yFcmZLwLbM0rtG-G9j-WkZOZpTFCrnxJpxn48wR5WwXjaF5atSkrOA==
Age: 3
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash cea5c4ca45947eb7a834c2e22a6bb3ba
6eddd1c57766cc9957ece2f4455cefcd113793f5
e03bfffb81f02600f5feccb89cdb0cdd092785292d6e2c6d23c541fdaf8ce28b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 17:38:21 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Sep 2022 13:45:44 GMT
Expires: Sun, 11 Sep 2022 13:45:43 GMT
Etag: "6eddd1c57766cc9957ece2f4455cefcd113793f5"
Cache-Control: max-age=417441,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7468fa548997b52d-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e8952752ad4a452a575522a7eb737217
c5554fa2af05d7a7117032b0f99352de08988346
8c182bed7bbd843774a2136823b30a4cb707e2a5386f71d01640aa3558888bf7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 734
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 17:38:21 GMT
Last-Modified: Tue, 06 Sep 2022 17:26:07 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.165.41.15101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.165.41.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rFmxaWbNr94IZ+OzN1DT5A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mgghx8g9UEhMEMXncdNE2pTmCKo=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 17:38:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 17:38:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 17:38:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8fc7316fab55e89a81536e926eab6f83
7fcab743b176312e76999b39a1b2a3b97dbeb10f
8178b9805611209f5c47dce32da555117870a90648e026d08cc691a4103169a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 17:38:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
banksoftrust.com/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.8.5
68.65.122.58200 OK 237 B URL HTTP/2 banksoftrust.com/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.8.5
IP 68.65.122.58:0
Hash 83042c9c72bc38390b52906120f81c35
98a9789c05c0f981dca01d2c3622b5e458ba7589
a193b2efbe3e706cc8c633fff822f5a64eb0ee5f692c4a3495f3c7e58e8b7637
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Tue, 24 Nov 2020 11:06:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 237
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/
68.65.122.58200 OK 32 kB IP 68.65.122.58:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (30008), with CRLF, LF line terminators
Hash 12079b088c6e964697368458413db279
ccc55cb40c7aff753b9c1020997ba74281b39010
3f23c72a38e8d34194d574b5253fc14439c0a9b3c32576200d542f7a7e92e082
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.30
content-type: text/html; charset=UTF-8
link: <https://banksoftrust.com/wp-json/>; rel="https://api.w.org/", <https://banksoftrust.com/wp-json/wp/v2/pages/11>; rel="alternate"; type="application/json", <https://banksoftrust.com/>; rel=shortlink
x-litespeed-cache-control: public,max-age=604800
x-litespeed-tag: d20_HTTP.200,d20_front,d20_URL.6666cd76f96956469e7be39d750cc7d9,d20_F,d20_Po.11,d20_PGS,d20_
etag: "1434-1662485902;br"
x-litespeed-cache: miss
content-encoding: br
vary: Accept-Encoding
date: Tue, 06 Sep 2022 17:38:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=6.3.3
68.65.122.58200 OK 1.2 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=6.3.3
IP 68.65.122.58:0
File type ASCII text, with very long lines (5305), with no line terminators
Hash 8869d434cd2a3350017c5dddb6b6c624
218f6b304da36e0e5c1212e2b8afd934f2801a93
80727ae14af6bf4636a9455f87ce0e83429bacb577965aee4d0ce980759bf7e9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=6.3.3 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 12:38:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1207
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c0498832f97967e1fbaa64eba7c65094
2dcaaa99759c7b3279d75f4f934bf05a1c4ca8e7
63621ee746f1a80c3c6167ca190e5008e3e79db0bc8f0e5cb0e5dccc11ceb822
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 17:38:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8fc7316fab55e89a81536e926eab6f83
7fcab743b176312e76999b39a1b2a3b97dbeb10f
8178b9805611209f5c47dce32da555117870a90648e026d08cc691a4103169a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 17:38:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
banksoftrust.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=6.3.3
68.65.122.58200 OK 20 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=6.3.3
IP 68.65.122.58:0
File type Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Hash 9d96f66ab6bfde11b16c068a7f162b0c
4475a0eb37ecb59888995236d7c7040fc3d9fc07
009fcebbd3538ed13ea5c61ff6ee6958955485010728a1747a3d36d4e1c38531
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=6.3.3 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 12:38:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 19843
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/counter-number-showcase/assets/css/bootstrap-front.css?ver=5.8.5
68.65.122.58200 OK 1.5 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/counter-number-showcase/assets/css/bootstrap-front.css?ver=5.8.5
IP 68.65.122.58:0
File type assembler source, ASCII text, with very long lines (780)
Hash 08a40a22f7be47dd939d7a2798d25ce3
372f9c9556ea8f098a4a300eb32a3580c729ae29
