foldingillusions.com/
82.223.33.49200 OK 24 kB IP 82.223.33.49:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18458)
Hash d4e6b0b95bd8af31c91a63b03a0c1964
cd11b69b33558e3b23b0d8551aee023c5a496270
852fa844e49b16c4402d5125b22dc79e266d6f6a194d9de2971eef613ddfc8b7
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 00:40:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Content-Encoding: gzip
WPO-Cache-Status: cached
Last-Modified: Wed, 04 Jan 2023 20:43:23 GMT
X-Powered-By: PHP/7.3.33, PleskLin
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 326898eb925368408f6f42ee173b9d89
b8b20ee34b7e7b139e7729b8e46a54ea25f54ac8
96c2c75f700ab55649882111713ca3cfb2eaf08e404c2bc245a641dc12ae168a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96C2C75F700AB55649882111713CA3CFB2EAF08E404C2BC245A641DC12AE168A"
Last-Modified: Wed, 04 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21408
Expires: Thu, 05 Jan 2023 06:36:51 GMT
Date: Thu, 05 Jan 2023 00:40:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ce8af3d72e7e9af609039abee59c8b87
8e1b16591fbc632df35f15e23da55ee86af31bc3
52edddbda4a3a3b778f61a491b21e6ea439e9d8024189e636b1f37b2dd7226fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52EDDDBDA4A3A3B778F61A491B21E6EA439E9D8024189E636B1F37B2DD7226FC"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15371
Expires: Thu, 05 Jan 2023 04:56:15 GMT
Date: Thu, 05 Jan 2023 00:40:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash da484f5e9c6805745e063b236fb81473
ae454bf4a7ae0e96935afc81ee0f89c049097b15
068d0da23acbe7f6b600c4e7dbe9c81d3ad78c8afd122255bbf3550e8a290686
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "068D0DA23ACBE7F6B600C4E7DBE9C81D3AD78C8AFD122255BBF3550E8A290686"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2525
Expires: Thu, 05 Jan 2023 01:22:09 GMT
Date: Thu, 05 Jan 2023 00:40:04 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 04 Jan 2023 23:47:48 GMT
content-type: application/json
age: 3136
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: kSC+PrEBzydZj4z1cmO/zylxXX6isJC4WXISleTxaFPl6Ih3pGv/2U/XVCy7aW+MMfObFVmc9DA=
x-amz-request-id: YVNTVZQKBXZJV2XH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 05 Jan 2023 00:01:31 GMT
age: 2313
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a430d46fb27196c8b03f382c1bafbb23
0b31940d1067eb87c24c6d356689d7f9f90231a6
3e9cd331b1c2c1eca94ff12ec1b685e1c1c1909e30e8b3cf4493dc6eac786df8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 00:40:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a430d46fb27196c8b03f382c1bafbb23
0b31940d1067eb87c24c6d356689d7f9f90231a6
3e9cd331b1c2c1eca94ff12ec1b685e1c1c1909e30e8b3cf4493dc6eac786df8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 00:40:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-184503207-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-184503207-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash b4949bb2e11dbe0ee1c9b553451078f0
4fa93599ab20fdc0b7b4d6899c07a9d5fcc78e2e
07db6082ba2757edb5c43e843ca7d45bdf52b33505937c1ef622963ae9f0eaef
GET /gtag/js?id=UA-184503207-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 05 Jan 2023 00:40:04 GMT
expires: Thu, 05 Jan 2023 00:40:04 GMT
cache-control: private, max-age=900
last-modified: Thu, 05 Jan 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43573
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-MP69GDNWHF
142.250.74.168200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-MP69GDNWHF
IP 142.250.74.168:0
File type ASCII text, with very long lines (20080)
Hash 6374ad271a09eb71ab439932f667277a
6e88d15b2544b3d91d6d9bb277adf4ada131d163
3780b6ce5e376fb2b7d1a9064afa503394229a5df9ff9e6013a349556a80352f
GET /gtag/js?id=G-MP69GDNWHF HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 05 Jan 2023 00:40:04 GMT
expires: Thu, 05 Jan 2023 00:40:04 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76322
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 41b2dc287781a5f17e59b2cd19467c66
eab220a3cfffc465b49180b70360ba86714bf11d
c76cdc87473f2977fc7b760dbf4c93a68c22f5f02ac3c1dc70c770f8ce6846d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C76CDC87473F2977FC7B760DBF4C93A68C22F5F02AC3C1DC70C770F8CE6846D3"
Last-Modified: Wed, 04 Jan 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 05 Jan 2023 06:40:04 GMT
Date: Thu, 05 Jan 2023 00:40:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 41b2dc287781a5f17e59b2cd19467c66
eab220a3cfffc465b49180b70360ba86714bf11d
c76cdc87473f2977fc7b760dbf4c93a68c22f5f02ac3c1dc70c770f8ce6846d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C76CDC87473F2977FC7B760DBF4C93A68C22F5F02AC3C1DC70C770F8CE6846D3"
Last-Modified: Wed, 04 Jan 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 05 Jan 2023 06:40:04 GMT
Date: Thu, 05 Jan 2023 00:40:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 41b2dc287781a5f17e59b2cd19467c66
eab220a3cfffc465b49180b70360ba86714bf11d
c76cdc87473f2977fc7b760dbf4c93a68c22f5f02ac3c1dc70c770f8ce6846d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C76CDC87473F2977FC7B760DBF4C93A68C22F5F02AC3C1DC70C770F8CE6846D3"
