r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b7be8442ec1e518ccc80739495f6d047
7a9d24b9d4046262c7753c49afaf9c19f4840626
b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3262
Expires: Fri, 04 Nov 2022 22:15:49 GMT
Date: Fri, 04 Nov 2022 21:21:27 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cd02b32dbc8416dcb10b468af2166c33
503a9c4cabdb19dfde769f5e2d3ef919c818c364
46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6166
Cache-Control: max-age=136344
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 21:21:27 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 11:13:51 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7372
Expires: Fri, 04 Nov 2022 23:24:19 GMT
Date: Fri, 04 Nov 2022 21:21:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 04 Nov 2022 20:43:02 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2305
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: B27YYzoo6bOQ5rIOWdjk/4/Tq2jxdA1LT+CEOcVCZHXCn3t6wyhYxJJxyoVLyt/4OQlWbuTW1sY=
x-amz-request-id: R4F2T99NV8J6AGHK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 04 Nov 2022 21:09:44 GMT
age: 703
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 21:21:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
gessuae.ae/wp-includes/fonts/whe.exe
162.241.253.117301 Moved Permanently 0 B URL HTTP/1.1 gessuae.ae/wp-includes/fonts/whe.exe
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/fonts/whe.exe HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 04 Nov 2022 21:21:27 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-transform, no-cache, no-store, must-revalidate
X-Redirect-By: WordPress
Upgrade: h2,h2c
Connection: Upgrade
Location: https://gessuae.ae/wp-includes/fonts/whe.exe
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 0
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 42a0adacced30df52cf7cad3e200036d
f7b4114defc61f806dbb74fd228bca155d52362a
e4928481739a2a75dce86c03b355c6dff507426e8d851cba5ca8537b1be87c20
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5756
Cache-Control: max-age=130876
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 21:21:27 GMT
Etag: "6364c817-1d7"
Expires: Sun, 06 Nov 2022 09:42:43 GMT
Last-Modified: Fri, 04 Nov 2022 08:06:47 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 74244e665bfd0fe22312ef8fd3f173e4
d02c4878a9751fe8d2c50e887ae9480b4725614a
5f7cd72e4a001e89414415ad3f063deccc9db407f6edeeb36d2e7f5dac9543a7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F7CD72E4A001E89414415AD3F063DECCC9DB407F6EDEEB36D2E7F5DAC9543A7"
Last-Modified: Thu, 03 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21528
Expires: Sat, 05 Nov 2022 03:20:15 GMT
Date: Fri, 04 Nov 2022 21:21:27 GMT
Connection: keep-alive
push.services.mozilla.com/
52.43.253.52101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.253.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: o94ZGTQLz7FRFlzm9ggCxw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1LBppfcRlihJTq4rbh44QbKP/i0=
gessuae.ae/wp-includes/fonts/whe.exe
162.241.253.117404 Not Found 14 kB URL HTTP/2 gessuae.ae/wp-includes/fonts/whe.exe
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3406), with CRLF, LF line terminators
Hash 45db8d920eb261dded33d6a1d0b4a7ae
85ea752fc62b18c184f1d7f6432cda76ca75ae2e
bd1f401bef62c1e617621077b0cd927845f3d579baff6f048018b92f16b92e59
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/fonts/whe.exe HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-transform, no-cache, no-store, must-revalidate
link: <https://gessuae.ae/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 14516
content-type: text/html; charset=UTF-8
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash a2f6c296003d839bdee766ef4082e376
013ae64b10cb1355ae9b6ba38dcfa79f71a9b505
703d6582ab3344d6e4a0d5b7e0c9983b8f7e8179d73dd6584c37bbccc8c84308
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 21:21:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gessuae.ae/wp-content/plugins/captcha-plus/css/front_end_style.css?ver=plus-5.0.1
162.241.253.117200 OK 736 B URL HTTP/2 gessuae.ae/wp-content/plugins/captcha-plus/css/front_end_style.css?ver=plus-5.0.1
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash e0072937aca098604256a07b3671bf0f
caf60d3ad23afaa240b1825a02cc6cbf835ad546
9ed3226b60163a3fa425b0e22a826f66dfaab94051ac7ba52de7d1aedaa8e254
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/captcha-plus/css/front_end_style.css?ver=plus-5.0.1 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Sep 2020 07:21:02 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 736
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-includes/css/dist/block-library/style.min.css?ver=5.2.7
162.241.253.117200 OK 6.5 kB URL HTTP/2 gessuae.ae/wp-includes/css/dist/block-library/style.min.css?ver=5.2.7
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (29295), with no line terminators
Hash 551db72c1c8bb26e9583eb27065a4767
42fe93bbc9ddd3e4ba8e06712d24e0630b83dacc
ad8f7b14b1c44ec6725181fb19498d2644f9563e5d69f4b18f944b38f4dafd4d
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.2.7 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 22 Apr 2019 12:40:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 6507
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A100%2C100i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i%2C900%2C900i&subset=latin%2Clatin-ext
142.250.74.10200 OK 1.6 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i%2C900%2C900i&subset=latin%2Clatin-ext
IP 142.250.74.10:0
Hash 3fba317a7bfa4445cfe287fdd8eb8647
c75cf280e93eb428e0949a43a7a606d90cb1b2a6
a61636443f5bc887eab152f16a5a82ce79d5f67cb96c19bd484aed27314bccdb
GET /css?family=Roboto%3A100%2C100i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C700%2C700i%2C900%2C900i&subset=latin%2Clatin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 04 Nov 2022 21:21:28 GMT
date: Fri, 04 Nov 2022 21:21:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gessuae.ae/wp-includes/css/dist/block-library/theme.min.css?ver=5.2.7
162.241.253.117200 OK 571 B URL HTTP/2 gessuae.ae/wp-includes/css/dist/block-library/theme.min.css?ver=5.2.7
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1495), with no line terminators
Hash 8d6ba7de21a47c9fcc472e8069c19a8e
25e6b0d49295e6affd542627db35ca6ad391c79b
768e7e67a6489f7fdae79810da71c04b615e98c351ef55852f826e01f5e1db16
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/css/dist/block-library/theme.min.css?ver=5.2.7 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 07 Mar 2019 09:09:59 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 571
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/captcha-plus/css/desktop_style.css?ver=plus-5.0.1
162.241.253.117200 OK 422 B URL HTTP/2 gessuae.ae/wp-content/plugins/captcha-plus/css/desktop_style.css?ver=plus-5.0.1
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 8dddf6edb2a12054a61aeb47bfe0eb0d
35c7c82e6cfb641512abea34c0f137bf1fd839fa
5d7f47e1d1a6882c3603190a39ee1200af1bce945f08e7b9872c1fa530780a38
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/captcha-plus/css/desktop_style.css?ver=plus-5.0.1 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 15 Sep 2020 07:21:02 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 422
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/css/prettyPhoto.css?ver=1.0.3
162.241.253.117200 OK 3.9 kB URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/css/prettyPhoto.css?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (402)
Hash b9d9c1a1ba53f3987b0074a21c5e8c50
0de9fe5cad5a4d55285f1bb6c733c6995b514aad
364a2f2f697d7c232f3405aa124886dec0ead94a84848991285a84cccd47a626
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/css/prettyPhoto.css?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 3901
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/style.css?ver=2.4.5
162.241.253.117200 OK 7.1 kB URL HTTP/2 gessuae.ae/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/style.css?ver=2.4.5
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (6383)
Hash 52b18c2fad3deaa5f9da08feea621597
