r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10791
Expires: Wed, 29 Mar 2023 04:25:05 GMT
Date: Wed, 29 Mar 2023 01:25:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6631
Expires: Wed, 29 Mar 2023 03:15:45 GMT
Date: Wed, 29 Mar 2023 01:25:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c0d9353dc46e88bf564ed464b0b073c7
0b5ce170e7db24267a3ba5b79a48548b1acd2e5b
7c7ef189b14109b44aa96454ea1b94bcbd3d69599cc7ba429f8234f6acd88a9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C7EF189B14109B44AA96454EA1B94BCBD3D69599CC7BA429F8234F6ACD88A9B"
Last-Modified: Mon, 27 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6947
Expires: Wed, 29 Mar 2023 03:21:01 GMT
Date: Wed, 29 Mar 2023 01:25:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 29 Mar 2023 00:28:08 GMT
content-type: application/json
age: 3426
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: vlXmUzNwBV23yM2Aj6bUGS3IrN7UpJ0lkuX0o84j6ypj03b0Zr6VvNEYJDRHqPvg+u12GIFckfk=
x-amz-request-id: 7GSNYSDW4S1RV8DH
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 29 Mar 2023 01:02:16 GMT
age: 1378
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 01:25:14 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
65.20.75.226301 Moved Permanently 707 B URL HTTP/1.1 shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
IP 65.20.75.226:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
GET /urr/d/VESwh31U5.zip HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Wed, 29 Mar 2023 01:25:14 GMT
server: LiteSpeed
location: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
vary: User-Agent
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Pragma, Last-Modified, Retry-After, Expires, Cache-Control, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 29 Mar 2023 01:17:26 GMT
age: 468
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash da5340ee69a1000f751686df9e716663
a5da880a61ed119790a7990bbdcc0c97eecf04f2
d1ff10bfe40f290935abe1feeb975a6af8cf310f9ce9d45bbf482a604da73560
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1FF10BFE40F290935ABE1FEEB975A6AF8CF310F9CE9D45BBF482A604DA73560"
Last-Modified: Mon, 27 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13210
Expires: Wed, 29 Mar 2023 05:05:25 GMT
Date: Wed, 29 Mar 2023 01:25:15 GMT
Connection: keep-alive
push.services.mozilla.com/
52.43.228.5101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.228.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VQXZkAI+90Hqx7zu/ReeoA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EQL7Yhnp7ALV8IFfpcDWqN2lb9Q=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d2d4415f4eeb34e663d209eeddd8d25d
5d239718d7235d1f62e10d7d381c5a063e94c73a
cc35be0a21b7442cc2628ea8cd42023f81eb2deea66e5149a22776228b105213
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 01:25:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bfa3fc96de14a80af0187a7c3ee285d4
e60c9b3124ec2a611286af0b777319cf10230c1b
ccdfe9029ede4a2535fb88ed1d74b419cf65a63b204e7d28f215722c6fdd160b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 01:25:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bfa3fc96de14a80af0187a7c3ee285d4
e60c9b3124ec2a611286af0b777319cf10230c1b
ccdfe9029ede4a2535fb88ed1d74b419cf65a63b204e7d28f215722c6fdd160b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 01:25:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
shahidamakeuphairbeauty.com.au/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
65.20.75.226200 OK 12 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 65.20.75.226:0
File type ASCII text, with very long lines (47826)
Hash c4d7cc056b49b00e05cc29cc59aa3d5a
48c426bec60099d2a8628df430ed682c72aab42a
8009c12f2674a8d38401f4b5faad1fef2cfcd18a8c927ed2561ae9d7de9b57b5
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Tue, 21 Mar 2023 08:37:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 11616
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=9.6.6
65.20.75.226200 OK 1.8 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=9.6.6
IP 65.20.75.226:0
File type ASCII text, with very long lines (10435), with no line terminators
Hash b64a7aecc0263fa937c98d793a7a9045
e70558e620c2400a8b330158a7cc0b3ffb015302
099e8a677299afa498d94342d2f9349610e2874224e67262460bb6a60a57e191
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=9.6.6 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Wed, 22 Mar 2023 03:54:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1760
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=9.6.6
65.20.75.226200 OK 25 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=9.6.6
IP 65.20.75.226:0
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Hash 922e069d27fac3537e396aaad2c0c353
bc33585e10ee678d33d519396708f108401e2339