Last-Modified: Wed, 04 Jan 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21580
Expires: Thu, 05 Jan 2023 06:39:44 GMT
Date: Thu, 05 Jan 2023 00:40:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 41b2dc287781a5f17e59b2cd19467c66
eab220a3cfffc465b49180b70360ba86714bf11d
c76cdc87473f2977fc7b760dbf4c93a68c22f5f02ac3c1dc70c770f8ce6846d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C76CDC87473F2977FC7B760DBF4C93A68C22F5F02AC3C1DC70C770F8CE6846D3"
Last-Modified: Wed, 04 Jan 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 05 Jan 2023 06:40:04 GMT
Date: Thu, 05 Jan 2023 00:40:04 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a430d46fb27196c8b03f382c1bafbb23
0b31940d1067eb87c24c6d356689d7f9f90231a6
3e9cd331b1c2c1eca94ff12ec1b685e1c1c1909e30e8b3cf4493dc6eac786df8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 00:40:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8d13c5f4b1fc06f590573ee28e8ed4aa
59723c82bb80efd9fe83038ab3047cc7aa0ca1e8
f274d3a96c1bedc22c096ab64590ab2f6b5a2a9b29e3afe073ddbe3dfe28ece3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F274D3A96C1BEDC22C096AB64590AB2F6B5A2A9B29E3AFE073DDBE3DFE28ECE3"
Last-Modified: Wed, 04 Jan 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21530
Expires: Thu, 05 Jan 2023 06:38:54 GMT
Date: Thu, 05 Jan 2023 00:40:04 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 05 Jan 2023 00:08:11 GMT
age: 1913
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/01/logox1-1.png
82.223.33.49200 OK 16 kB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/01/logox1-1.png
IP 82.223.33.49:0
File type PNG image data, 150 x 162, 8-bit/color RGBA, non-interlaced\012- data
Hash 3b9698964078bbc1012eb587c0d48583
79b7c92e5527627e823131d632b4c1d6a4512ce2
8dd0c0ef3fb286d10a403bf31d552a9b1c01c3a65178b5e57ec547d477e7e9ec
GET /wp-content/uploads/2021/01/logox1-1.png HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: image/png
content-length: 16490
last-modified: Thu, 25 Feb 2021 06:51:07 GMT
etag: "603748db-406a"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/05/Fotofolio_peto-1.jpg
82.223.33.49200 OK 174 kB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/05/Fotofolio_peto-1.jpg
IP 82.223.33.49:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=18, height=3024, bps=0, PhotometricIntepretation=RGB, manufacturer=Apple, model=iPhone 8 Plus, orientation=upper-left, width=3553], baseline, precision 8, 823x751, components 3\012- data
Size 174 kB (174477 bytes)
Hash 855d29ef241a0c92eb963f695f33dfcd
e16a8ee02e179953533cd30558167151b1b656a9
326ece4ffb597da49922d3093ca68eaf5e1b59ae30892501a7ad2aa72fb08afa
GET /wp-content/uploads/2021/05/Fotofolio_peto-1.jpg HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: image/jpeg
content-length: 174477
last-modified: Sun, 02 May 2021 15:05:44 GMT
etag: "608ebfc8-2a98d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/05/Libro_de_firmas_vestido_portada-1.jpg
82.223.33.49200 OK 214 kB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/05/Libro_de_firmas_vestido_portada-1.jpg
IP 82.223.33.49:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=18, height=3024, bps=0, PhotometricIntepretation=RGB, manufacturer=Apple, model=iPhone 8 Plus, orientation=upper-left, width=4032], baseline, precision 8, 823x751, components 3\012- data
Size 214 kB (214083 bytes)
Hash 7c935aa7b23d8ee9ae5033eda4cd31f2
148bf7c36154a1e4355f7c8365b8347ec003250a
ae1a779aa2bec65c7d33585e3026739f2aa13cb82415618e6d1c61b13d28a232
GET /wp-content/uploads/2021/05/Libro_de_firmas_vestido_portada-1.jpg HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: image/jpeg
content-length: 214083
last-modified: Sun, 02 May 2021 15:05:22 GMT
etag: "608ebfb2-34443"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/05/Album_mar_portada-1.jpg
82.223.33.49200 OK 211 kB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/05/Album_mar_portada-1.jpg
IP 82.223.33.49:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=18, height=3024, bps=0, PhotometricIntepretation=RGB, manufacturer=Apple, model=iPhone 8 Plus, orientation=upper-left, width=4032], baseline, precision 8, 823x751, components 3\012- data
Size 211 kB (210594 bytes)
Hash 0e3e68aa6645540cdd71d42295c54d81
2942181644dc2f78f8b619fd4f71cddfca9c473c
505af017da1fbea687979018f41cc35f4fd531561436b7decf3c1d12afd21e08
GET /wp-content/uploads/2021/05/Album_mar_portada-1.jpg HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: image/jpeg
content-length: 210594
last-modified: Sun, 02 May 2021 15:19:51 GMT
etag: "608ec317-336a2"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/05/Fotofolio_oriental_portada-2-1.jpg
82.223.33.49200 OK 206 kB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/05/Fotofolio_oriental_portada-2-1.jpg
IP 82.223.33.49:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=15, height=3024, bps=0, PhotometricIntepretation=RGB, manufacturer=Apple, model=iPhone 8 Plus, orientation=upper-left, width=4032], baseline, precision 8, 823x751, components 3\012- data