d487f7bd8ca6d187c81360343d67847168fe8652a9948f48eda68790f744d62e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/counter-number-showcase/assets/css/bootstrap-front.css?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 22:12:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1470
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5831973c035e1feb553f86c9a76ad009
1e43981e026aae60f63aa0c3cb90380636571430
4f33784e491780bea2fb34a347da19886a6076bf0e07c6fb439cc3b088db9f8b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F33784E491780BEA2FB34A347DA19886A6076BF0E07C6FB439CC3B088DB9F8B"
Last-Modified: Mon, 05 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1021
Expires: Tue, 06 Sep 2022 17:55:24 GMT
Date: Tue, 06 Sep 2022 17:38:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17159
Expires: Tue, 06 Sep 2022 22:24:22 GMT
Date: Tue, 06 Sep 2022 17:38:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17159
Expires: Tue, 06 Sep 2022 22:24:22 GMT
Date: Tue, 06 Sep 2022 17:38:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17159
Expires: Tue, 06 Sep 2022 22:24:22 GMT
Date: Tue, 06 Sep 2022 17:38:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17159
Expires: Tue, 06 Sep 2022 22:24:22 GMT
Date: Tue, 06 Sep 2022 17:38:23 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Yantramanav%3A700&subset&ver=3.0.16
142.250.74.10200 OK 910 B URL HTTP/2 fonts.googleapis.com/css?family=Yantramanav%3A700&subset&ver=3.0.16
IP 142.250.74.10:0
Hash 5208a8d51965dc919a48efc813457e4b
5dffcbc97303494a76558cfb9b629c8c65325efa
ee87ec9fca70d8bd5e3c7a8cc072a99fbecef6bca2b4b521b24cc562533464c6
GET /css?family=Yantramanav%3A700&subset&ver=3.0.16 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 17:38:23 GMT
date: Tue, 06 Sep 2022 17:38:23 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb4b1d74f1443bc3328301ab3ae6464
2768253dacaaad6cb498c6b2eb7694208b0ce0a6
07dcc95dab7757402998a5a61b540c965ce95c8bd51a814a09438981693b563a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8688
x-amzn-requestid: e408351e-ba6c-4e55-815d-449af808282f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5yMEFBLoAMFtqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313ca4d-13831d8572a3b3cf54a0e747;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:42:37 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GFM9jerDkTPdhlUTm99E7Lpksw2ZGnV81bNVaZLvWSAiRNDNtkZi4g==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:44:39 GMT
age: 71624
etag: "2768253dacaaad6cb498c6b2eb7694208b0ce0a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&ver=5.8.5
142.250.74.10200 OK 6.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Abril+Fatface%3Aregular&ver=5.8.5
IP 142.250.74.10:0
Hash a615f43013cc0fb0803f822ba84448b5
6147efacd5e9f69d1f6137bb4b369fa5e10284de
7b3fc3b54528ebc524d8f92cddf2a4e4cc035350e777b76b00045edc88f58b84
GET /css?family=Abril+Fatface%3Aregular&ver=5.8.5 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 17:38:23 GMT
date: Tue, 06 Sep 2022 17:38:23 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 983e705542fa78b4d5c876e0c1eada7e
5fc951e5236edd282d4975853ca35dab2e55fb17
fa6e478fc213f6cb6c9f33c96c51105262c857bfe313b3d310755be30b1feeb3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6656
x-amzn-requestid: 2703eaf4-1a5a-41a6-859b-47255865efb0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAX-3F2ZIAMFpLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166d2b-6df026de5a9230ed429d08c1;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:42:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FIIvB2jeQ_PBDzi8XRN0jnNxze3OwDbz8TBaIcadRvmQd2EFhCwX7Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:44:33 GMT
age: 71630
etag: "5fc951e5236edd282d4975853ca35dab2e55fb17"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/counter-number-showcase/assets/css/font-awesome/css/font-awesome.min.css?ver=5.8.5
68.65.122.58200 OK 6.7 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/counter-number-showcase/assets/css/font-awesome/css/font-awesome.min.css?ver=5.8.5
IP 68.65.122.58:0
File type ASCII text, with very long lines (30837)
Hash 5dbbe85d6a3308dceb97d91b740b0f11
3f70abf9963371962665167f98ba52365481496d
751d4fdd16bd33cc9c93bcaadcd316922ca9bbd74cb6a9e1705c8bef4330dabf
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/counter-number-showcase/assets/css/font-awesome/css/font-awesome.min.css?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 22:12:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6657
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
142.250.74.46200 OK 39 kB URL HTTP/2 translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
IP 142.250.74.46:0
Hash 6796a2839da7fe248dfa639472a8f4cd
7b6fe7c6190a23828423cd0610969989ef17cdf7
a3c9861a15f2932cbee655454536a21ccc57d96ed30c194cff4478b149fdf16d
GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 06 Sep 2022 17:38:23 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+358; expires=Thu, 05-Sep-2024 17:38:23 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/counter-number-showcase/assets/css/counter-column.css?ver=5.8.5
68.65.122.58200 OK 239 B URL HTTP/2 banksoftrust.com/wp-content/plugins/counter-number-showcase/assets/css/counter-column.css?ver=5.8.5
IP 68.65.122.58:0
Hash 5633a3b2c4b50ad3484c4fed043dc9d1
a3b8881a6690aa426d386c2c3c0da2ca040c1994
045e6da12132390129fbc7f2b4542973e68eb5688c734dab2f3229cf89d474e0