dc740e9b8dcaff3c260d42925d79aa2a39aee2ebd64061fa436b9f68838c6008
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=9.6.6 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Wed, 22 Mar 2023 03:54:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 25247
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-includes/css/classic-themes.min.css?ver=1
65.20.75.226200 OK 144 B URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-includes/css/classic-themes.min.css?ver=1
IP 65.20.75.226:0
Hash fcbd239f30d9a6dd1f3637f291143d37
2871bf7d98af3f43e42f7fa32808048e7134fabf
c2f98e9d71f782b7a3266cd337c61ae6c8dcbb7203669c07852aa2ab65ab6144
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Tue, 21 Mar 2023 08:37:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 144
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.4
65.20.75.226200 OK 878 B URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.4
IP 65.20.75.226:0
Hash 51a9519e6d91dbbf3c880cad07eacb29
3cf55904c0b00a805533ab2e23e8425e6129bf6b
5473babede3fa1c5d174a237e8c66601f7e82b550c74eeecdfae74ea315f3a1e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Tue, 21 Mar 2023 08:38:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 878
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.4.11
65.20.75.226200 OK 12 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.4.11
IP 65.20.75.226:0
File type Unicode text, UTF-8 text, with very long lines (12602), with CRLF line terminators
Hash b6b852526397b49865b61e27b4396ec3
60cb32c3a5f8ef121d46a7fb1dc62c94451d1014
9b320189c702057841ce37bfe065cbe1c8c585b8720bf1abb8c8c045772a9247
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.4.11 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Sat, 03 Jul 2021 08:17:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 12385
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.5.1
65.20.75.226200 OK 2.3 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.5.1
IP 65.20.75.226:0
File type ASCII text, with very long lines (17572), with no line terminators
Hash 12af2bb780f3e5f923aaeb6235b967c4
da536dbfaa7a1e990bee2219c41ab002cce6045e
47b1d1e1ea1a05e48d8f63295f53f598cb1d8c5b82c9f7041e618622c0ba490b
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.5.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Wed, 22 Mar 2023 03:54:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2313
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/side-cart-woocommerce/assets/css/xoo-wsc-fonts.css?ver=2.1
65.20.75.226200 OK 672 B URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/side-cart-woocommerce/assets/css/xoo-wsc-fonts.css?ver=2.1
IP 65.20.75.226:0
Hash 9264ab837e7abab1d9a7f31b842c7633
efbaf4f36440aaeeec2d8c962f951460e97377a9
67f4205c7d509d8bbe158306de55fcf3d95f61d8b5830b39e66f9df5a6ccb1af
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/side-cart-woocommerce/assets/css/xoo-wsc-fonts.css?ver=2.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Tue, 21 Mar 2023 09:13:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 672
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.5.1
65.20.75.226200 OK 8.8 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.5.1
IP 65.20.75.226:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash dc4d267608544b959a4e81be73545749
830db68bb636653cc8cf33dd88200939627c5b82
f1a1ca82defecb9c38a6f59b685359afab50f8376532f001c06e8be0d536050a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.5.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Wed, 22 Mar 2023 03:54:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 8786
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/ajax-search-for-woocommerce/assets/css/style.min.css?ver=1.22.3
65.20.75.226200 OK 5.8 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/ajax-search-for-woocommerce/assets/css/style.min.css?ver=1.22.3
IP 65.20.75.226:0
File type ASCII text, with very long lines (34706)
Hash 556be82b24c2aa484bb932cd669c78a2
32aa5b6258fb4f4abf2a30f5a201f2e8e4519bf8
b19b196193af4cd0da0074a65c1fab0b0311adc5db2da2c1ad323ccba8d9856f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ajax-search-for-woocommerce/assets/css/style.min.css?ver=1.22.3 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Tue, 21 Mar 2023 09:12:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 5782
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat%3A1%2C300%2C400%2C400italic%2C500%2C600%2C700%2C700italic%7CCormorant+Garamond%3A1%2C300%2C400%2C400italic%2C500%2C600%2C700%2C700italic&display=swap&ver=6.1.1
142.250.74.106200 OK 1.6 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat%3A1%2C300%2C400%2C400italic%2C500%2C600%2C700%2C700italic%7CCormorant+Garamond%3A1%2C300%2C400%2C400italic%2C500%2C600%2C700%2C700italic&display=swap&ver=6.1.1
IP 142.250.74.106:0