Size 206 kB (205897 bytes)
Hash c1e1ad92e89a6586c8a9403a01ccde39
942f859de60580ab73911771baf55787cfccacd8
ad5fd4531b10a6da8233705bcc96329e490978728a198c51121df3f77862f573
GET /wp-content/uploads/2021/05/Fotofolio_oriental_portada-2-1.jpg HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: image/jpeg
content-length: 205897
last-modified: Sun, 02 May 2021 15:05:00 GMT
etag: "608ebf9c-32449"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fe74c226e54f2f382d278b594df930ae
4e4ebc661443f56b74d7c924ddae50bcb107f0af
511f11fe968867447f6d7e5862d8003e3a5fc18bdb62496ea09d140e9a11f53b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1575
Cache-Control: max-age=118381
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 00:40:05 GMT
Etag: "63b541ab-1d7"
Expires: Fri, 06 Jan 2023 09:33:06 GMT
Last-Modified: Wed, 04 Jan 2023 09:06:51 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
foldingillusions.com/wp-content/uploads/2021/12/ALBUM-OFERTA-1536x1152.png
82.223.33.49200 OK 2.2 MB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/12/ALBUM-OFERTA-1536x1152.png
IP 82.223.33.49:0
File type PNG image data, 1536 x 1152, 8-bit/color RGB, non-interlaced\012- data
Size 2.2 MB (2158224 bytes)
Hash efc89b46fdd6bd3124de46860aa2ffed
4b8142f8ac3a1a768fa38f1ba281d748aa7c342d
ba9f21afaedf1bf31c9a8964ae7740597d7d8a08a4e1d1b8d4225bdbecb7fd28
GET /wp-content/uploads/2021/12/ALBUM-OFERTA-1536x1152.png HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: image/png
content-length: 2158224
last-modified: Wed, 08 Dec 2021 11:00:47 GMT
etag: "61b0905f-20ee90"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/12/ALBUM-OFERTA-1-1536x1152.png
82.223.33.49200 OK 2.4 MB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/12/ALBUM-OFERTA-1-1536x1152.png
IP 82.223.33.49:0
File type PNG image data, 1536 x 1152, 8-bit/color RGB, non-interlaced\012- data
Size 2.4 MB (2388731 bytes)
Hash 9b9ec7168693965fb0ce01063bc8e6dc
d7b75128bd937bff5fb933ab5a2caaf94bdd94f8
ed55e6153eb7b0d30fdf15a55c1af91013e7203ea6dc29415e0a90f357786dbe
GET /wp-content/uploads/2021/12/ALBUM-OFERTA-1-1536x1152.png HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: image/png
content-length: 2388731
last-modified: Wed, 08 Dec 2021 11:01:16 GMT
etag: "61b0907c-2472fb"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/12/FOTOFOLIO-OFERTA-1536x1152.png
82.223.33.49200 OK 2.3 MB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/12/FOTOFOLIO-OFERTA-1536x1152.png
IP 82.223.33.49:0
File type PNG image data, 1536 x 1152, 8-bit/color RGB, non-interlaced\012- data
Size 2.3 MB (2336875 bytes)
Hash be21752a28f8072770deee3b6e59c3e7
bad177169b0b1202a56f9730fa45d7a46a0d91af
0745896bc307e1f527a6f0d683113286979ae4a02cd347853d911d36bf5ce5b6
GET /wp-content/uploads/2021/12/FOTOFOLIO-OFERTA-1536x1152.png HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: image/png
content-length: 2336875
last-modified: Wed, 08 Dec 2021 10:59:34 GMT
etag: "61b09016-23a86b"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/icomoon.woff
82.223.33.49200 OK 21 kB URL HTTP/2 foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/icomoon.woff
IP 82.223.33.49:0
File type Web Open Font Format, TrueType, length 20908, version 1.0\012- data
Hash 00491de6282bc94e9cc6a2ccbb4b3ae6
a3f9f4a0e469c3557e64029415698942903f10a4
22c851d5f36813ff8cbb4ab0d16273aa1eb536f84f2c56b53df8d2c7a54479a4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/icomoon.woff HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:05 GMT
content-type: application/font-woff
content-length: 20908
last-modified: Thu, 25 Feb 2021 06:51:06 GMT
etag: "603748da-51ac"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/12/FOTOFOLIO-OFERTA-2-1536x1152.png
82.223.33.49200 OK 2.4 MB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/12/FOTOFOLIO-OFERTA-2-1536x1152.png
IP 82.223.33.49:0
File type PNG image data, 1536 x 1152, 8-bit/color RGB, non-interlaced\012- data
Size 2.4 MB (2449140 bytes)
Hash a98d3e64476fffb4ca562a6bcdc47b20
9ce4b9e57bac080b906b4501c1dd90bcfe15bcfa
e86a90f78954de8492c7053a76e3629a9880a3079d9e92c84aa7df54eca4e0a7
GET /wp-content/uploads/2021/12/FOTOFOLIO-OFERTA-2-1536x1152.png HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: image/png
content-length: 2449140
last-modified: Wed, 08 Dec 2021 11:00:11 GMT
etag: "61b0903b-255ef4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2
82.223.33.49200 OK 13 kB URL HTTP/2 foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2
IP 82.223.33.49:0
File type Web Open Font Format (Version 2), TrueType, length 13276, version 331.-31261\012- data
Hash f0f8230116992e521526097a28f54066
0447c6b10bbf73f97b23dcfd6e6a48510822cb6e
8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:05 GMT
content-type: font/woff2
content-length: 13276
last-modified: Tue, 05 Oct 2021 17:32:29 GMT
etag: "615c8c2d-33dc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
82.223.33.49200 OK 78 kB URL HTTP/2 foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
IP 82.223.33.49:0