336e89356a8b4613b6cfda6968696343e45bafe0
88ecc7f3cf9eff836c2900e9821b81dcbb275c77f21e48ab433f58d7f7f3e5a9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/style.css?ver=2.4.5 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 11 Mar 2022 07:19:42 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 7073
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/css/font-awesome.min.css?ver=1.0.3
162.241.253.117200 OK 6.7 kB URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/css/font-awesome.min.css?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (28900)
Hash 832c8c42861a6def7818ee8a1d40d370
bf48b37492f84a2d3a99a8e6754b85f56b4a900d
d2fb84b34fe77304be1729f123d2776c93bd45590fcf6fb38301be6636172006
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/css/font-awesome.min.css?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 6709
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/css/logo-slider-wp-public.css?ver=1.0.0
162.241.253.117200 OK 909 B URL HTTP/2 gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/css/logo-slider-wp-public.css?ver=1.0.0
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 7f505211f965cd410d1ea9de55de1c13
da26c8d27eebfa528c6e99667e4151d3ec420e91
d9149273bce85d9d0dce448602cb8b90816d051f70bccb84e5b5b216c0c71e0d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/logo-slider-wp/public/assets/css/logo-slider-wp-public.css?ver=1.0.0 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 11 Dec 2019 05:47:45 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 909
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/css/eg-colorbox.css?ver=1.0.3
162.241.253.117200 OK 1.2 kB URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/css/eg-colorbox.css?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash a99c26d4e92eb8f5698d1d4babe8802a
4adcc02b25a5cef2f8694f9dc730b6aefb117c90
0e9bc57bfbfded7e868413e7ca8e78368383096172662bab50baa74df076085e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/css/eg-colorbox.css?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1159
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/css/flaticon.css?ver=5.2.7
162.241.253.117200 OK 824 B URL HTTP/2 gessuae.ae/wp-content/themes/industro/css/flaticon.css?ver=5.2.7
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 312d1fd2a9c6a49506f4400cb634922b
0f055bb269acece2da4139aa662f443e1edf3f88
1c918d11a99a4b818447f8ebc7f70a625734afaa437d1f42fdaa839d169edf54
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/industro/css/flaticon.css?ver=5.2.7 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 824
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/css/jquery.bxslider.min.css?ver=1.0.3
162.241.253.117200 OK 931 B URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/css/jquery.bxslider.min.css?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2968), with no line terminators
Hash d0551caf72248081d818504fcd95d773
c569c8dda986464b35ac203c597f606070228db7
1439aaf6906f6a34d29d2f56c205567b01ec89284ed10db94cabecb6fb98c46b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/css/jquery.bxslider.min.css?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 931
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/css/magnific-popup.css?ver=1.0.3
162.241.253.117200 OK 2.2 kB URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/css/magnific-popup.css?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 5691b07253c4a30382130c2da4be8343
4c12d34016c7061965c996599c4086683958e0f1
095326e797678e4aa4be8217bf991180f7b79cdcce552897123ffa68981a0747
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/css/magnific-popup.css?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 2190
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
162.241.253.117200 OK 5.1 kB URL HTTP/2 gessuae.ae/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (9959)
Hash 9ddcd7d3cc2d27715ae2ab92edcf3dd3
8aca354dd3e7199638fb3fbdca09e9f8ef0058ce
22c3346b9003501a1b42e8cbf0cf0e461a18338e2ff6b55c24d2a925636a5561
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 12:13:15 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 5140
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/css/bootstrap.css?ver=3.3.7
162.241.253.117200 OK 3.5 kB URL HTTP/2 gessuae.ae/wp-content/themes/industro/css/bootstrap.css?ver=3.3.7
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11782), with CRLF line terminators
Hash d7dd1c0b9047b36f13a346cddc922ca1
f3b83761894fb09195d4d4a47a0a21575967e925
e2f1f39cef3e7b16ffcebc31ca37f85b4b337dd5999faf2a3b0486520a0ebab1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/industro/css/bootstrap.css?ver=3.3.7 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 3462
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/css/animate.css?ver=1.0.3
162.241.253.117200 OK 7.1 kB URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/css/animate.css?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 2e3e181ba09aeef1598179afb032952b
0628d62595a6ba3ebcd6140bbaad6e171bd82240
a6ba0f79e8f4e59774bbd380cbfa624208b960c7cb11a8d76bc4f9b8566a8c1c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/css/animate.css?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 7114
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/js/eg-frontend.js?ver=1.0.3
162.241.253.117200 OK 7.2 kB URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/js/eg-frontend.js?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text
Hash e9a38cb4797a7df3ccd64a1c8abe7fb8
8f97f1f52dea3def3bd8fd4da50dcb75bced8a0b
76cee752c77360e85e3f601270deb183a22b4f33c761edc773a524939a992c3f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/js/eg-frontend.js?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 7187
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/lib/animate/animate-logo.css?ver=20
162.241.253.117200 OK 8.3 kB URL HTTP/2 gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/lib/animate/animate-logo.css?ver=20
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash d4cf92791003de0c04dcdea53bbbd6df
60509d4011bae019d96f37cdbc62ff169cc3a20d
b51cd1177328909fa22aa68a45a72d3db67545dd548b69fcf67142bcbac7b12f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/logo-slider-wp/public/assets/lib/animate/animate-logo.css?ver=20 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 11 Dec 2019 05:47:45 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 8309
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.6
162.241.253.117409 Conflict 83 B URL HTTP/2 gessuae.ae/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.6
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.6 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/css/slick.css?ver=5.2.7
162.241.253.117200 OK 578 B URL HTTP/2 gessuae.ae/wp-content/themes/industro/css/slick.css?ver=5.2.7
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 51d283e1c0ccee13c26d149b08b8bd5a
5276b76e48427b26ddebfdf9e327d1c30462c750
88ce4920b2e98c1655135e578ef207f3310ff3b87ef533c7602c2e97217e3f87
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/industro/css/slick.css?ver=5.2.7 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 578
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/lib/owl.carousel2/owl.theme.default.min.css?ver=1.0.0
162.241.253.117200 OK 392 B URL HTTP/2 gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/lib/owl.carousel2/owl.theme.default.min.css?ver=1.0.0
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1055), with no line terminators
Hash 4bb4bede622e6cedcea11a173c113885
f32fdfc735ccce0ec2814fe65bef8d9148a0e22a
8a1b15214645df1a4eb5983b617c94e2e5da8bea3f894b787e4fd7c8f587e2fb
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/logo-slider-wp/public/assets/lib/owl.carousel2/owl.theme.default.min.css?ver=1.0.0 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 11 Dec 2019 05:47:45 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 392
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.1.3
162.241.253.117200 OK 16 kB URL HTTP/2 gessuae.ae/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.1.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (12602), with CRLF line terminators