Hash fecf23c9446c50f20c34b59602860ac3
1e7ecbe6278b28bb7023aa64f10b578c1ad74569
ee182eed28e3a11b7d6455242f3089dc7b7c5e7e0237162cb8d51d9de634d2b7
GET /css?family=Montserrat%3A1%2C300%2C400%2C400italic%2C500%2C600%2C700%2C700italic%7CCormorant+Garamond%3A1%2C300%2C400%2C400italic%2C500%2C600%2C700%2C700italic&display=swap&ver=6.1.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 29 Mar 2023 01:25:16 GMT
date: Wed, 29 Mar 2023 01:25:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18667
Expires: Wed, 29 Mar 2023 06:36:23 GMT
Date: Wed, 29 Mar 2023 01:25:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18667
Expires: Wed, 29 Mar 2023 06:36:23 GMT
Date: Wed, 29 Mar 2023 01:25:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eb1c038-d2d6-4720-be3f-b49c35c20601.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eb1c038-d2d6-4720-be3f-b49c35c20601.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 37c2e1ec74a1835bc97dddc9182aabe2
bfcf8b27e47bb444375e52609c4f45079c11db98
ecd69e399a11762e40ab08cff4f4e989a6a5a2e03efc43b85625e82732acc9f8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eb1c038-d2d6-4720-be3f-b49c35c20601.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6768
x-amzn-requestid: 1aeca6b3-7053-4272-8b6b-ee9b69debd3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cb5i1FaboAMFlAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64216fab-7957fa08282a079e235c8f6f;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 10:27:55 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: eNL1gH4qDzoNJhQNFWAAFIuu-vYd5tioEvpv2f9VPRj5MHSoxBlW4A==
via: 1.1 626ad4a6bf529166d2aad94a2957694c.cloudfront.net (CloudFront), 1.1 1570d93226c1bbca2ebaad510cff3e0c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 10:49:01 GMT
age: 52575
etag: "bfcf8b27e47bb444375e52609c4f45079c11db98"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 253f48aa7cbf667d52cb37fda10cdb1f
e29478b866f90402b48d2b516d01d60a863c9cf9
b4a73ab71250b9e4a3f95e28dbf50dd000e1f338c7c3ac9f3351c1f6d6d3bfff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6049
x-amzn-requestid: 2d1a2a66-8b63-44f0-83ec-10628a5fcac6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CgvBFFMGIAMFhCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235ed3-2a90bf0365925acb3b348489;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:40:35 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: bXiCIy2ZqOyLvougeQikdsmaIJ9BfMPpOO4oU-3nEGY33FQGCm0ZoQ==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:44:35 GMT
age: 13241
etag: "e29478b866f90402b48d2b516d01d60a863c9cf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87e94469-1252-45e8-b548-a21d526285bb.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87e94469-1252-45e8-b548-a21d526285bb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39350c32ad0254b7e50a1e3d7cf69988
a217002a06191f106a0ca4e97936635639f137a7
c2911f5da4542fbc2b6b4b68e1dc3a0bcad3457d2cc0dabe4e7f3973f857a5d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87e94469-1252-45e8-b548-a21d526285bb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5929
x-amzn-requestid: 1de41ed5-e3e0-4d8f-97fd-0548453ed737
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CgrnLG7aoAMFbQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235960-445f2759671d557826d24169;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:17:20 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: XLHS0aJMP0tATtZsPy19wtr4INhlNGZNuUjX8qVCy3wnHBwgyGz9Wg==
via: 1.1 fb2e3e161147dc940086f9545b8e0e4a.cloudfront.net (CloudFront), 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:44:28 GMT
etag: "a217002a06191f106a0ca4e97936635639f137a7"
content-type: image/jpeg
age: 13248
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6609d61-a455-4bc2-a81d-336103e2014f.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6609d61-a455-4bc2-a81d-336103e2014f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bc44b850199ae52dbc7b9235276fd0fe
4e9fb59adb74ad8c012009daf21c40d14dc18053
f67756ff9dcc47eb9f2c62384c84301e053f21501e75e1d04606b2b385886a31
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6609d61-a455-4bc2-a81d-336103e2014f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6436
x-amzn-requestid: bed01179-5c55-4cfa-8bc9-55ba1eb0a2a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CbbYHHEvoAMFc_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64213f66-515d553b76a57f395134e28d;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 07:01:58 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: UwsfXya0nX5QlV6ON_BigAlLLGD-jL6bvAIoHj0BnfQyV1qwCjTRfA==
via: 1.1 ee6ea1e4552345de209d26f9ffb35d4a.cloudfront.net (CloudFront), 1.1 60b744e5b364d04abea9fa6686121242.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 07:11:38 GMT
age: 65618