File type Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Hash e8a427e15cc502bef99cfd722b37ea98
a9922842a120a7f1eaced667480c5e185a106d69
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:05 GMT
content-type: font/woff2
content-length: 78196
last-modified: Tue, 05 Oct 2021 17:32:29 GMT
etag: "615c8c2d-13174"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5dcd3e3f6440384500af24c809a3f175
3a5df7e2369c9d65865d73410b0cac87e1b5a54c
b7c5a41dbd443dcb04231372b9ac63a3853d57e43941af5b22073693291099df
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 00:40:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.43.158.219101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.158.219:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5fR8l+fwwMVLRQvJF61N0Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZcuwH8FNIm6sRX5cSrSuOUx/794=
foldingillusions.com/wp-content/uploads/2021/12/FOTOFOLIO-OFERTA-1-1536x1152.png
82.223.33.49200 OK 2.9 MB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/12/FOTOFOLIO-OFERTA-1-1536x1152.png
IP 82.223.33.49:0
File type PNG image data, 1536 x 1152, 8-bit/color RGB, non-interlaced\012- data
Size 2.9 MB (2939045 bytes)
Hash 60f102bd7499a98d5fe54367bef9ca6c
56c3eda1573f135fe485d6e1b82061b89481007d
055c1799d889311d9e9eef0c6ea7509fe79b8f6d0484193c1e344297709159cd
GET /wp-content/uploads/2021/12/FOTOFOLIO-OFERTA-1-1536x1152.png HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: image/png
content-length: 2939045
last-modified: Wed, 08 Dec 2021 10:59:54 GMT
etag: "61b0902a-2cd8a5"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
82.223.33.49200 OK 77 kB URL HTTP/2 foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
IP 82.223.33.49:0
File type Web Open Font Format (Version 2), TrueType, length 76764, version 331.-31261\012- data
Hash f7307680c7fe85959f3ecf122493ea7d
fce0da592a3e536d6d5df5b50cb513398d8c5161
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:05 GMT
content-type: font/woff2
content-length: 76764
last-modified: Tue, 05 Oct 2021 17:32:29 GMT
etag: "615c8c2d-12bdc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/12/FOTOFOLIO-OFERTA-3-1536x1152.png
82.223.33.49200 OK 2.4 MB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/12/FOTOFOLIO-OFERTA-3-1536x1152.png
IP 82.223.33.49:0
File type PNG image data, 1536 x 1152, 8-bit/color RGB, non-interlaced\012- data
Size 2.4 MB (2366980 bytes)
Hash 82314374fd33635cc69d31bb1322a6da
bd7ebe95552fa433dd7fd2953c91fe2b4a117eca
e02fd65faee6e5872789dabd4669a309d430bf79662ea4489be75168c968e8a6
GET /wp-content/uploads/2021/12/FOTOFOLIO-OFERTA-3-1536x1152.png HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: image/png
content-length: 2366980
last-modified: Wed, 08 Dec 2021 11:00:28 GMT
etag: "61b0904c-241e04"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/worksans/v13/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8JoI3ZKyHqQg.woff
216.58.207.227200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/worksans/v13/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8JoI3ZKyHqQg.woff
IP 216.58.207.227:0
File type Web Open Font Format, TrueType, length 22980, version 1.1\012- data
Hash f2a7709803facad3132b46b739548369
7ae29ea1cc9e76acc69877d118fa5d4d61465b59
ca71ae7855c81379852da88328a11f97646e1aa1d38683c633c1d9dd28468355
GET /s/worksans/v13/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8JoI3ZKyHqQg.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 03 Jan 2023 16:33:08 GMT
expires: Wed, 03 Jan 2024 16:33:08 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 10 Nov 2021 18:06:11 GMT
content-type: font/woff
age: 115617
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm45xW0.woff
216.58.207.227200 OK 68 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm45xW0.woff
IP 216.58.207.227:0
File type Web Open Font Format, TrueType, length 68308, version 1.1\012- data
Hash f559455a2bb877b795730a2d1167f125
8792d78996b824aa89be7592babd6117a7cee3cc
977cced473e900f9f44d78171db812fc563ded25b7afc2b6e040b267eab566ca
GET /s/montserrat/v18/JTUSjIg1_i6t8kCHKm45xW0.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 68308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 03 Jan 2023 18:03:38 GMT
expires: Wed, 03 Jan 2024 18:03:38 GMT
cache-control: public, max-age=31536000
age: 110187
last-modified: Tue, 10 Aug 2021 00:19:54 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9vAA.woff
216.58.207.227200 OK 66 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9vAA.woff
IP 216.58.207.227:0
File type Web Open Font Format, TrueType, length 65492, version 1.1\012- data
Hash 08926d7a008503f9c640b1772c225476
6a57df5217d336599bdec757772025beb40c4536
c93f4332daa92f95a2c2446599d6cf9e87b00b20d60db827af63b0e4a3feb22b
GET /s/roboto/v29/KFOlCnqEu92Fr1MmEU9vAA.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 65492
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Dec 2022 15:21:25 GMT
expires: Sat, 30 Dec 2023 15:21:25 GMT
cache-control: public, max-age=31536000
age: 465520