Hash 9c59cb4faeac5a6ca077df679e4c2f7a
60e0e7e52f16112702c52b7903071b91f774ae5f
427cab6b0083b8d4ed6c3d9c8442a9b493a491998b0255439a7de7a5c25262b7
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.1.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:47:03 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 16038
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/lib/owl.carousel2/owl.carousel.css?ver=1.0.0
162.241.253.117200 OK 1.3 kB URL HTTP/2 gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/lib/owl.carousel2/owl.carousel.css?ver=1.0.0
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 15e9949aa46d7eb1d76da6b3defa2523
753a0dbe6a52aa3a7b1ada064fa8caeb040badbe
6cc9a25e79621b09fdc11e4c21f80d65afc76a3921379ba3d8b276789b4fad6b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/logo-slider-wp/public/assets/lib/owl.carousel2/owl.carousel.css?ver=1.0.0 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 11 Dec 2019 05:47:45 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1302
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/css/font-awesome.css?ver=5.2.7
162.241.253.117200 OK 15 kB URL HTTP/2 gessuae.ae/wp-content/themes/industro/css/font-awesome.css?ver=5.2.7
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (36369), with CRLF line terminators
Hash fb4131d8c3702cf2780b0ecd368de4e0
5c4eaed9b13af24252861b2041a3eb172653f743
f6a66c7ce80a7d4777992969dc421954fc01e1d06a2d7a040b9790eaf708585c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/industro/css/font-awesome.css?ver=5.2.7 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 15301
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=3.8.3
162.241.253.117200 OK 13 kB URL HTTP/2 gessuae.ae/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=3.8.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (62655), with no line terminators
Hash 5b8957fcf2a75b3e3dcc41bd85738b39
ee46ea314fde816f69751dd5170e5e90ea2395bd
e1b33106f77d3d0583844f41e46efddb6b7f21c24206408cd361cb4392f762ac
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=3.8.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 11 Mar 2022 07:19:43 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 13198
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=3.8.3
162.241.253.117200 OK 2.7 kB URL HTTP/2 gessuae.ae/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=3.8.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (16542), with no line terminators
Hash 65f20e819b5a973ba870a486811ae3f6
bea8ab98ce4c2edfb1ef599b29547977af740def
56497f4b5a738e02bd253eb0aca5124fe5e41c39f54273aeaed3e88bad1295dd
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=3.8.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 11 Mar 2022 07:19:43 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 2652
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-includes/js/wp-embed.min.js?ver=5.2.7
162.241.253.117200 OK 750 B URL HTTP/2 gessuae.ae/wp-includes/js/wp-embed.min.js?ver=5.2.7
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1403), with no line terminators
Hash 6d3e08c9e1942bf7311253225c673329
568bd5150426e207e5e3c0018c30e94be318d93f
9ec1efea0b93dc92e636e6092943963e4ed882b59a1533c024d6d69f2d0c528f
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/wp-embed.min.js?ver=5.2.7 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 30 Aug 2018 12:40:26 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 750
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/css/slick-theme.css?ver=5.2.7
162.241.253.117200 OK 1.1 kB URL HTTP/2 gessuae.ae/wp-content/themes/industro/css/slick-theme.css?ver=5.2.7
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 10aae53c88c52aa9a07a83ff76b0523f
1b14066a909c376d2b1dfe089541a0f7480c408b
50369701bf2a2d9aa3ff3cd00f4b551d704fc043ada89d329f8c7cb3d267c2a6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/industro/css/slick-theme.css?ver=5.2.7 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1054
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/css/woocommerce.css?ver=5.2.7
162.241.253.117200 OK 3.9 kB URL HTTP/2 gessuae.ae/wp-content/themes/industro/css/woocommerce.css?ver=5.2.7
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF, LF line terminators
Hash 9ec5c6bd4ffd0f8c182222a8ca546a19
f0fcbbd5d3c42057fe06be9319465372c869b318
66a1f72ccf7cbf2fc311dac3faebcff50b5d340e1c350dfdd20a81bbebcb87c9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/industro/css/woocommerce.css?ver=5.2.7 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 3889
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/js/imagesloaded.min.js?ver=1.0.3
162.241.253.117200 OK 2.1 kB URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/js/imagesloaded.min.js?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (5875)
Hash be8f30e4ffb163d63bc1d1e451da5613
381accb3ee6e5e89bd265397b57b1bca5d9b958a
a4265b10a5dd714018ea66cdbe6d106fe8cec971a84b66fd0e7740b3d7d98a29
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/js/imagesloaded.min.js?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 2107
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2020/08/Friterm-logo.jpg
162.241.253.117200 OK 13 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2020/08/Friterm-logo.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 558x155, components 3\012- data
Hash af91738091a358e99dfd1701b5778356
3931dc595a213710c1cd18dfd2d7dfce191e9e43
5b4ce3529451633e5e93815022b4ff8ea75bdd9ea517385ae792c037ee9fbf1a
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2020/08/Friterm-logo.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 26 Aug 2020 06:47:48 GMT
accept-ranges: bytes
content-length: 13402
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2019/12/c02c1b294e1b073f98cdc639d41fc290@2x-1.jpg
162.241.253.117200 OK 13 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2019/12/c02c1b294e1b073f98cdc639d41fc290@2x-1.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 558x155, components 3\012- data
Hash 9577f4c4da309d6acb5c9ffbd8a34a53
06ea742089549bc76b3f7a76e83efb19959a3e2e
4dbf6f64ee7efdad4f20c27edb767fd88b3d0e5f808174f1c0f3e7924e7e0813
GET /wp-content/uploads/2019/12/c02c1b294e1b073f98cdc639d41fc290@2x-1.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Dec 2019 09:29:51 GMT
accept-ranges: bytes
content-length: 12985
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/js/scripts.js?ver=20180910
162.241.253.117200 OK 2.6 kB URL HTTP/2 gessuae.ae/wp-content/themes/industro/js/scripts.js?ver=20180910
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 210818549bbee467780fdf2cf99ead55
ce923886e96919e5e0a574396d051754079169ad
f1c749feafe233a4a88aa0e93acde026f1882c2bbf5b2417b296bab3b694a21c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/industro/js/scripts.js?ver=20180910 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 2568
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/js/jquery.everest-lightbox.js?ver=1.0.3
162.241.253.117200 OK 88 B URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/js/jquery.everest-lightbox.js?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 8571c52820725727a894b995452a6e51
bdb56e744d05793cd4dbd3f7b46ad8e84b06673f
c0510fffb4b45b8b79e5136a874d3b48d715d53e0b02ff46da962318225288a5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/js/jquery.everest-lightbox.js?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 88
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/js/logo-slider-wp-public.js?ver=1.0.0
162.241.253.117200 OK 1.0 kB URL HTTP/2 gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/js/logo-slider-wp-public.js?ver=1.0.0
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 1a7485ed47545fe4e98ac45dc2e25602
82c873d8dfa338c53a86912682af69f8a5c7c2b1
3177e636589840d1e93e7421c7cb0b6aedd74d3081cd99954738368e7b6ccf9a
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/logo-slider-wp/public/assets/js/logo-slider-wp-public.js?ver=1.0.0 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 11 Dec 2019 05:47:45 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1031