etag: "4e9fb59adb74ad8c012009daf21c40d14dc18053"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b49e5d7-941e-4eaa-8953-0ce30631f5ee.jpeg
34.120.237.76200 OK 2.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b49e5d7-941e-4eaa-8953-0ce30631f5ee.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef31e77467cccbf20aa2656ff50a0cbe
f50b09779ce9b340ae3347e93ec2df33f7f8c73f
5c50ae61f57724446c927c12c4dbd9d5527ec9db8f33e5d521211e4b1f366c38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b49e5d7-941e-4eaa-8953-0ce30631f5ee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2423
x-amzn-requestid: 8cf5179c-e011-405e-aa08-7b94b1cf81c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguI9HYHIAMFtVw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235d6c-765e143b6730877b647f6de4;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:34:36 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: mMW3O50g-ueBhNFHn7HV21vJ-kCbEVe46RCbIsb0nPsCfSFwUP9rPQ==
via: 1.1 17d76c2aee343249585a570f2d36d2ee.cloudfront.net (CloudFront), 1.1 c9b161639a9353c2354b895548ea9fca.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:36:54 GMT
age: 13702
etag: "f50b09779ce9b340ae3347e93ec2df33f7f8c73f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe01a936c-f073-4177-b922-749d4e396df1.jpeg
34.120.237.76200 OK 3.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe01a936c-f073-4177-b922-749d4e396df1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 75b91a5d54e3d08b34c7dbad9b5e7967
9bf41fd93263a50c56570d043d04afdfb63df916
71569ccf9b606f115a68ed9b00c26d33bf8e5555cd4b5d778321572fb7931faa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe01a936c-f073-4177-b922-749d4e396df1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3199
x-amzn-requestid: 62a12cec-6603-4653-873c-7aa482754a20
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CgutqF99oAMFmng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235e57-10976e7d5bfae38334912b0b;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:38:31 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: wGacYE2zfYx1CMaz7G4FIptu4EwnYj2NP_b94gEnVi1xDXCjmcYk-g==
via: 1.1 1cbc126937aab64e42a05f9bf2f8daee.cloudfront.net (CloudFront), 1.1 b838ef1ff22a4a994af82d5178c30e1c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:44:34 GMT
age: 13242
etag: "9bf41fd93263a50c56570d043d04afdfb63df916"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
65.20.75.226200 OK 4.0 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 65.20.75.226:0
File type ASCII text, with very long lines (11126)
Hash 7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 14:36:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3995
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/assets/jplayer/css/jplayer.blue.monday.css?ver=23.0.4
65.20.75.226200 OK 1.9 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/assets/jplayer/css/jplayer.blue.monday.css?ver=23.0.4
IP 65.20.75.226:0
Hash ec9c4823adb01a097d655f555adca9af
f50a073e8be2d675bf6c5af96f50a8f048a2ed15
8295f041024bf84f41a8c3292c995448dc00824bca9c70a1307255587492b7ee
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/assets/jplayer/css/jplayer.blue.monday.css?ver=23.0.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Tue, 15 Jun 2021 14:13:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1907
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/assets/animations/animations.min.css?ver=23.0.4
65.20.75.226200 OK 4.4 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/assets/animations/animations.min.css?ver=23.0.4
IP 65.20.75.226:0
File type ASCII text, with very long lines (58528)
Hash b5ffd053985dbe247067bad06178e26e
2a8ec57446cb9248a5d83bfcfb5bf749c1d8c1bb
ed07c1fef91e06ffad187b9081c3d9c5c3b32f5fbcf0e94face6b53c8ed2ce0f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/assets/animations/animations.min.css?ver=23.0.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Tue, 15 Jun 2021 14:13:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 4424
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/fonts/fontawesome/fontawesome.css?ver=23.0.4
65.20.75.226200 OK 12 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/fonts/fontawesome/fontawesome.css?ver=23.0.4
IP 65.20.75.226:0
File type ASCII text, with very long lines (364)
Hash d4443a56a04ea5bcc4da6b5415d5dcb8
2e94433ae783e1f9da3908a22f6099770081457a
74ae64f6e08dd113867cbfc27e1cc2ed2bef5a762266a70e5f73f2d2b4582a1c
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/fonts/fontawesome/fontawesome.css?ver=23.0.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Tue, 15 Jun 2021 14:13:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 12408
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/side-cart-woocommerce/assets/css/xoo-wsc-style.css?ver=2.1