last-modified: Wed, 22 Sep 2021 16:13:30 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE7g0.woff
216.58.207.227200 OK 68 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE7g0.woff
IP 216.58.207.227:0
File type Web Open Font Format, TrueType, length 68180, version 1.1\012- data
Hash 3f39d0942bc86b5d8cced884e1b00000
7e5e86e3d1d52935828ed1eec575cecd62da93d5
b97a40f9d7c840a361acec789c38ab643fdf4b3831c05a2a4087977acc202478
GET /s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE7g0.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 68180
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Dec 2022 14:28:28 GMT
expires: Sat, 30 Dec 2023 14:28:28 GMT
cache-control: public, max-age=31536000
age: 468697
last-modified: Tue, 10 Aug 2021 00:21:06 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff
82.223.33.49200 OK 16 kB URL HTTP/2 foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff
IP 82.223.33.49:0
File type Web Open Font Format, TrueType, length 16276, version 331.-31261\012- data
Hash 7124eb50fc8227c78269f2d995637ff5
d33d8b5b15b7bba2cc17190dc685fe0a76d2989e
14c9db4ff87fde08f67b0a69dd594bab6d87174812a0dbd34c59833bfed8cc0e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:05 GMT
content-type: application/font-woff
content-length: 16276
last-modified: Tue, 05 Oct 2021 17:32:29 GMT
etag: "615c8c2d-3f94"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Me5g.woff
216.58.207.227200 OK 65 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Me5g.woff
IP 216.58.207.227:0
File type Web Open Font Format, TrueType, length 65244, version 1.1\012- data
Hash 73f26bf98a715ecab4d2287ff3a02ad0
c6c8a2b7e67c182d77916cd2118b1b0d8a6ca549
55110586d3719c3e8bdaa21f06e4cc1c0a7451abbae662344cbd4411536b585f
GET /s/roboto/v29/KFOmCnqEu92Fr1Me5g.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 65244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Dec 2022 14:07:16 GMT
expires: Sat, 30 Dec 2023 14:07:16 GMT
cache-control: public, max-age=31536000
age: 469969
last-modified: Wed, 22 Sep 2021 16:13:22 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/icomoon.ttf
82.223.33.49200 OK 21 kB URL HTTP/2 foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/icomoon.ttf
IP 82.223.33.49:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Hash b628f37cfeac97148aafb864ca676f6a
71ae0dfae50d4087daa4755a396b914a62213bae
e70b68f603538e3d4d8eb4af3dc2ff84b99af56fb0af22fd5b94167639f30473
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/icomoon.ttf HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:05 GMT
content-type: application/font-sfnt
content-length: 20832
last-modified: Thu, 25 Feb 2021 06:51:06 GMT
etag: "603748da-5160"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-footer-5f3dc96a.min.js
82.223.33.49200 OK 239 kB URL HTTP/2 foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-footer-5f3dc96a.min.js
IP 82.223.33.49:0
File type ASCII text, with very long lines (39976)
Size 239 kB (239159 bytes)
Hash f6b6fbe1d936cdcf6a332e46b7ec9162
ac3d7277c79f2ccae812b823a721c0fe007b2b83
a01cf51c9e4c812071478b166b0b8c151ef653598b182b6077bc821ce2e470dc
Analyzer Verdict Alert fortinet Malware
GET /wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-footer-5f3dc96a.min.js HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: application/javascript
last-modified: Tue, 25 Jan 2022 23:22:07 GMT
etag: W/"61f0861f-af323"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff
82.223.33.49200 OK 102 kB URL HTTP/2 foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff
IP 82.223.33.49:0
File type Web Open Font Format, TrueType, length 101652, version 331.-31261\012- data
Size 102 kB (101652 bytes)
Hash 9fe5a17c8ab036d20e6c5ba3fd2ac511
52751432ded489dfdf27fb1cf64c570c4c27a1d7
74edc18b67c487e32f181719fdb347e2e77020744651f446e9acd7bd6821e2e7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:05 GMT
content-type: application/font-woff
content-length: 101652
last-modified: Tue, 05 Oct 2021 17:32:29 GMT
etag: "615c8c2d-18d14"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_bZF7g0.woff
216.58.207.227200 OK 68 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_bZF7g0.woff
IP 216.58.207.227:0
File type Web Open Font Format, TrueType, length 67920, version 1.1\012- data
Hash f5b5ac943a80d7e7aff13b8a651c15df
a9eabaf668d043bdd45c7b01119eff648b46e480
268377e98dea0d350cd21714107d0e0473baade9163f94322e2f97088682af5e
GET /s/montserrat/v18/JTURjIg1_i6t8kCHKm45_bZF7g0.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 67920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 01 Jan 2023 09:37:31 GMT
expires: Mon, 01 Jan 2024 09:37:31 GMT
cache-control: public, max-age=31536000
age: 313354
last-modified: Tue, 10 Aug 2021 00:20:42 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff
82.223.33.49200 OK 90 kB URL HTTP/2 foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff
IP 82.223.33.49:0
File type Web Open Font Format, TrueType, length 90060, version 331.-31261\012- data
Hash 099a9556e1a63ece24f8a99859c94c7d
5f8cab91347c553c1eb87f9b527f6bee8a28e40d