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/css/royal-preload.css?ver=5.2.7
162.241.253.117200 OK 1.8 kB URL HTTP/2 gessuae.ae/wp-content/themes/industro/css/royal-preload.css?ver=5.2.7
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 636b97eb819ff0e9bcc4f161d155a1d5
3f23e856ce42a711e65a0721ff4f3de223afe64a
4cc5571d54526ad52250823b08e2293244275b597ca940ce69537cc453fed495
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/industro/css/royal-preload.css?ver=5.2.7 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1772
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2019/12/carel-logo-1.jpg
162.241.253.117200 OK 17 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2019/12/carel-logo-1.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 558x155, components 3\012- data
Hash 598430ed1aac5ea931a84cebe16a4249
a188f9c50ba1d39d4fc4b8421f885677117a2793
8986d83ac23651089a3cc83dadd5880c6beb9a437152de8191dc5126815a4b52
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2019/12/carel-logo-1.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Dec 2019 09:29:53 GMT
accept-ranges: bytes
content-length: 17172
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2019/12/Logo-ee843ac4429c806-1.jpg
162.241.253.117200 OK 20 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2019/12/Logo-ee843ac4429c806-1.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 558x155, components 3\012- data
Hash d85a5c7f2f5e364557ea84939c6c9e92
8c7e29935fc43cba688823f5b65a6298f6e84ba9
5186ab02fe9a169107e6a6e76435700823b5cc049e212f5e0476b7e20b0033db
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2019/12/Logo-ee843ac4429c806-1.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Dec 2019 09:30:09 GMT
accept-ranges: bytes
content-length: 20544
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2019/12/hmx-logo-1.jpg
162.241.253.117200 OK 22 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2019/12/hmx-logo-1.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 558x155, components 3\012- data
Hash 10f7696039317513eb61fa412a85f42a
f8794589901715151d172b01eda8359b0359ee29
e7a599eef543995710c393377a2b5d336133db691cadb1f68d018c7dfdd3bd5f
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2019/12/hmx-logo-1.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Dec 2019 09:30:07 GMT
accept-ranges: bytes
content-length: 21512
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2019/12/helien-logo-1.jpg
162.241.253.117200 OK 24 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2019/12/helien-logo-1.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 558x155, components 3\012- data
Hash 2f585602618029de08997ce6e113c4cf
0b25d81ed74d28a17f1f10c5953fc6f110286cc0
fd9c957a8d661b2937f4476950f1b866bcbbb3bfd8e955a6828ce6386c6be799
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2019/12/helien-logo-1.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Dec 2019 09:30:04 GMT
accept-ranges: bytes
content-length: 23559
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/js/royal_preloader.min.js?ver=1.0
162.241.253.117200 OK 3.1 kB URL HTTP/2 gessuae.ae/wp-content/themes/industro/js/royal_preloader.min.js?ver=1.0
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (550), with CRLF line terminators
Hash 9b28367d12c12704cf9f8ea8425c8afa
5d1ef195af155609fa142ff72656262eebe51026
0d0e4f81ef1379a4495263351d0624f07e209077e23a38750c6e6fd6b468fe08
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/industro/js/royal_preloader.min.js?ver=1.0 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 3099
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2019/12/MfgLogo-Trerice-1.jpg
162.241.253.117200 OK 31 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2019/12/MfgLogo-Trerice-1.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 558x155, components 3\012- data
Hash 833b34983aa8e284c326739521eef5c7
ef6c174a561989ba00108bde657e32044640b0df
9f7ca4ce16998c9d28b701a079ae43833688d583e73d4a258a1c02ba050bbe62
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2019/12/MfgLogo-Trerice-1.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Dec 2019 09:30:11 GMT
accept-ranges: bytes
content-length: 31274
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2019/11/GESS-LOGO.gif
162.241.253.117200 OK 78 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2019/11/GESS-LOGO.gif
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 87a, 170 x 100\012- data
Hash cb9211b1ee3de0b905ff2db91801f6a1
d03633f1f52040fe2ea01004c1d50d5797d0b400
44b47dc19b8a9beae892bb7aa49f6ab6d52b858d21d0bcf35d9b573aa013e4fd
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2019/11/GESS-LOGO.gif HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 13:06:08 GMT
accept-ranges: bytes
content-length: 78396
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/gif
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2020/10/FOOTERLOGO-1.jpg
162.241.253.117200 OK 97 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2020/10/FOOTERLOGO-1.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2014 (Windows), datetime=2020:10:10 12:09:00], progressive, precision 8, 1200x200, components 3\012- data
Hash 6a551bfb7a22fe08926a9a9541853b63
a3277b02a47447acefa5b47c75c468cdbeece6df
4010564484878c20205b5eda3d113edd67083493e102ac0c2d1647824a00e44b
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2020/10/FOOTERLOGO-1.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 10 Oct 2020 08:13:31 GMT
accept-ranges: bytes
content-length: 97220
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/js/jquery.colorbox-min.js?ver=1.0.3
162.241.253.117200 OK 5.4 kB URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/js/jquery.colorbox-min.js?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11887)
Hash f65d05be2ec7780db520755ccabe4d8d
095771b9ad35ce2b4277f7e9bfc0142f1d0b5ab6
18e89449751a5a85f91648c8d483bba0fdfd9968e199d9333a88bddc81033ca0
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/js/jquery.colorbox-min.js?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 5400
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70
162.241.253.117200 OK 4.0 kB URL HTTP/2 gessuae.ae/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (9172)
Hash 1634848cac6bee67add01a21261fcde0
5a831f11c2aed128419ec5fe2bfdb91e04b770f5
bf7374b854854ed1a337f0c83f0d8ee44b2e2d09d2ed9669b6f04456cd93416c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 11 Mar 2022 07:19:42 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 4024
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.8.3
162.241.253.117200 OK 1.1 kB URL HTTP/2 gessuae.ae/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.8.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (2750), with no line terminators
Hash 910d41de9aa2221dcbcb9620259638c6
fe903ef71eae0209084a6e302712fd027792d991
7f935d874ad97cec9ce4d63935555ef534563b99c931460e61dae475c2d95ba0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.8.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 11 Mar 2022 07:19:42 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1105
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/js/jquery.prettyPhoto.js?ver=1.0.3
162.241.253.117200 OK 7.7 kB URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/js/jquery.prettyPhoto.js?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (22515)
Hash 31b3d04273c7f590deebbbb3193fc3e6
efd3a6a525ed0a940e70f3d21da4d11fcc3955f1
0636d10e799d7c73858aa86086bcd4a702133822dc7c278a0a93209ad9b3d854
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/js/jquery.prettyPhoto.js?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 7737
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.0.5
162.241.253.117200 OK 372 B URL HTTP/2 gessuae.ae/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.0.5
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 0507d06596355ea2efd09bb9c5b0e46c
9ae0e8f7847222b09264ada703c182fd89011126
fefb5c10a704ffcb6c905a785ec2af387ff7169dbe548fa4784cc5782797d4c2
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=6.0.5 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:47:01 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 372