65.20.75.226200 OK 3.0 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/side-cart-woocommerce/assets/css/xoo-wsc-style.css?ver=2.1
IP 65.20.75.226:0
File type ASCII text, with CRLF line terminators
Hash 42ac8553e0d422482c8decf98e0e1492
ec8b6f1e2a5871b59c705dc79bc6f06d8e111c98
c810bc51e0490fe91a0380f861a5b570e405be8cccd45442cdec7b595032f406
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/side-cart-woocommerce/assets/css/xoo-wsc-style.css?ver=2.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Tue, 21 Mar 2023 09:13:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2967
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/css/responsive.css?ver=23.0.4
65.20.75.226200 OK 9.7 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/css/responsive.css?ver=23.0.4
IP 65.20.75.226:0
File type ASCII text, with very long lines (612)
Hash 2b91eca6e897d8a2cd16de618b62ff90
caaa1f79ab8fc6344f1e60358dac1ec1dfd3a9f7
7b82d1f949ef7447c03a9b8fd3b66de3a15980b94c75cbc0d97dccf9f424a280
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/css/responsive.css?ver=23.0.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Tue, 15 Jun 2021 14:13:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 9714
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
65.20.75.226200 OK 4.6 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 65.20.75.226:0
File type ASCII text, with very long lines (15660)
Hash 0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 21 Mar 2023 08:37:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 4619
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/css/woocommerce.css?ver=23.0.4
65.20.75.226200 OK 5.8 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/css/woocommerce.css?ver=23.0.4
IP 65.20.75.226:0
File type ASCII text, with very long lines (423)
Hash a62b98b4553f84166f5cfc5acaf89ac8
c17416f98864d29e656ad2d4fd8517b96b8766ff
61d948046bfd3eb462cf8d457de236a7389335e52e9b6b61640158efda9b2153
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/css/woocommerce.css?ver=23.0.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Tue, 15 Jun 2021 14:13:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 5848
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.4
65.20.75.226200 OK 3.9 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.4
IP 65.20.75.226:0
File type HTML document, ASCII text, with very long lines (12948), with no line terminators
Hash e723e6bcdbceef51488fb9d9dbdc485b
c190850771172ac5d273658e22e9f95ad618e3ae
7a48378fd549ba4b8564b7765bd2ad0b9130d653c3773ddafc43b1604ac19d1b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 21 Mar 2023 08:38:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3922
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.4
65.20.75.226200 OK 2.9 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.4
IP 65.20.75.226:0
File type ASCII text, with very long lines (10565), with no line terminators
Hash 70f3b9dd6a51a766210411d4ed0752de
5507f795072da10842897292e32c24b8cbf7827d
8ad70d44d761d4e24fdcdd496c7d529c52c68a7c7dce2471104d4efa2d01ca89
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 21 Mar 2023 08:38:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 2911
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.5.1
65.20.75.226200 OK 1.1 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.5.1
IP 65.20.75.226:0
File type HTML document, ASCII text, with very long lines (3348), with no line terminators
Hash f4c066acbc2824a4103422d573e57733
e030a03b102cc10dfdfe9be97a3ca8456de63a0c
e7a1049880552903ae849d29f503a7ae7da07e5e14acb3d2cc1d52c902787597
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.5.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Wed, 22 Mar 2023 03:54:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1142
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.5.1
65.20.75.226200 OK 3.2 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.5.1
IP 65.20.75.226:0
File type ASCII text, with very long lines (9111)
Hash 078e27719ab2b91e57a3d06d05bf24d8
ee2c8af72d9dbb148d4101a374f6026d0c9c3044
1c8b599f3f7bfa8d7950d95a171f2c873d051960a91c91e22304293596e5b890
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.5.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Wed, 22 Mar 2023 03:54:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3247
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.5.1
65.20.75.226200 OK 677 B URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.5.1
IP 65.20.75.226:0
File type ASCII text, with very long lines (2139), with no line terminators
Hash a43fc0dde8fdd69656ad0957e62849c7
4b07cf702ac8a770c8cbffc22b9a788b6e5389ba