GET /wp-content/plugins/counter-number-showcase/assets/css/counter-column.css?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 22:12:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 239
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c23179b2131543088771e3fa84ff231
ae50ae4aecd962b698c19f2863857b51cea7fcec
660900ca69b1787a734c1dbe3d6b9b19656912b4bc4715964c4325edff57f008
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7855
x-amzn-requestid: d7c8054c-d7d3-4b76-815d-36c3a2e1f6a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYn6FwzoAMF40g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166e32-3ededbf27f83503978e0d775;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:46:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QFEoJOq9eyhQH3KTlAB_ctOvGWRfAkPMHiZUa34wae07KaezXFodBg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:57:14 GMT
age: 70869
etag: "ae50ae4aecd962b698c19f2863857b51cea7fcec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.5
68.65.122.58200 OK 6.9 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.5
IP 68.65.122.58:0
File type ASCII text, with very long lines (29701), with CRLF line terminators
Hash 1adf583a268e30aaaed46550b156467c
6a785895330c86950708fe91b507a2e7803eb8be
25dde0693ac14abf231374b31feb6f7a8e4e7687640d1c013e3336ad03d1283f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 14:14:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6856
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/tf-numbers-number-counter-animaton/assets/css/font-awesome.min.css?ver=5.8.5
68.65.122.58200 OK 6.7 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/tf-numbers-number-counter-animaton/assets/css/font-awesome.min.css?ver=5.8.5
IP 68.65.122.58:0
File type ASCII text, with very long lines (30915)
Hash d9b629aa0446889614cc86746bc14a62
0f100139b2a944c4fa90ed7966513fe11c6ced23
8bd9a0c94824be2c39850479e194f6ab1cbd8aa849701e3a50ee2d5a1e736793
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/tf-numbers-number-counter-animaton/assets/css/font-awesome.min.css?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 22:37:27 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6663
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/tf-numbers-number-counter-animaton/assets/css/style.css?ver=5.8.5
68.65.122.58200 OK 382 B URL HTTP/2 banksoftrust.com/wp-content/plugins/tf-numbers-number-counter-animaton/assets/css/style.css?ver=5.8.5
IP 68.65.122.58:0
File type ASCII text, with CRLF line terminators
Hash c29458121f49fd18ab03594f00b9e3a5
579f08384ba6e38ee016889b6253956d9efbf45b
b48224c1fce2f901b0e9a58bf2fd5d12127f65e4742be6ac78cba78e780c1cae
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/tf-numbers-number-counter-animaton/assets/css/style.css?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 22:37:27 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 382
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.0.0
68.65.122.58200 OK 2.3 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.0.0
IP 68.65.122.58:0
File type Unicode text, UTF-8 text, with very long lines (17822), with no line terminators
Hash 06ed8004b6295a6879b33a0972438a15
b20a065c447bedd3df5754563c3d447c9a804d77
0545f74d8c6ac5778ebbb8e7f972a1cf1a9ed8d1e30fbdb3c51c0c96f30e7487
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.0.0 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 12:38:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2344
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/pe-icon-7-stroke/css/pe-icon-7-stroke.css?ver=5.8.5
68.65.122.58200 OK 1.7 kB URL HTTP/2 banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/pe-icon-7-stroke/css/pe-icon-7-stroke.css?ver=5.8.5
IP 68.65.122.58:0
Hash eafd532a9d530cbb91a75bd98d77b8db
9f90575082e9a0359928a277e681e467e20b02c7
a023d8531a89d481d1892417a04d983a4315ab508d8bc31eff0b044984bb2f16
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/saturnthemes-financebank/assets/lib/pe-icon-7-stroke/css/pe-icon-7-stroke.css?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 12:42:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1683
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=5.1.1
68.65.122.58200 OK 6.3 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=5.1.1
IP 68.65.122.58:0
File type ASCII text, with very long lines (28824)
Hash 59bca3446ccb4134e341a4fe634ff680
7de70318e580b19bd27e4f453eb5315d5da92527
bfc0245f6d960e942e0906bc25a7bfeec5055f9deb4fecbe465ec37109a13bc9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=5.1.1 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 14:32:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6308
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/slick/slick.css?ver=5.8.5
68.65.122.58200 OK 461 B URL HTTP/2 banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/slick/slick.css?ver=5.8.5
IP 68.65.122.58:0
Hash 4f3739ea156ce8dead3c76b95fda28af
5ac3fde9b8811a3d21c5eea718f654ffcdd3b235
cb27589ba6bc77462e311b06958f23457901cc9f2e95cbb6399cc568542df93c
GET /wp-content/themes/saturnthemes-financebank/assets/lib/slick/slick.css?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 12:42:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 461
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/slick/slick-theme.css?ver=5.8.5
68.65.122.58200 OK 781 B URL HTTP/2 banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/slick/slick-theme.css?ver=5.8.5