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/js/jquery.magnific-popup.min.js?ver=1.0.3
162.241.253.117200 OK 9.2 kB URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/js/jquery.magnific-popup.min.js?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (20087)
Hash 7a10ae63b238729dc4da7f7bd8986219
654c47168dca0ec7080f6c57e8c4482b57f879d4
b782185399b361358f7c409d6f23f22d45f695dcbb63876c35752c7b1de72db3
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/js/jquery.magnific-popup.min.js?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 9204
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/js/isotope.js?ver=1.0.3
162.241.253.117200 OK 14 kB URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/js/isotope.js?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (35468)
Hash 8a84c56f0f2cb66cb478b8c6442f8e11
81d3854b71e7644559a8726ae4d5e05a80e513d2
b49732e45f47434fb03a1c91d94d30a214710cba0c49ec521a854222c893d5ea
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/js/isotope.js?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 13724
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.6
162.241.253.117409 Conflict 83 B URL HTTP/2 gessuae.ae/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.6
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.6 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.8.3
162.241.253.117200 OK 622 B URL HTTP/2 gessuae.ae/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.8.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1472), with no line terminators
Hash 141bb95e572172acdbe6676a83e84df3
3829931abc1d6dde6803fb763f4a23fd17067007
207cd6ad1c941fc75e661f1baa1ee696f5db920e0e1be345f6400fd5916050b9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.8.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 11 Mar 2022 07:19:42 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 622
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2019/12/Euro-Air-Logo-1.jpg
162.241.253.117200 OK 21 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2019/12/Euro-Air-Logo-1.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 558x155, components 3\012- data
Hash 4c8b0b9a5f9f5d0f54319c08af310f55
4e29d39223292561f1e462b3877f122fbcd36d69
92d00eb0ebe75aa5852e3658096858073bbb2ceffb6969ba187168ef66acea47
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2019/12/Euro-Air-Logo-1.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Dec 2019 09:30:02 GMT
accept-ranges: bytes
content-length: 21108
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2019/12/rickard-logo-1.jpg
162.241.253.117200 OK 24 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2019/12/rickard-logo-1.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 558x155, components 3\012- data
Hash ac76a9ffa543f64f9977dc41f15687d3
db81b411c80f27da1f1ba5c6ca5e8f7b25cb2848
89ffb4f3b6c0d30d334a3e784615fa57fa888b904b9c16a51659799c38a32e09
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2019/12/rickard-logo-1.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Dec 2019 09:30:14 GMT
accept-ranges: bytes
content-length: 24124
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2019/12/dehutech-logo-1.jpg
162.241.253.117200 OK 32 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2019/12/dehutech-logo-1.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 558x155, components 3\012- data
Hash 8d3732222aa9ea2f3ae3a9fbf9faab17
e6cda590da53a8aa687c52eefd5be3d8978bb536
98d7097a43043bbb8fd595f72cb67fc9ba4014ef8c967773dc4bd635c24c7d05
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2019/12/dehutech-logo-1.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Dec 2019 09:29:57 GMT
accept-ranges: bytes
content-length: 31741
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4
162.241.253.117200 OK 994 B URL HTTP/2 gessuae.ae/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1680)
Hash 6288aae4bca8a1cf895fc741f6758bea
ae5a8bd6281e058852d8a93562196298556f53f5
1136e8c7449b0bfb5117fc8a0807125dc2e9b5afa45994af3a058a2a77d3e5d7
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 11 Mar 2022 07:19:42 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 994
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/js/countto.js?ver=20180910
162.241.253.117200 OK 942 B URL HTTP/2 gessuae.ae/wp-content/themes/industro/js/countto.js?ver=20180910
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash dab4777223fa0e45b615feeb8d94d87d
602400e6c070e501d46e26c24913f18be7023108
9bb520d97e4b7e3de58f38dc8e15d2c8ab976040444935c3d407ce3da7b7b399
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/industro/js/countto.js?ver=20180910 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 942
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.8.3
162.241.253.117200 OK 1.1 kB URL HTTP/2 gessuae.ae/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.8.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2940), with no line terminators
Hash 7651ad27b3fd7dff417370d3899ff533
e138c5d9beff0d797671cd26e45a665f6e8e9bfa
d34f0f559a85e4aa7f14ec64aae390a98d495033f19e2c51008e1a1e264022bd
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.8.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 11 Mar 2022 07:19:42 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1096
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js?ver=6.0.5
162.241.253.117200 OK 13 kB URL HTTP/2 gessuae.ae/wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js?ver=6.0.5
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (32004)
Hash 467820db91913a4bcc47a5ba31e0b03a
5b7cb3c27601a44899b2bf352bda05ed2e579028
bd70d14ab9049dd3b3ab636e1cdc8c31d5ca701d2e738a625f5c8cbc93b975dc
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/js_composer/assets/lib/bower/isotope/dist/isotope.pkgd.min.js?ver=6.0.5 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:47:00 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 13221
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/js/slick.min.js?ver=20180910
162.241.253.117200 OK 14 kB URL HTTP/2 gessuae.ae/wp-content/themes/industro/js/slick.min.js?ver=20180910
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (42862)
Hash e61b26be7b27fbf2a5c2f479364c12b8
ff046102856e16854639a9862521c193fa05e9d7
19f098db827ce2943ab549c6fb9b142c4cc70aa9ecd7d3afc657a3a0eed8be88
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/industro/js/slick.min.js?ver=20180910 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 14332
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2019/12/Dwyer-Logo-1.jpg
162.241.253.117200 OK 21 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2019/12/Dwyer-Logo-1.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 558x155, components 3\012- data
Hash f3ad4a2c8a3de7e415fecfbebc0d0038
438db5a8dad3c93589595bdfa04e2f95d5bf22d4
7b5e12852f043946fc4c971921872650317d35107673cf3d61b5e9e8b3be3810
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2019/12/Dwyer-Logo-1.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Dec 2019 09:29:59 GMT
accept-ranges: bytes
content-length: 21357
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12693
Expires: Sat, 05 Nov 2022 00:53:02 GMT
Date: Fri, 04 Nov 2022 21:21:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12693
Expires: Sat, 05 Nov 2022 00:53:02 GMT
Date: Fri, 04 Nov 2022 21:21:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12693
Expires: Sat, 05 Nov 2022 00:53:02 GMT
Date: Fri, 04 Nov 2022 21:21:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3494b1e3-ddc8-454c-8b43-e70e2d8f07b8.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3494b1e3-ddc8-454c-8b43-e70e2d8f07b8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ae2b8d827fb2c8bef64febcd36f1645
f7705fcd2d91ce90c58e79324cce1e3abba6c1c8
2dc55e97ef3a85fccb104b80161a8bac16b12d37527c336563677432584c7ad5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3494b1e3-ddc8-454c-8b43-e70e2d8f07b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11421