aff76e5c986f295d4bc6f8142a78e2a31888b101c2d025db89f79c75f64fd90b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:05 GMT
content-type: application/font-woff
content-length: 90060
last-modified: Tue, 05 Oct 2021 17:32:29 GMT
etag: "615c8c2d-15fcc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_cJD7g0.woff
216.58.207.227200 OK 68 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_cJD7g0.woff
IP 216.58.207.227:0
File type Web Open Font Format, TrueType, length 67596, version 1.1\012- data
Hash 7e09e547298d02b35fe04c76528b0a05
ab23ecb2265181abb5247feb0097bb16ee1f0f16
031a79b04005ef5553ea2cf39fae33fb4afffb3f7ebeed24c6f17495ac00e87f
GET /s/montserrat/v18/JTURjIg1_i6t8kCHKm45_cJD7g0.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 67596
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Dec 2022 09:51:37 GMT
expires: Sat, 30 Dec 2023 09:51:37 GMT
cache-control: public, max-age=31536000
age: 485308
last-modified: Tue, 10 Aug 2021 00:20:13 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/worksans/v13/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K3vXBi8JoI3ZKyHqQg.woff
216.58.207.227200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/worksans/v13/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K3vXBi8JoI3ZKyHqQg.woff
IP 216.58.207.227:0
File type Web Open Font Format, TrueType, length 23976, version 1.1\012- data
Hash 24fb4331b0e2ba0c12dabc947b1290df
faa2409a20a93a92fbaec6c70ad9680cd6c0d793
f533ccd7a731a34ea932467f4d7b1a42966981db0ada056392626037a4f03738
GET /s/worksans/v13/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K3vXBi8JoI3ZKyHqQg.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: font/woff
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23976
date: Thu, 05 Jan 2023 00:40:05 GMT
expires: Fri, 05 Jan 2024 00:40:05 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 10 Nov 2021 18:06:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/worksans/v13/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32KxfXBi8JoI3ZKyHqQg.woff
216.58.207.227200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/worksans/v13/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32KxfXBi8JoI3ZKyHqQg.woff
IP 216.58.207.227:0
File type Web Open Font Format, TrueType, length 23864, version 1.1\012- data
Hash d21e30f88d5335f5408ecbccabc7bba1
fbaad0a8796710505f2b622aa8cf0e8c90df8df1
bd236492f4bb8585df02bec0ffe0e7a88f8800de0aba3245eff81e3149a912a7
GET /s/worksans/v13/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32KxfXBi8JoI3ZKyHqQg.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: font/woff
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23864
date: Thu, 05 Jan 2023 00:40:05 GMT
expires: Fri, 05 Jan 2024 00:40:05 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 10 Nov 2021 18:06:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/worksans/v13/QGY9z_wNahGAdqQ43Rh_ebrnlwyYfEPxPoGU3ms5pIfeCSXCQOBc.woff
216.58.207.227200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/worksans/v13/QGY9z_wNahGAdqQ43Rh_ebrnlwyYfEPxPoGU3ms5pIfeCSXCQOBc.woff
IP 216.58.207.227:0
File type Web Open Font Format, TrueType, length 22308, version 1.1\012- data
Hash 5af9b5690ffb4be30a0c50a8fa2224e9
867410f8b98d0c381d1ca65f50bf36193c911e59
e78898bac6527c2e318556f5cdcec7816785e389fe892bcf29dbf8d051771fee
GET /s/worksans/v13/QGY9z_wNahGAdqQ43Rh_ebrnlwyYfEPxPoGU3ms5pIfeCSXCQOBc.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: font/woff
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22308
date: Thu, 05 Jan 2023 00:40:05 GMT
expires: Fri, 05 Jan 2024 00:40:05 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 10 Nov 2021 18:06:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5dcd3e3f6440384500af24c809a3f175
3a5df7e2369c9d65865d73410b0cac87e1b5a54c
b7c5a41dbd443dcb04231372b9ac63a3853d57e43941af5b22073693291099df
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 00:40:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.ttf
82.223.33.49200 OK 34 kB URL HTTP/2 foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.ttf
IP 82.223.33.49:0
File type TrueType Font data, 13 tables, 1st "FFTM", 28 names, Macintosh\012- data
Hash 1f77739ca9ff2188b539c36f30ffa2be
7d849a3981a716e2ba4a84634bc57d0b8054a6a3
c651b8a67d3193206f622c3c3b0fbca4a2f2727108c4212b52c1e2a2e84c9b31
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.ttf HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:05 GMT
content-type: application/font-sfnt
content-length: 33736
last-modified: Tue, 05 Oct 2021 17:32:29 GMT
etag: "615c8c2d-83c8"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.ttf
82.223.33.49200 OK 134 kB URL HTTP/2 foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.ttf
IP 82.223.33.49:0
File type TrueType Font data, 13 tables, 1st "FFTM", 28 names, Macintosh\012- data
Size 134 kB (134040 bytes)
Hash 3b89dd103490708d19a95adcae52210e
3fa2d67cef22da5c3f3eb5730c6afbd6fecf0372
06f4d00923ea24697df5df0b92984175991d8bd25776a02d531bb401e393ec42
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.ttf HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:05 GMT