IP 68.65.122.58:0
Hash 70b420a729b9ad45f0297c3abefe79b3
a9fb6db17e58ec3963a048a8d2d518a981022174
302be22690c7b56cb40171c4681ebeab166b9944ec76b0c610f5d1d6104bc137
GET /wp-content/themes/saturnthemes-financebank/assets/lib/slick/slick-theme.css?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 12:42:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 781
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/swipebox/css/swipebox.css
68.65.122.58200 OK 1.2 kB URL HTTP/2 banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/swipebox/css/swipebox.css
IP 68.65.122.58:0
Hash 1bab2e436018cfacd70fc46fdb757445
ca5bfde21093386a74f1a588e63284e75f5cdfc3
5e7a933268eb8aafe844a3bb970d78ad0a75bb8cb5fe958a97b0f11485abb2e6
GET /wp-content/themes/saturnthemes-financebank/assets/lib/swipebox/css/swipebox.css HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 12:42:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1209
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/themes/saturnthemes-financebank/style.css?ver=5.8.5
68.65.122.58200 OK 428 B URL HTTP/2 banksoftrust.com/wp-content/themes/saturnthemes-financebank/style.css?ver=5.8.5
IP 68.65.122.58:0
Hash 5801d815049888bf172f7bd92dcf60c3
d871dd78ce962912c331eb21ceedcf1831161b70
1fafb4f712ba6d3caf329769b2ed3b5dd0e8307689e45cca226ce7bf5fb1e510
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/saturnthemes-financebank/style.css?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 12:42:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 428
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1753e60d4b92bbb354edfbb9d85f365a
09b75cd56210447d470f7cd7914591a61fd132e1
3a83a3a5cb7c7061967bca347c3e76479735ad8caef9d590442d5c33290d69bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A83A3A5CB7C7061967BCA347C3E76479735AD8CAEF9D590442D5C33290D69BF"
Last-Modified: Tue, 06 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21542
Expires: Tue, 06 Sep 2022 23:37:25 GMT
Date: Tue, 06 Sep 2022 17:38:23 GMT
Connection: keep-alive
banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/magnific-popup/magnific-popup.css?ver=5.8.5
68.65.122.58200 OK 1.8 kB URL HTTP/2 banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/magnific-popup/magnific-popup.css?ver=5.8.5
IP 68.65.122.58:0
Hash f3a37492f2df43f75801e3bec2c55e8e
0a8bbddf0fea047ef8a70eb64975166f3a24c88c
d127fcc44be73d34bb385a752b3e702e4c4a879b201671c113a4a9d347b2828a
GET /wp-content/themes/saturnthemes-financebank/assets/lib/magnific-popup/magnific-popup.css?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 12:42:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1782
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
68.65.122.58200 OK 4.3 kB URL HTTP/2 banksoftrust.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 68.65.122.58:0
File type ASCII text, with very long lines (11834)
Hash ce98b1aeeffb5c21974d09112c26adb1
e0e80026afb2b79c2ac3ed2dd1a7cde7adb1a3ab
274dac5756cb49aa25c06138b61eff502e06629812c5b21d2f843d5e6b110866
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Mon, 22 Aug 2022 14:02:01 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4296
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
js.cofounderspecials.com/splash.js?v=5.1.7
91.211.91.112200 OK 573 B URL HTTP/1.1 js.cofounderspecials.com/splash.js?v=5.1.7
IP 91.211.91.112:0
ASN #206638 PE Brezhnev Daniil
File type ASCII text, with very long lines (2348), with no line terminators
Hash 2b3c14b2a6b311ee0557187a42d5dab1
4524506ded62ca19792f4c8dbb441fd32336fd57
3514c926c9a95eb83016b60c34909133e627445d6876ca934fd8464d65a6e3ef
GET /splash.js?v=5.1.7 HTTP/1.1
Host: js.cofounderspecials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 17:38:23 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
fonts.googleapis.com/css?family=Yantramanav:700%2C900%7COpen+Sans:800
142.250.74.10200 OK 8.9 kB URL HTTP/2 fonts.googleapis.com/css?family=Yantramanav:700%2C900%7COpen+Sans:800
IP 142.250.74.10:0
Hash 81daed438cea1ea64762ae0882916075
3f3cc981661518eff2c1e9a04dad5c97d717f030
b63dd3f1d215b7cc4002459a7a2a9a92e7c7e0363c707694f114c85c4e09e4f4
GET /css?family=Yantramanav:700%2C900%7COpen+Sans:800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 17:38:23 GMT
date: Tue, 06 Sep 2022 17:38:23 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.5
68.65.122.58200 OK 18 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.5
IP 68.65.122.58:0
File type ASCII text, with very long lines (65201), with CRLF line terminators
Hash 1802f433a4b2ca52cdd1acf4eaadf520
d02b5e913741226e807ee7ac0ae7cfe7fb2fd8ba
701c19d3566f491fca1fcbca537fb68670006bb6f6228860d967bc47cdd43527
GET /wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Sat, 21 Nov 2020 14:14:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18214
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.0.0
68.65.122.58200 OK 3.9 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.0.0
IP 68.65.122.58:0
File type ASCII text, with very long lines (9139)
Hash 4933f9ebabbd00da6270adc54576d771
9429ed492678a3004ca152ac874670200104950d
029ff39693a81cb652ab23bedfe6e607d36ee6d3b13b59078a2a06e2283db7b3
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.0.0 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 15:35:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3856