x-amzn-requestid: 80f2a46c-6682-4160-b896-eeaa366dbab7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aUsKNF4SoAMFn5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6351c0a7-5a5517d005ec7a7d1507b58e;Sampled=0
x-amzn-remapped-date: Thu, 20 Oct 2022 21:41:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gdqoswTMqjrfyzzY-103agxLH8ak-rFsCId29eoLOF6WHgFmd04K7g==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 08:24:41 GMT
age: 46608
etag: "f7705fcd2d91ce90c58e79324cce1e3abba6c1c8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1cdc7f46-586b-486f-968f-5fe03bbb41a9.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1cdc7f46-586b-486f-968f-5fe03bbb41a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ae1ac87f2e6534322ba259d6e06fcaa5
c721a00ae618e6ed997e102fa3d977ef830cac05
2f4cab8b925f6a79ed96b08edc00f04186d33ed9cfd4ba565884a931e83ae408
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1cdc7f46-586b-486f-968f-5fe03bbb41a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7601
x-amzn-requestid: bec1a71e-c5bd-4332-ac60-18b49304a5a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a275aEHYoAMFwlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635f736f-1b36c60a43415790430fbecf;Sampled=0
x-amzn-remapped-date: Mon, 31 Oct 2022 07:04:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qU7wyWD8EdHphWbT-IrDcYYXxqUgabGPLXE5_CRJ1rwnbQMC93r4dw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 04:09:51 GMT
age: 61898
etag: "c721a00ae618e6ed997e102fa3d977ef830cac05"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08eaa5d0-649d-4568-ac8b-ca60d91ab718.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08eaa5d0-649d-4568-ac8b-ca60d91ab718.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9a763d44e05fa357713a41ab1388974a
d4d2ee1aa9beb5bbd19aaaf590c8a0832fb180cd
f351b7e90e5435af071892b62af3ac591bc553281b3ea63b1ae067a3d03f572d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08eaa5d0-649d-4568-ac8b-ca60d91ab718.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7703
x-amzn-requestid: 4f835957-6df6-4001-9c34-ed9749000b46
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0RpFGwoAMF0-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364340a-3f7b7dd36cb07d057b64ec2f;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5_POzz6quaFlv3R4djTMvwuiLWqmvHLCrZ58DtyQPJG8yWQoxV0LjQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:11 GMT
etag: "d4d2ee1aa9beb5bbd19aaaf590c8a0832fb180cd"
content-type: image/jpeg
age: 84498
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178fad61-d3ee-4517-8b79-a9952a3fff8a.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178fad61-d3ee-4517-8b79-a9952a3fff8a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c67d8f51aff77b24d8cb3fd9ec479813
ebf192d282f763c6220d8d83423b4c1cb76332a1
941bab2bc237c080c6364198d3a183e5b513f72533c98b931b4503476f92e395
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F178fad61-d3ee-4517-8b79-a9952a3fff8a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 1f8c3db7-e6e5-4503-a865-1a2407d91ada
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0XYGP_oAMFvnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364342f-66953a9f6f31915c375fd6ab;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:43 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 1vWc25iNyC4YygyUrZFKyk6DkYdFr2SibxZEfUzQ53ZEGp9VKgloNg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:51:37 GMT
age: 84592
etag: "ebf192d282f763c6220d8d83423b4c1cb76332a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gessuae.ae/wp-includes/css/dashicons.min.css?ver=5.2.7
162.241.253.117200 OK 39 kB URL HTTP/2 gessuae.ae/wp-includes/css/dashicons.min.css?ver=5.2.7
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash ea92063a1fec0854bf0e88bfa7dc6233
f3cce07f574cc2fd684d610c1441652785074ab5
af68e6c7781f5c165de6c0e951146693536abeeb1d317cfee1ebb8d24258323a
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/css/dashicons.min.css?ver=5.2.7 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 15 May 2019 19:47:55 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ca6c7517d7015fbc35fa290c1c2d6afd
594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c
a746b36be50209915a0e5657abd219aab382eee4b7556142aa1316daf3a9f5a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: f2e39db1-fb8a-4a9b-8a1d-ee08000ddeb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC1VyFHuIAMF5Eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636435be-7a03ef677f8dbd680f72de90;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:42:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: I6mALhsUwtQqMP_p_HxFaiCyfRDTtVzPIJjeDrKSEq7Tc_d5EcNw3Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
age: 84509
etag: "594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=3.8.3
162.241.253.117200 OK 1.2 kB URL HTTP/2 gessuae.ae/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=3.8.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (6758), with no line terminators
Hash db3218984a8b4abfb2fcb8fbadf567af
6e1ecb91efbe89ccea24cb4c75693074d0615476
d8f42f621f6a96dff98788fbffa113beca74161e2890b1b84c30aa80bbb25dab
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=3.8.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 11 Mar 2022 07:19:43 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1171
content-type: text/css
date: Fri, 04 Nov 2022 21:21:29 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 656a355c6cb333c5554fa65748d3d165
15e6dc206e412e258ca49e2eec46e67b831ea4a6
3bdcb16737f73a6985f7cfe3b221882d91b27ab3ec6f940f14477f94a0e40720
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 21:21:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gessuae.ae
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:34:08 GMT
expires: Thu, 02 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 179241
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 656a355c6cb333c5554fa65748d3d165
15e6dc206e412e258ca49e2eec46e67b831ea4a6
3bdcb16737f73a6985f7cfe3b221882d91b27ab3ec6f940f14477f94a0e40720
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 21:21:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gessuae.ae/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.6
162.241.253.117409 Conflict 83 B URL HTTP/2 gessuae.ae/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.6
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.6 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Fri, 04 Nov 2022 21:21:29 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/fonts/fa-solid-900.woff2
162.241.253.117200 OK 44 kB URL HTTP/2 gessuae.ae/wp-content/themes/industro/fonts/fa-solid-900.woff2
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format (Version 2), TrueType, length 44068, version 1.0\012- data
Hash 84f351b3972185aed620f78489e48b2d
27c88aea3904d48cde4c8cd6fa85a414b547feea
cb7aa6b06aa5a8eea3670662c4b0c37104041c14575fc170dc48677a0506a33a
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/industro/fonts/fa-solid-900.woff2 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gessuae.ae/wp-content/themes/industro/css/font-awesome.css?ver=5.2.7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
content-length: 44068
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: font/woff2
date: Fri, 04 Nov 2022 21:21:29 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2022/05/KFOmCnqEu92Fr1Me5g.woff
162.241.253.117200 OK 66 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2022/05/KFOmCnqEu92Fr1Me5g.woff
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 65456, version 1.1\012- data
Hash 62b936e168110e58e89e70ec82e22755
323e6800b4b0ee85b338e9a19ce5b28d4cabed36
e41533d5c6eab361631aa3cf8bf7b8a2e6babfcc42a1aa950b2b0cd80c109b8f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/uploads/2022/05/KFOmCnqEu92Fr1Me5g.woff HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 13 May 2022 06:05:48 GMT
accept-ranges: bytes
content-length: 65456
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: font/woff
date: Fri, 04 Nov 2022 21:21:29 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/fonts/fa-brands-400.woff2