content-type: application/font-sfnt
content-length: 134040
last-modified: Tue, 05 Oct 2021 17:32:29 GMT
etag: "615c8c2d-20b98"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.ttf
82.223.33.49200 OK 203 kB URL HTTP/2 foldingillusions.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.ttf
IP 82.223.33.49:0
File type TrueType Font data, 13 tables, 1st "FFTM", 28 names, Macintosh\012- data
Size 203 kB (202744 bytes)
Hash 605ed7926cf39a2ad5ec2d1f9d391d3d
c1b9fae262f42868c075ac865a8ab34920e20a2c
3d06af1f31cd83ace7a265a014b8fb5dee15770ecac8f7a55555190e627e03c2
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.ttf HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:05 GMT
content-type: application/font-sfnt
content-length: 202744
last-modified: Tue, 05 Oct 2021 17:32:29 GMT
etag: "615c8c2d-317f8"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 58948442ddd64838eb920cc977b5e9bc
046c6cbfcc225b422f92c45b2a387b5ffeb2fae0
b58c4d7ac58dd28ad1851641006e9d0a24cf4c683d70754418b67fd3d6e927b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2670
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 00:40:06 GMT
Last-Modified: Wed, 04 Jan 2023 23:55:36 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 58948442ddd64838eb920cc977b5e9bc
046c6cbfcc225b422f92c45b2a387b5ffeb2fae0
b58c4d7ac58dd28ad1851641006e9d0a24cf4c683d70754418b67fd3d6e927b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6215
Cache-Control: max-age=134883
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 00:40:06 GMT
Etag: "63b57002-1d7"
Expires: Fri, 06 Jan 2023 14:08:09 GMT
Last-Modified: Wed, 04 Jan 2023 12:24:34 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
foldingillusions.com/wp-content/uploads/sb-instagram-feed-images/322714576_732725847935314_6636018579088806530_n.webpfull.jpg
82.223.33.49200 OK 43 kB URL HTTP/1.1 foldingillusions.com/wp-content/uploads/sb-instagram-feed-images/322714576_732725847935314_6636018579088806530_n.webpfull.jpg
IP 82.223.33.49:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 990affb8ed1bb2e9cbf5bdb6ea678cde
1bd95f68d8a2b3b2219b74dac7e24715c3f31c04
e9bd656532e3b644d425a02baf7826b5047fb3e1bebd579e072d257904faec98
GET /wp-content/uploads/sb-instagram-feed-images/322714576_732725847935314_6636018579088806530_n.webpfull.jpg HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://foldingillusions.com/
Cookie: _ga_MP69GDNWHF=GS1.1.1672879195.1.0.1672879195.0.0.0; _ga=GA1.1.1579909504.1672879196
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 00:40:05 GMT
Content-Type: image/jpeg
Content-Length: 43021
Last-Modified: Mon, 02 Jan 2023 00:20:00 GMT
Connection: keep-alive
ETag: "63b22330-a80d"
X-Powered-By: PleskLin
Accept-Ranges: bytes
foldingillusions.com/wp-content/uploads/sb-instagram-feed-images/322468826_3480848398805859_7896723637123959952_n.webpfull.jpg
82.223.33.49200 OK 56 kB URL HTTP/1.1 foldingillusions.com/wp-content/uploads/sb-instagram-feed-images/322468826_3480848398805859_7896723637123959952_n.webpfull.jpg
IP 82.223.33.49:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x640, components 3\012- data
Hash fdd8d7d6b5b24b8efceec7ef7fc987ef
ac71edfb7629fb1a6cf86aa20fcd3c929a4cf9a2
4990b04f80f8ae8ffcd5a425942023cee6edffe4087274b8c29de4947e1895d4
GET /wp-content/uploads/sb-instagram-feed-images/322468826_3480848398805859_7896723637123959952_n.webpfull.jpg HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://foldingillusions.com/
Cookie: _ga_MP69GDNWHF=GS1.1.1672879195.1.0.1672879195.0.0.0; _ga=GA1.1.1579909504.1672879196
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 00:40:05 GMT
Content-Type: image/jpeg
Content-Length: 55563
Last-Modified: Mon, 02 Jan 2023 00:20:00 GMT
Connection: keep-alive
ETag: "63b22330-d90b"
X-Powered-By: PleskLin
Accept-Ranges: bytes
foldingillusions.com/wp-content/uploads/sb-instagram-feed-images/321766442_576602114476127_53711478090784234_n.webpfull.jpg
82.223.33.49200 OK 66 kB URL HTTP/1.1 foldingillusions.com/wp-content/uploads/sb-instagram-feed-images/321766442_576602114476127_53711478090784234_n.webpfull.jpg
IP 82.223.33.49:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x640, components 3\012- data
Hash 01de1cd9939b81ffc744dee9bc98f63c
d9d740d4b7af2608c43210501ec48482d8d2c257
2bbce84dabb0922fc6b1b1f2a458facc70918b243c9d53c34c1985f767667d14
GET /wp-content/uploads/sb-instagram-feed-images/321766442_576602114476127_53711478090784234_n.webpfull.jpg HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://foldingillusions.com/
Cookie: _ga_MP69GDNWHF=GS1.1.1672879195.1.0.1672879195.0.0.0; _ga=GA1.1.1579909504.1672879196
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 00:40:05 GMT
Content-Type: image/jpeg
Content-Length: 65883
Last-Modified: Wed, 28 Dec 2022 01:42:34 GMT
Connection: keep-alive
ETag: "63ab9f0a-1015b"
X-Powered-By: PleskLin
Accept-Ranges: bytes
foldingillusions.com/wp-content/uploads/sb-instagram-feed-images/322144504_409556938025424_3840788560934379269_n.webpfull.jpg