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/gtranslate/flags/24/en.png
68.65.122.58200 OK 1.8 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/gtranslate/flags/24/en.png
IP 68.65.122.58:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash ec7233b5c80e5db85f7733b2ec25203f
d4c36fff06dc7d920b10eb13b58ea9cd9321b430
347ee97a492f79675749d03533810ff899ee6a784b4e156f3e0a7613cdfb3d40
GET /wp-content/plugins/gtranslate/flags/24/en.png HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: image/png
last-modified: Tue, 24 Nov 2020 11:06:16 GMT
accept-ranges: bytes
content-length: 1767
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/revslider/admin/assets/images/dummy.png
68.65.122.58200 OK 73 B URL HTTP/2 banksoftrust.com/wp-content/plugins/revslider/admin/assets/images/dummy.png
IP 68.65.122.58:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 9d08eac154f5b02ef14e612fc25b9bf2
5a1e9121811015fbc274dae72072f874aee3d805
17af9e65317bbbfbbd0bcdc729f14faadf37cd08cf30cc0fe0b72443e78cbffb
GET /wp-content/plugins/revslider/admin/assets/images/dummy.png HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: image/png
last-modified: Sat, 21 Nov 2020 14:14:18 GMT
accept-ranges: bytes
content-length: 73
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=5.1.1
68.65.122.58200 OK 1.2 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=5.1.1
IP 68.65.122.58:0
File type ASCII text, with very long lines (1786)
Hash 3f573f26a2e25c45c22c6db88f81fbbb
8b7701067ce97ba8b51e3771f73a8d4c64738409
379f92afdb0bd564da169e1d90de1dc728742af88c99ea0e97c3aa497dd6e1c8
GET /wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=5.1.1 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Sat, 21 Nov 2020 14:32:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1183
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.0.0
68.65.122.58200 OK 970 B URL HTTP/2 banksoftrust.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.0.0
IP 68.65.122.58:0
File type HTML document, ASCII text, with very long lines (3037), with no line terminators
Hash 155d874ef60217f790dedec58e83d832
42a2698adec25b2000046cf7e3818e6478951fc3
c6801f4d5dcdd86ba3e33dc35a8765c03fd55e9f621443dd0fb7cd8c8e6707da
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.0.0 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 12:38:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 970
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/revslider/public/assets/fonts/font-awesome/css/font-awesome.css
68.65.122.58200 OK 7.1 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/revslider/public/assets/fonts/font-awesome/css/font-awesome.css
IP 68.65.122.58:0
File type ASCII text, with very long lines (372)
Hash 87078655aa8277916a177ef54987bd69
5582874ebd2c517538b2259d39de0f78b2f15d11
8c4e40d1509ef0cc7a4cc731e8bc160e6375a17f8a50ba87b9e235ad14e5714a
GET /wp-content/plugins/revslider/public/assets/fonts/font-awesome/css/font-awesome.css HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 14:14:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7107
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/counter-number-showcase/assets/js/waypoints.min.js?ver=5.8.5
68.65.122.58200 OK 2.5 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/counter-number-showcase/assets/js/waypoints.min.js?ver=5.8.5
IP 68.65.122.58:0
File type ASCII text, with very long lines (7808)
Hash c5caa8567f12989b5b77097e164196ac
a983cdf44314a6a2ab08b8c34290cc8861c0d8d8
5344e700c28cf98a8442240bf1f51a6de71b697369ab729ce1c90cfb42b3dea8
GET /wp-content/plugins/counter-number-showcase/assets/js/waypoints.min.js?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 22:12:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2461
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/counter-number-showcase/assets/js/counter_nscript.js?ver=5.8.5
68.65.122.58200 OK 155 B URL HTTP/2 banksoftrust.com/wp-content/plugins/counter-number-showcase/assets/js/counter_nscript.js?ver=5.8.5
IP 68.65.122.58:0
File type ASCII text, with CRLF line terminators
Hash e318a11a341e18878bef8f164578620d
ccd816531e9d9a669acaff10d326d50764288c59
2cfcf1b1b821b9ada3643b69a2499b215760596084e67dd25ff0091405213622
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/counter-number-showcase/assets/js/counter_nscript.js?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 22:12:23 GMT
accept-ranges: bytes
content-length: 155
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.0.0
68.65.122.58200 OK 677 B URL HTTP/2 banksoftrust.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.0.0
IP 68.65.122.58:0
File type ASCII text, with very long lines (2139), with no line terminators
Hash a43fc0dde8fdd69656ad0957e62849c7
4b07cf702ac8a770c8cbffc22b9a788b6e5389ba
1ce3d0493424870c81deec0ec41de0592d2af9f91cd8081cd40a1d7ea89b614f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.0.0 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 12:38:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 677
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/slide-menu.js
68.65.122.58200 OK 2.7 kB URL HTTP/2 banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/slide-menu.js
IP 68.65.122.58:0
File type Unicode text, UTF-8 text, with very long lines (1786)
Hash 5ad7d55a35bc822bad65dba381852734
8e18c1aa9a6c38824ebcb3db798ae56f366ba85e
f3a2771db6cbc9e4ded61ec7d4a81eed2d1d1894f677df91f2c3548f5a0b3086