162.241.253.117200 OK 55 kB URL HTTP/2 gessuae.ae/wp-content/themes/industro/fonts/fa-brands-400.woff2
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format (Version 2), TrueType, length 55144, version 1.0\012- data
Hash 2ac01f7650b5ab76bfebbc708928929e
8ca7aeb88ef1fefb582f941e9216029328e25f4c
e8562087317b34c4b2ac60e28e272b7b33e37523aacd5f2adba7a4f108e415c6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/industro/fonts/fa-brands-400.woff2 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gessuae.ae/wp-content/themes/industro/css/font-awesome.css?ver=5.2.7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
content-length: 55144
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: font/woff2
date: Fri, 04 Nov 2022 21:21:29 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2022/05/KFOlCnqEu92Fr1MmEU9vAA.woff
162.241.253.117200 OK 66 kB URL HTTP/2 gessuae.ae/wp-content/uploads/2022/05/KFOlCnqEu92Fr1MmEU9vAA.woff
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 65756, version 1.1\012- data
Hash 68d75d959b2a0e9958b11d781338c8f7
3e84834a4337dde364d80e50b59a9a304b408998
8f838c807ff9fffa19ef81e9ba11530361339b32d8243c273baf687bd8118126
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/uploads/2022/05/KFOlCnqEu92Fr1MmEU9vAA.woff HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 13 May 2022 06:05:48 GMT
accept-ranges: bytes
content-length: 65756
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: font/woff
date: Fri, 04 Nov 2022 21:21:29 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/fonts/fontawesome-webfont.woff2?v=4.7.0
162.241.253.117200 OK 77 kB URL HTTP/2 gessuae.ae/wp-content/themes/industro/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/industro/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gessuae.ae/wp-content/themes/industro/css/font-awesome.css?ver=5.2.7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:46:35 GMT
accept-ranges: bytes
content-length: 77160
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: font/woff2
date: Fri, 04 Nov 2022 21:21:29 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 17368, version 1.0\012- data
Hash abe083d96b58eb02ada8b7c30d7b09f2
61447d66d13a8c8f4335696777a85c438c46f749
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
GET /s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gessuae.ae
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 30 Oct 2022 00:47:28 GMT
expires: Mon, 30 Oct 2023 00:47:28 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 506041
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/img/next.png
162.241.253.117200 OK 1.3 kB URL HTTP/2 gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/img/next.png
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash fd8610bcce676fe5c3fe3034f828a8e7
af241a5a942d14af15e972ed89d3d7bb5ae7955f
ad3616f8f2aa610e535c677b50a8e617ee4168aba7c0c050f0cfac69c4682458
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/logo-slider-wp/public/assets/img/next.png HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 11 Dec 2019 05:47:45 GMT
accept-ranges: bytes
content-length: 1342
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 04 Nov 2022 21:21:29 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/img/prev.png
162.241.253.117200 OK 1.4 kB URL HTTP/2 gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/img/prev.png
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 3533dfdbc00072df064d03b03a2cec30
6e68f0736c0447b002869ae314926848d26b023b
71a3c4b86870ea13d02cd4effc181dfe5b1582109bff2b79a998b64fbdc25e7a
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/logo-slider-wp/public/assets/img/prev.png HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 11 Dec 2019 05:47:45 GMT
accept-ranges: bytes
content-length: 1354
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Fri, 04 Nov 2022 21:21:29 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/?wc-ajax=get_refreshed_fragments
162.241.253.117200 OK 161 B URL HTTP/2 gessuae.ae/?wc-ajax=get_refreshed_fragments
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JSON data\012- , ASCII text, with no line terminators
Hash 650d329ca7144ad1b254f70cec48c223
05e4429056d334328c79307d47cb4f2437037c25
2343b049d208442d3efabc649b5f659a589a5bbb8d5e92f1fffb474775331fea
Analyzer Verdict Alert quad9 Sinkholed
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: https://gessuae.ae
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://gessuae.ae
access-control-allow-credentials: true
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-transform, no-cache, no-store, must-revalidate
x-robots-tag: noindex
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 161
content-type: application/json; charset=UTF-8
date: Fri, 04 Nov 2022 21:21:29 GMT
server: Apache
X-Firefox-Spdy: h2
cdn.weatherplllatform.com/events.js?v=2.141
91.211.91.114200 OK 3.6 kB URL HTTP/2 cdn.weatherplllatform.com/events.js?v=2.141
IP 91.211.91.114:0
ASN #206638 PE Brezhnev Daniil
Hash d6081cdc1ef15028fb0e6c5f8643a607
689e465a74920f8868b237f0ab04f4c69c679dff
1d19e8ddaddac1c7015f3c1bd636802777c79c2601dc008c11059d1e96891036
GET /events.js?v=2.141 HTTP/1.1
Host: cdn.weatherplllatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 21:21:29 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 26 Sep 2022 14:49:44 GMT
vary: Accept-Encoding
etag: W/"6331bc08-920"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2
go.weatherplllatform.com/fly/follow.js?v=3.7.3
91.211.91.114200 OK 172 B URL HTTP/2 go.weatherplllatform.com/fly/follow.js?v=3.7.3
IP 91.211.91.114:0
ASN #206638 PE Brezhnev Daniil
File type ASCII text, with no line terminators
Hash 860e8b8a1ad47a20a38f9ffcb774a418
487cde7374e1cf1d37cc2a6f67bb1fdea024d1a4
123ed70f78c358d122fd2b8b4d91603a08ed303bbce78770d2ce62f8b01a0c68
GET /fly/follow.js?v=3.7.3 HTTP/1.1
Host: go.weatherplllatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 21:21:30 GMT
content-type: text/html; charset=UTF-8
content-length: 172
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
go.weatherplllatform.com/fly.php?t=ZGZsa3lqaHNnZGY=
91.211.91.114302 Found 0 B URL HTTP/2 go.weatherplllatform.com/fly.php?t=ZGZsa3lqaHNnZGY=
IP 91.211.91.114:0
ASN #206638 PE Brezhnev Daniil
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fly.php?t=ZGZsa3lqaHNnZGY= HTTP/1.1
Host: go.weatherplllatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 04 Nov 2022 21:21:31 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://go.weatherplllatform.com/track.php?tid=54889&lid=9554-66-457679-29
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
go.weatherplllatform.com/track.php?tid=54889&lid=9554-66-457679-29
91.211.91.114302 Found 0 B URL HTTP/2 go.weatherplllatform.com/track.php?tid=54889&lid=9554-66-457679-29
IP 91.211.91.114:0
ASN #206638 PE Brezhnev Daniil
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track.php?tid=54889&lid=9554-66-457679-29 HTTP/1.1
Host: go.weatherplllatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gessuae.ae/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 04 Nov 2022 21:21:32 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.cdnbestplatform.com/go.php?id=11134985467-34-56736-11
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
away.cdnbestplatform.com/go.php?id=11134985467-34-56736-11
91.211.91.104200 OK 410 B URL HTTP/2 away.cdnbestplatform.com/go.php?id=11134985467-34-56736-11
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash b9c3f5f029aa9a3a683f33b3241632f2
4aa5cf75d0defa220049f94f0ea44cabf22a1340
5890fb630b21c56192ebc4d7012070e3a94a400d08699b02bae216bdc9ca3815
Analyzer Verdict Alert fortinet Phishing
GET /go.php?id=11134985467-34-56736-11 HTTP/1.1
Host: away.cdnbestplatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gessuae.ae/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 21:21:32 GMT
content-type: text/html; charset=UTF-8
content-length: 410
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 195e2cfe0e825c3cc73f7b27531d26dc
125f4d416a03523bab506171a742a7e6ef7aa682
e5ef579875f97275f15cfc979e869c1bdf4bcb47b0a37525dc540b47299b9f04