1ce3d0493424870c81deec0ec41de0592d2af9f91cd8081cd40a1d7ea89b614f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.5.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Wed, 22 Mar 2023 03:54:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 677
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.5.1
65.20.75.226200 OK 899 B URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.5.1
IP 65.20.75.226:0
File type ASCII text, with very long lines (1668)
Hash 22d65ba38528349e705d912ce26bf8ac
c89ba006009043d93b88ff155b4fec8797330550
6253bcb85e4267ad3ba843145534e729ee2c1d7e85e5b4ab5b2e074ae636bca3
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.5.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Wed, 22 Mar 2023 03:54:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 899
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
65.20.75.226200 OK 6.8 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
IP 65.20.75.226:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 3d0ff0f6731d9cef860af9a5a0e3ce62
13aed444304d782039e261475c8b4450b83e743e
e8d05db77732c71843ced6f386ea82eb32243ac36e7ca3e071cb7f53e2ffbce5
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 21 Mar 2023 08:37:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 6800
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.5.1
65.20.75.226200 OK 1.1 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.5.1
IP 65.20.75.226:0
File type ASCII text, with very long lines (3286), with no line terminators
Hash 9c11eabda345bfd3d57bc585745ef814
a67d90b25efd6f4130ac37df83770554b1ad6153
1c4e7a880269dbe462b7c98a467c014e85748b0de4d244c4f8573ceca95c0d44
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.5.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Wed, 22 Mar 2023 03:54:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1121
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-includes/js/jquery/ui/tabs.min.js?ver=1.13.2
65.20.75.226200 OK 3.8 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-includes/js/jquery/ui/tabs.min.js?ver=1.13.2
IP 65.20.75.226:0
File type ASCII text, with very long lines (11760)
Hash 3a8c0c6bf695efea9e3acfaff14c3ca5
38e58a427812d0655192a36bf644d51853febe8b
fe50234a7e2fa53617f7379107d8e4f2baba0a98fc8a20e001fc5b2766292743
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/tabs.min.js?ver=1.13.2 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 21 Mar 2023 08:37:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 3760
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/the-preloader/js/preloader-script.js
65.20.75.226200 OK 125 B URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/the-preloader/js/preloader-script.js
IP 65.20.75.226:0
File type ASCII text, with CRLF line terminators
Hash c3f9c00275c90c8a269ed1197b963b86
5b0cc352d513e8bb12bba519a023be39fa719ac5
bc85dc36a5694cdb1559bc5b0fcb2d74ab394ef2f762cb79db8a2ad13d086680
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/the-preloader/js/preloader-script.js HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 06 Jul 2021 16:13:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 125
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/js/menu.js?ver=23.0.4
65.20.75.226200 OK 749 B URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/js/menu.js?ver=23.0.4
IP 65.20.75.226:0
Hash 33c0b2d1963bf8d1aec85903f55372f2
1f8307e852a47838a785abdcde3dc260de017f1a
38df4b408528e6f2fe8651d3d3e06dd7fb197c650d1a9b67b40c61f968473c58
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/js/menu.js?ver=23.0.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 15 Jun 2021 14:13:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 749
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/assets/animations/animations.min.js?ver=23.0.4
65.20.75.226200 OK 550 B URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/assets/animations/animations.min.js?ver=23.0.4
IP 65.20.75.226:0
File type ASCII text, with very long lines (1733)
Hash c3a756b391fe1e6045b1b664b050a5f4
d9deaddac95f6a841a9ac512a49b1ac2ae21faf7
72ec4f8eadcac76d82107ad78d3522f8d429477ad77ea5adc3572458ef382bf8
GET /wp-content/themes/betheme/assets/animations/animations.min.js?ver=23.0.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 15 Jun 2021 14:13:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 550
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/js/parallax/translate3d.js?ver=23.0.4
65.20.75.226200 OK 1.2 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/js/parallax/translate3d.js?ver=23.0.4
IP 65.20.75.226:0
Hash 798cccf140859289da4f850b3b2b3c16
5080ddcb8fc9eaabbfba56b933fa304f08590d29
a152cf3215e6c21eae0ae777ef888fe642cf51a13890632903be1ddbf5470afd
GET /wp-content/themes/betheme/js/parallax/translate3d.js?ver=23.0.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 15 Jun 2021 14:13:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1195