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/saturnthemes-financebank/assets/lib/slide-menu.js HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Sat, 21 Nov 2020 12:42:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2745
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/magnific-popup/jquery.magnific-popup.min.js
68.65.122.58200 OK 8.9 kB URL HTTP/2 banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/magnific-popup/jquery.magnific-popup.min.js
IP 68.65.122.58:0
File type ASCII text, with very long lines (22857)
Hash 30b743a7a73905ec57ce9901561a3c76
6d7c7bd07061d1e53045f950a5b031c7bd600800
bfa6ba3fbdade9bd96194ebfc8ca5306d2f338697941f4668451ed7302bf4d8f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/saturnthemes-financebank/assets/lib/magnific-popup/jquery.magnific-popup.min.js HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Tue, 21 Jun 2022 15:35:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8931
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=6.0.0
68.65.122.58200 OK 1.1 kB URL HTTP/2 banksoftrust.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=6.0.0
IP 68.65.122.58:0
File type ASCII text, with very long lines (7043), with no line terminators
Hash 398489038b789364a5c83f044e11974d
d5caf5f64c45693de65b5c0a801bfbf83a325485
32365dde0c909abbb02d8b6a8d9938056ba47f325d51e75082e3d265ce5f76d5
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=6.0.0 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:24 GMT
content-type: text/css
last-modified: Wed, 22 Dec 2021 12:38:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1058
date: Tue, 06 Sep 2022 17:38:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
away.bettershitecolumn.com/away.php?id=98&kid=3467-23&sid=884578-34-76987-11
91.211.91.104302 Found 0 B URL HTTP/2 away.bettershitecolumn.com/away.php?id=98&kid=3467-23&sid=884578-34-76987-11
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /away.php?id=98&kid=3467-23&sid=884578-34-76987-11 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 06 Sep 2022 17:38:25 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/track.php?aid=98823&uid=46536-433-636474-23
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
away.bettershitecolumn.com/track.php?aid=98823&uid=46536-433-636474-23
91.211.91.104302 Found 0 B URL HTTP/2 away.bettershitecolumn.com/track.php?aid=98823&uid=46536-433-636474-23
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /track.php?aid=98823&uid=46536-433-636474-23 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://banksoftrust.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Tue, 06 Sep 2022 17:38:25 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
91.211.91.104200 OK 824 B URL HTTP/2 away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 60c88ba584a891d48f4070c119173654
b7a23e529050abd398ed2db79ecbf1ab6b842b42
f90ed7765277528b8efe48a6af517867720af425ff3976e4f68ed85928a4f4c4
Analyzer Verdict Alert quad9 Sinkholed
GET /track.php?tid=54889&lid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://banksoftrust.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 17:38:25 GMT
content-type: text/html; charset=UTF-8
content-length: 824
vary: Accept-Encoding
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 43d26cdd1c8a5feb8ba46d75fc08a1b8
6bf07af2b342720e963b58c15cd24431885fad15
742d43f0f240cf4a2be1035d414c151d2eccd5a08703b5bdf09b797c992b5914
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "742D43F0F240CF4A2BE1035D414C151D2ECCD5A08703B5BDF09B797C992B5914"
Last-Modified: Sun, 04 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2719
Expires: Tue, 06 Sep 2022 18:23:44 GMT
Date: Tue, 06 Sep 2022 17:38:25 GMT
Connection: keep-alive
goldflowerservice.com/w66899721.js
185.177.94.108200 OK 49 B URL HTTP/2 goldflowerservice.com/w66899721.js
IP 185.177.94.108:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 8b2c9a0f63099698ba10b15b41fa47e4
dba24ca51e5b2c0fba6fa07441972a2fcc217088
dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /w66899721.js HTTP/1.1
Host: goldflowerservice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=3d1edd5a-def9-4335-8515-7a962622b184
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 17:38:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 27 Jul 2022 05:35:25 GMT
etag: "62e0ce9d-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
goldflowerservice.com/favicon.ico
185.177.94.108204 No Content 0 B URL HTTP/2 goldflowerservice.com/favicon.ico
IP 185.177.94.108:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: goldflowerservice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goldflowerservice.com/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold2
Cookie: uuid=3d1edd5a-def9-4335-8515-7a962622b184
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 06 Sep 2022 17:38:26 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ca155182fb9e293379f8870561385c78
7b4b1dbd0c5b0c55a96f6cf44ebd126f4a6b6c7e
a7cf8b45f28565b97d52a61ed5dd73361125e8bd7d1c5a15ec821429bd2fc18b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A7CF8B45F28565B97D52A61ED5DD73361125E8BD7D1C5A15EC821429BD2FC18B"
Last-Modified: Sun, 04 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9911
Expires: Tue, 06 Sep 2022 20:23:37 GMT
Date: Tue, 06 Sep 2022 17:38:26 GMT
Connection: keep-alive