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E5EF579875F97275F15CFC979E869C1BDF4BCB47B0A37525DC540B47299B9F04"
Last-Modified: Thu, 03 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15257
Expires: Sat, 05 Nov 2022 01:35:50 GMT
Date: Fri, 04 Nov 2022 21:21:33 GMT
Connection: keep-alive
greenskymotions.com/go/mu4genjugq5dcmjrhe3a?sub2=fastlspeed17
185.177.94.152200 OK 18 kB URL HTTP/2 greenskymotions.com/go/mu4genjugq5dcmjrhe3a?sub2=fastlspeed17
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7734)
Hash 33bc5c808cfd4d09eb98709dee59d86e
1470f1e6e4f43334aa53da914b2d0ed786c0c791
ee8b31fbd076f7e00e5dd6f8b5cd3e67b9fe2a51f7f600fd76f6c5ebe066a289
Analyzer Verdict Alert fortinet Phishing
GET /go/mu4genjugq5dcmjrhe3a?sub2=fastlspeed17 HTTP/1.1
Host: greenskymotions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.cdnbestplatform.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 21:21:33 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=94bf9dab-e3e1-49c3-ae66-91857af91a20; expires=Sun, 04-Dec-2022 21:21:33 GMT; Max-Age=2592000; path=/; domain=greenskymotions.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
greenskymotions.com/favicon.ico
185.177.94.152204 No Content 0 B URL HTTP/2 greenskymotions.com/favicon.ico
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: greenskymotions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://greenskymotions.com/go/mu4genjugq5dcmjrhe3a?sub2=fastlspeed17
Cookie: uuid=94bf9dab-e3e1-49c3-ae66-91857af91a20
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 04 Nov 2022 21:21:33 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cd322cc4b1e4a26fe09ee5c756279f38
68b460c362703e217222bc774323b6c35f901e55
1c2346a969153850d01b58472991eb79d8c891c61a0bfa4e45a94a8266b206bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1C2346A969153850D01B58472991EB79D8C891C61A0BFA4E45A94A8266B206BD"
Last-Modified: Thu, 03 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13257
Expires: Sat, 05 Nov 2022 01:02:30 GMT
Date: Fri, 04 Nov 2022 21:21:33 GMT
Connection: keep-alive
0.greenskymotions.com/b91698fd2.js
185.177.94.152200 OK 56 B URL HTTP/2 0.greenskymotions.com/b91698fd2.js
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 01fedb484c76c86eb5bafcc15b97bddc
aa3d7fba2de0e16f69798d6dc6e77d2765a90455
93f23f64c6e14a7778241254ad90d49a38dfe406afdd5e0e223064613572d40f
Analyzer Verdict Alert fortinet Phishing
GET /b91698fd2.js HTTP/1.1
Host: 0.greenskymotions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=94bf9dab-e3e1-49c3-ae66-91857af91a20; uuid=94bf9dab-e3e1-49c3-ae66-91857af91a20
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 21:21:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 56
last-modified: Thu, 13 Oct 2022 01:01:02 GMT
etag: "6347634e-38"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
0.greenskymotions.com/favicon.ico
185.177.94.152204 No Content 0 B URL HTTP/2 0.greenskymotions.com/favicon.ico
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 0.greenskymotions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.greenskymotions.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=fastlspeed17
Cookie: uuid=94bf9dab-e3e1-49c3-ae66-91857af91a20; uuid=94bf9dab-e3e1-49c3-ae66-91857af91a20
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 04 Nov 2022 21:21:34 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/css/eg-frontend.css?ver=1.0.3
162.241.253.117200 OK 47 kB URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/css/eg-frontend.css?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 4d5e45fbe4a69c7353f7ae3d18cbba92
05bbe545be0a8816a84f1210d13cf2405ddf818d
92709ace6fbb1070135d4a2a4c9774248f24d834f8d470b70bd0f9a2788ee537
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/css/eg-frontend.css?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
broworker4s.com/sw/bro.js
212.129.18.219200 OK 1.4 kB URL HTTP/2 broworker4s.com/sw/bro.js
IP 212.129.18.219:0
Hash 54f74c14bedc4f7872d36651cda64b38
7509528878f1fe6e47dcade9118aed083bff0159
b4477a1f5ad6a41412594d617b892fc8397cbb2d3321c22261b049f6c18623d3
GET /sw/bro.js HTTP/1.1
Host: broworker4s.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.greenskymotions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 21:21:34 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sat, 04 Nov 2023 21:21:34 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.1.3
162.241.253.117200 OK 0 B URL HTTP/2 gessuae.ae/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.1.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.1.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:47:03 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/uploads/2019/12/dantherm-logo-1.jpg
162.241.253.117200 OK 0 B URL HTTP/2 gessuae.ae/wp-content/uploads/2019/12/dantherm-logo-1.jpg
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2019/12/dantherm-logo-1.jpg HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Dec 2019 09:29:55 GMT
accept-ranges: bytes
content-length: 17074
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/jpeg
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
162.241.253.117200 OK 0 B URL HTTP/2 gessuae.ae/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 17 May 2019 17:08:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/lib/owl.carousel2/owl.carousel.js?ver=1.0.0
162.241.253.117200 OK 0 B URL HTTP/2 gessuae.ae/wp-content/plugins/logo-slider-wp/public/assets/lib/owl.carousel2/owl.carousel.js?ver=1.0.0
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/logo-slider-wp/public/assets/lib/owl.carousel2/owl.carousel.js?ver=1.0.0 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 11 Dec 2019 05:47:45 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/themes/industro/style.css?ver=5.2.7
162.241.253.117200 OK 0 B URL HTTP/2 gessuae.ae/wp-content/themes/industro/style.css?ver=5.2.7
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/industro/style.css?ver=5.2.7 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 27 Sep 2020 13:23:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: text/css
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0
162.241.253.117200 OK 0 B URL HTTP/2 gessuae.ae/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Nov 2019 12:47:03 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2
0.greenskymotions.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=fastlspeed17
185.177.94.152200 OK 0 B URL HTTP/2 0.greenskymotions.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=fastlspeed17
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
GET /index.php?p=mu4genjugq5dcmjrhe3a&sub2=fastlspeed17 HTTP/1.1
Host: 0.greenskymotions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://greenskymotions.com/
Cookie: uuid=94bf9dab-e3e1-49c3-ae66-91857af91a20
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 21:21:33 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=94bf9dab-e3e1-49c3-ae66-91857af91a20; expires=Sun, 04-Dec-2022 21:21:33 GMT; Max-Age=2592000; path=/; domain=0.greenskymotions.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
broworker4s.com/sw/bro.js
212.129.18.219200 OK 0 B URL HTTP/2 broworker4s.com/sw/bro.js
IP 212.129.18.219:0
GET /sw/bro.js HTTP/1.1
Host: broworker4s.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://greenskymotions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 21:21:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sat, 04 Nov 2023 21:21:33 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
gessuae.ae/wp-content/plugins/everest-gallery/js/jquery.bxslider.min.js?ver=1.0.3
162.241.253.117200 OK 0 B URL HTTP/2 gessuae.ae/wp-content/plugins/everest-gallery/js/jquery.bxslider.min.js?ver=1.0.3
IP 162.241.253.117:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/everest-gallery/js/jquery.bxslider.min.js?ver=1.0.3 HTTP/1.1
Host: gessuae.ae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gessuae.ae/wp-includes/fonts/whe.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 07:49:29 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/javascript
date: Fri, 04 Nov 2022 21:21:28 GMT
server: Apache
X-Firefox-Spdy: h2