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/side-cart-woocommerce/assets/js/xoo-wsc-main.js?ver=2.1
65.20.75.226200 OK 5.3 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/side-cart-woocommerce/assets/js/xoo-wsc-main.js?ver=2.1
IP 65.20.75.226:0
File type ASCII text, with CRLF line terminators
Hash 4956edd93889f1da8e7515b69d3605fe
8f743e6fcc9c14b50db4341a51f95689c4f59789
44ad2c7f69159f15032b4f4de467b9455972d954dcbaa6d1d38ce447cf5a4b78
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/side-cart-woocommerce/assets/js/xoo-wsc-main.js?ver=2.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 21 Mar 2023 09:13:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 5338
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/assets/jplayer/jplayer.min.js?ver=23.0.4
65.20.75.226200 OK 12 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/assets/jplayer/jplayer.min.js?ver=23.0.4
IP 65.20.75.226:0
File type ASCII text, with very long lines (634)
Hash d8bfc3d742ffd06b97048893cf41f69e
9619ab317a12617272411c4c4a33f8ded73b7512
d52b1f1423552aab4f48e0a917e614c3a5318e0c47cba03472ea029858869540
GET /wp-content/themes/betheme/assets/jplayer/jplayer.min.js?ver=23.0.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 15 Jun 2021 14:13:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 12378
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/js/scripts.js?ver=23.0.4
65.20.75.226200 OK 14 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/js/scripts.js?ver=23.0.4
IP 65.20.75.226:0
Hash 20704b4991f49f717982506ecee82354
414bd2a39b532e8d92af2d75d0cb37c7ce06a774
518857bebc85f819db9d9182dfd72c5f76876c0fa46587a756507142ba85c0c4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/js/scripts.js?ver=23.0.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 15 Jun 2021 14:13:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 14109
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.4.11
65.20.75.226200 OK 46 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.4.11
IP 65.20.75.226:0
File type ASCII text, with very long lines (42889)
Hash 7b6e082bde2cd00810b3413baa28da45
4b18394c3ab61e2dae4eae87b00cdc74f2339447
30fe548881461bdef9c96b8faf55eaeeb8759dcb83049beef418e939b9f965b0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.4.11 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Sat, 03 Jul 2021 08:17:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 45472
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.4.11
65.20.75.226200 OK 89 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.4.11
IP 65.20.75.226:0
File type ASCII text, with very long lines (64270)
Hash b7c027b8ef34ea11755cc990b2e9c197
719a762692c7e00ee43e88f56a58c53cbd2c9e1e
2a28de82aaa339ac29460febf3d4588cd99cdf494abb527d5159bd2a20e2e69d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.4.11 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Sat, 03 Jul 2021 08:17:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 89030
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/js/plugins.js?ver=23.0.4
65.20.75.226200 OK 54 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/js/plugins.js?ver=23.0.4
IP 65.20.75.226:0
File type ASCII text, with very long lines (32019)
Hash c850afe3c31ce18439343169776f9ac2
00cc89e46d3a3f3612486199918c41254957c8ed
fbf2235d1655f86a7bc3198257650987414998411a1474d0e8bdf6f391d6c017
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/js/plugins.js?ver=23.0.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 15 Jun 2021 14:13:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 53647
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
65.20.75.226200 OK 30 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 65.20.75.226:0
File type ASCII text, with very long lines (65447)
Hash 3a1740685bd5c0bbd5f2b812e1eb7fb4
488e07695da787fed18361c50292aef35abb5e81
4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: application/javascript
last-modified: Tue, 21 Mar 2023 08:37:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 30324
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/css/be.css?ver=23.0.4
65.20.75.226200 OK 52 kB URL HTTP/2 shahidamakeuphairbeauty.com.au/wp-content/themes/betheme/css/be.css?ver=23.0.4
IP 65.20.75.226:0
File type ASCII text, with very long lines (464)
Hash ea7a033876ace8a11471459e4da20634
bb847a2032cc1c096773c9ec17c016087dae7415
364afe7c8dbf4b61ffe8997aaf000b3eed84bb6726944724eeaa76681eb0da94
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/css/be.css?ver=23.0.4 HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 05 Apr 2023 01:25:16 GMT
content-type: text/css
last-modified: Tue, 15 Jun 2021 14:13:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 52317