banksoftrust.com/wp-content/uploads/2021/12/BTBANK.png
68.65.122.58200 OK 16 kB URL HTTP/2 banksoftrust.com/wp-content/uploads/2021/12/BTBANK.png
IP 68.65.122.58:0
File type PNG image data, 1080 x 213, 8-bit/color RGBA, non-interlaced\012- data
Hash 5f896f7c39e3d297b8162902fffd2edd
5ca43f536c1d86f533f2c5f96b8521497e246871
b26665c904e9a0bf51d4d7dd263e19743f7f71229decdb1e86bb390662be9a93
GET /wp-content/uploads/2021/12/BTBANK.png HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: image/png
last-modified: Wed, 22 Dec 2021 09:30:48 GMT
accept-ranges: bytes
content-length: 71724
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
0.goldflowerservice.com/favicon.ico
185.177.94.108204 No Content 0 B URL HTTP/2 0.goldflowerservice.com/favicon.ico
IP 185.177.94.108:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 0.goldflowerservice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.goldflowerservice.com/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold2
Cookie: uuid=3d1edd5a-def9-4335-8515-7a962622b184; uuid=3d1edd5a-def9-4335-8515-7a962622b184
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 06 Sep 2022 17:38:26 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
1.goldflowerservice.com/w66899721.js
185.177.94.108200 OK 49 B URL HTTP/2 1.goldflowerservice.com/w66899721.js
IP 185.177.94.108:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 8b2c9a0f63099698ba10b15b41fa47e4
dba24ca51e5b2c0fba6fa07441972a2fcc217088
dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /w66899721.js HTTP/1.1
Host: 1.goldflowerservice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=3d1edd5a-def9-4335-8515-7a962622b184; uuid=3d1edd5a-def9-4335-8515-7a962622b184
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 17:38:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 27 Jul 2022 05:35:25 GMT
etag: "62e0ce9d-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
1.goldflowerservice.com/favicon.ico
185.177.94.108204 No Content 0 B URL HTTP/2 1.goldflowerservice.com/favicon.ico
IP 185.177.94.108:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 1.goldflowerservice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.goldflowerservice.com/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold2
Cookie: uuid=3d1edd5a-def9-4335-8515-7a962622b184; uuid=3d1edd5a-def9-4335-8515-7a962622b184
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 06 Sep 2022 17:38:27 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
1.goldflowerservice.com/w66899721.js
185.177.94.108304 Not Modified 0 B URL HTTP/2 1.goldflowerservice.com/w66899721.js
IP 185.177.94.108:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /w66899721.js HTTP/1.1
Host: 1.goldflowerservice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=3d1edd5a-def9-4335-8515-7a962622b184; uuid=3d1edd5a-def9-4335-8515-7a962622b184; uuid=3d1edd5a-def9-4335-8515-7a962622b184
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Wed, 27 Jul 2022 05:35:25 GMT
If-None-Match: "62e0ce9d-31"
Cache-Control: max-age=0
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Tue, 06 Sep 2022 17:38:28 GMT
last-modified: Wed, 27 Jul 2022 05:35:25 GMT
etag: "62e0ce9d-31"
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ca155182fb9e293379f8870561385c78
7b4b1dbd0c5b0c55a96f6cf44ebd126f4a6b6c7e
a7cf8b45f28565b97d52a61ed5dd73361125e8bd7d1c5a15ec821429bd2fc18b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A7CF8B45F28565B97D52A61ED5DD73361125E8BD7D1C5A15EC821429BD2FC18B"
Last-Modified: Sun, 04 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9909
Expires: Tue, 06 Sep 2022 20:23:37 GMT
Date: Tue, 06 Sep 2022 17:38:28 GMT
Connection: keep-alive
1.goldflowerservice.com/?auf=gazgiobsge5diojygyxtonbtgqxtemzpge3dmmruha2tsmbx&s=1&sub1=&sub2=Zvold2&sub3=&sub4=&cpc=0&cpm=0
185.177.94.108200 OK 0 B URL HTTP/2 1.goldflowerservice.com/?auf=gazgiobsge5diojygyxtonbtgqxtemzpge3dmmruha2tsmbx&s=1&sub1=&sub2=Zvold2&sub3=&sub4=&cpc=0&cpm=0
IP 185.177.94.108:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /?auf=gazgiobsge5diojygyxtonbtgqxtemzpge3dmmruha2tsmbx&s=1&sub1=&sub2=Zvold2&sub3=&sub4=&cpc=0&cpm=0 HTTP/1.1
Host: 1.goldflowerservice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.goldflowerservice.com/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold2
Cookie: uuid=3d1edd5a-def9-4335-8515-7a962622b184; uuid=3d1edd5a-def9-4335-8515-7a962622b184
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 17:38:27 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=3d1edd5a-def9-4335-8515-7a962622b184; expires=Thu, 06-Oct-2022 17:38:27 GMT; Max-Age=2592000; path=/
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.1.1
68.65.122.58200 OK 0 B URL HTTP/2 banksoftrust.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.1.1
IP 68.65.122.58:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.1.1 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 14:32:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 41027
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.5
68.65.122.58200 OK 0 B URL HTTP/2 banksoftrust.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.5
IP 68.65.122.58:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Sat, 21 Nov 2020 14:14:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 37993
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/slick/slick.min.js
68.65.122.58200 OK 0 B URL HTTP/2 banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/lib/slick/slick.min.js
IP 68.65.122.58:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/saturnthemes-financebank/assets/lib/slick/slick.min.js HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Sat, 21 Nov 2020 12:42:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10648
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
load.bettershitecolumn.com/splash.js
91.211.91.104200 OK 0 B URL HTTP/2 load.bettershitecolumn.com/splash.js
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
Analyzer Verdict Alert quad9 Sinkholed
GET /splash.js HTTP/1.1
Host: load.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 17:38:24 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 02 Sep 2022 10:55:58 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6311e13e-18e0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
0.goldflowerservice.com/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold2
185.177.94.108200 OK 0 B URL HTTP/2 0.goldflowerservice.com/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold2
IP 185.177.94.108:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold2 HTTP/1.1
Host: 0.goldflowerservice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goldflowerservice.com/
Cookie: uuid=3d1edd5a-def9-4335-8515-7a962622b184
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 17:38:26 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=3d1edd5a-def9-4335-8515-7a962622b184; expires=Thu, 06-Oct-2022 17:38:26 GMT; Max-Age=2592000; path=/; domain=0.goldflowerservice.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
banksoftrust.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
68.65.122.58200 OK 0 B URL HTTP/2 banksoftrust.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 68.65.122.58:0
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Thu, 05 May 2022 16:33:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30866
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/counter-number-showcase/assets/js/bootstrap.js?ver=5.8.5
68.65.122.58200 OK 0 B URL HTTP/2 banksoftrust.com/wp-content/plugins/counter-number-showcase/assets/js/bootstrap.js?ver=5.8.5
IP 68.65.122.58:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/counter-number-showcase/assets/js/bootstrap.js?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 22:12:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 24594
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
212.129.26.71200 OK 0 B IP 212.129.26.71:0
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.goldflowerservice.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 17:38:26 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Wed, 06 Sep 2023 17:38:26 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
212.129.26.71200 OK 0 B IP 212.129.26.71:0
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.goldflowerservice.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 17:38:27 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Wed, 06 Sep 2023 17:38:27 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/plugins/tf-numbers-number-counter-animaton/assets/js/tf_numbers.js?ver=1.8
68.65.122.58200 OK 0 B URL HTTP/2 banksoftrust.com/wp-content/plugins/tf-numbers-number-counter-animaton/assets/js/tf_numbers.js?ver=1.8
IP 68.65.122.58:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/tf-numbers-number-counter-animaton/assets/js/tf_numbers.js?ver=1.8 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: application/javascript
last-modified: Wed, 22 Dec 2021 22:37:27 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 980
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
goldflowerservice.com/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold2
185.177.94.108200 OK 0 B URL HTTP/2 goldflowerservice.com/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold2
IP 185.177.94.108:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold2 HTTP/1.1
Host: goldflowerservice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.bettershitecolumn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 17:38:25 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=3d1edd5a-def9-4335-8515-7a962622b184; expires=Thu, 06-Oct-2022 17:38:25 GMT; Max-Age=2592000; path=/; domain=goldflowerservice.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/css/style.css?ver=5.8.5
68.65.122.58200 OK 0 B URL HTTP/2 banksoftrust.com/wp-content/themes/saturnthemes-financebank/assets/css/style.css?ver=5.8.5
IP 68.65.122.58:0
GET /wp-content/themes/saturnthemes-financebank/assets/css/style.css?ver=5.8.5 HTTP/1.1
Host: banksoftrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://banksoftrust.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 17:38:23 GMT
content-type: text/css
last-modified: Sat, 21 Nov 2020 12:42:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 32052
date: Tue, 06 Sep 2022 17:38:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
212.129.26.71200 OK 0 B IP 212.129.26.71:0
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goldflowerservice.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 17:38:26 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Wed, 06 Sep 2023 17:38:26 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2