date: Wed, 29 Mar 2023 01:25:16 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7927fa1bac0e5bcc27ed32b6b5107bd3
68da43f59df9c524940efc35f40e3599b9a1995b
f48f276b9dee3b509dd0554b8e660039fe61020bd793cbf9a0381d3e5f76ae59
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 01:25:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 01:25:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 01:25:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7927fa1bac0e5bcc27ed32b6b5107bd3
68da43f59df9c524940efc35f40e3599b9a1995b
f48f276b9dee3b509dd0554b8e660039fe61020bd793cbf9a0381d3e5f76ae59
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 01:25:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.35200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://shahidamakeuphairbeauty.com.au
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:48 GMT
expires: Sat, 23 Mar 2024 10:26:48 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
age: 399509
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/cormorantgaramond/v16/co3YmX5slCNuHLi8bLeY9MK7whWMhyjQdl9fvg-I.woff2
142.250.74.35200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/cormorantgaramond/v16/co3YmX5slCNuHLi8bLeY9MK7whWMhyjQdl9fvg-I.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 21012, version 1.0\012- data
Hash a65fe668cb2c812524f51004d579341d
e3ea3da1148587ecd327fe46ec5474c449169e57
066ec1ac2852906b7e7253ee3c129e0efd2343d8671712db064502f03228ccb0
GET /s/cormorantgaramond/v16/co3YmX5slCNuHLi8bLeY9MK7whWMhyjQdl9fvg-I.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://shahidamakeuphairbeauty.com.au
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21012
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:34:25 GMT
expires: Sat, 23 Mar 2024 10:34:25 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 09 Aug 2022 02:17:16 GMT
content-type: font/woff2
age: 399052
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/cormorantgaramond/v16/co3YmX5slCNuHLi8bLeY9MK7whWMhyjQEl5fvg-I.woff2
142.250.74.35200 OK 20 kB URL HTTP/2 fonts.gstatic.com/s/cormorantgaramond/v16/co3YmX5slCNuHLi8bLeY9MK7whWMhyjQEl5fvg-I.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 20168, version 1.0\012- data
Hash 4ff7d98c0d7472644c210dffd62171f7
ed3fa14c311ba0329bd15bc59ebc4761dc6b66a1
e15b441759854e4477fe214540848ceb993199d31c04bc59691dde7ed5621eb7
GET /s/cormorantgaramond/v16/co3YmX5slCNuHLi8bLeY9MK7whWMhyjQEl5fvg-I.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://shahidamakeuphairbeauty.com.au
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20168
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:32:56 GMT
expires: Sat, 23 Mar 2024 10:32:56 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 09 Aug 2022 02:13:39 GMT
content-type: font/woff2
age: 399141
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
142.250.74.35200 OK 32 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 31760, version 1.0\012- data
Hash fda4d0b623999af43148ba34c3b1ff73
ca5496af89720cc3e94e6279132f252b7cd471a6
33befdbbb24930584f5ac94ea3117adcd56518f20ab1619d05de83ffd1821d38
GET /s/montserrat/v25/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://shahidamakeuphairbeauty.com.au
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 31760
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:27:06 GMT
expires: Sat, 23 Mar 2024 10:27:06 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Jul 2022 18:54:16 GMT
content-type: font/woff2
age: 399491
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7927fa1bac0e5bcc27ed32b6b5107bd3
68da43f59df9c524940efc35f40e3599b9a1995b
f48f276b9dee3b509dd0554b8e660039fe61020bd793cbf9a0381d3e5f76ae59
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 01:25:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
65.20.75.226404 Not Found 0 B URL HTTP/2 shahidamakeuphairbeauty.com.au/urr/d/VESwh31U5.zip
IP 65.20.75.226:0
Analyzer Verdict Alert fortinet Malware
GET /urr/d/VESwh31U5.zip HTTP/1.1
Host: shahidamakeuphairbeauty.com.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <https://shahidamakeuphairbeauty.com.au/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Wed, 29 Mar 2023 01:25:15 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Copse%3Aital%2Cwght%400%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.1.1
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Copse%3Aital%2Cwght%400%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.1.1
IP 142.250.74.106:0
GET /css2?family=Copse%3Aital%2Cwght%400%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.1.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://shahidamakeuphairbeauty.com.au/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 29 Mar 2023 01:25:16 GMT
date: Wed, 29 Mar 2023 01:25:16 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2