82.223.33.49200 OK 65 kB URL HTTP/1.1 foldingillusions.com/wp-content/uploads/sb-instagram-feed-images/322144504_409556938025424_3840788560934379269_n.webpfull.jpg
IP 82.223.33.49:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x640, components 3\012- data
Hash 5ad8c69584c7af7c5c97991dea08c2cf
d08cfe8f00cca242f351eacd8ccc399713f3512a
fc094473b6f6d2bb275ce3a707ca65269bd8d528c1cd37176bccf8c2566aff90
GET /wp-content/uploads/sb-instagram-feed-images/322144504_409556938025424_3840788560934379269_n.webpfull.jpg HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://foldingillusions.com/
Cookie: _ga_MP69GDNWHF=GS1.1.1672879195.1.0.1672879195.0.0.0; _ga=GA1.1.1579909504.1672879196
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Jan 2023 00:40:05 GMT
Content-Type: image/jpeg
Content-Length: 65256
Last-Modified: Wed, 28 Dec 2022 18:49:46 GMT
Connection: keep-alive
ETag: "63ac8fca-fee8"
X-Powered-By: PleskLin
Accept-Ranges: bytes
foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-brands-400.woff2
82.223.33.49200 OK 78 kB URL HTTP/2 foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-brands-400.woff2
IP 82.223.33.49:0
File type Web Open Font Format (Version 2), TrueType, length 78532, version 331.-31458\012- data
Hash 79dced08c62eddd969d92c9f58987a33
262c9c0e4848466e73ad4757ddaab6e168eaef81
0a80acfa0f85d8ea233785ca14b0dd030dbe7ed229b00bc754b55dae39c7a106
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: font/woff2
content-length: 78532
last-modified: Thu, 25 Feb 2021 06:51:06 GMT
etag: "603748da-132c4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-regular-400.woff2
82.223.33.49200 OK 14 kB URL HTTP/2 foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-regular-400.woff2
IP 82.223.33.49:0
File type Web Open Font Format (Version 2), TrueType, length 13584, version 331.-31458\012- data
Hash c940f62026ba5a202238ec177cce01a5
62edc86975d56aa66873803baf0582c2ab36cef5
41dc4f99f4101a4ae7956b5c23c2d40e04ffb928c7ebd989658d950b4e2f7c5d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: font/woff2
content-length: 13584
last-modified: Thu, 25 Feb 2021 06:51:06 GMT
etag: "603748da-3510"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.woff2
82.223.33.49200 OK 80 kB URL HTTP/2 foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.woff2
IP 82.223.33.49:0
File type Web Open Font Format (Version 2), TrueType, length 80272, version 331.-31458\012- data
Hash 3bb4d4ff63186a8caf433d3d3a022d49
023d6411b150baea1ec6784dcb2888577d95f13e
75f5349190725c85b426fdb66c683beb21b7804792d0770a9e84b28e7ace5d28
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: font/woff2
content-length: 80272
last-modified: Thu, 25 Feb 2021 06:51:06 GMT
etag: "603748da-13990"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 58948442ddd64838eb920cc977b5e9bc
046c6cbfcc225b422f92c45b2a387b5ffeb2fae0
b58c4d7ac58dd28ad1851641006e9d0a24cf4c683d70754418b67fd3d6e927b0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2670
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 00:40:06 GMT
Last-Modified: Wed, 04 Jan 2023 23:55:36 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-brands-400.woff
82.223.33.49200 OK 92 kB URL HTTP/2 foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-brands-400.woff
IP 82.223.33.49:0
File type Web Open Font Format, TrueType, length 92216, version 331.-31458\012- data
Hash a6d5b6e21f0c0ce5d05dd9d2aa644c9f
a2e0949835d3ae7f3c990f8eb6a8f3629a1ddacc
64351d3323461bde0c1eb9b70137cd643892fb72aea6cc5ecd4d4f102eb5f79d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-brands-400.woff HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: application/font-woff
content-length: 92216
last-modified: Thu, 25 Feb 2021 06:51:06 GMT
etag: "603748da-16838"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-regular-400.woff
82.223.33.49200 OK 17 kB URL HTTP/2 foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-regular-400.woff
IP 82.223.33.49:0
File type Web Open Font Format, TrueType, length 16776, version 331.-31458\012- data
Hash b7995ffca32ee27012b039e79a9dad06
0a5d9e8e13305c8d75b81ab5c3438d9a7e9a6279
8b01a186e17207b605f5f037815f82b62a37fcb4804b2d46eae10e316b78a9c5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-regular-400.woff HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: application/font-woff
content-length: 16776
last-modified: Thu, 25 Feb 2021 06:51:06 GMT
etag: "603748da-4188"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/10/pexels-cottonbro-6074059-min-scaled.jpg
82.223.33.49200 OK 669 kB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/10/pexels-cottonbro-6074059-min-scaled.jpg
IP 82.223.33.49:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2560x1706, components 3\012- data
Size 669 kB (669045 bytes)
Hash fab1e80275a740da6448d418fdae8cab
ac2d99fb819c76dd102b8d4c8e0b7ecef0d21541
81ae6c7f2b780383177691f80bc5b7bc6837846034085e96e28f269201f7e307
GET /wp-content/uploads/2021/10/pexels-cottonbro-6074059-min-scaled.jpg HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: image/jpeg
content-length: 669045
last-modified: Wed, 06 Oct 2021 11:06:33 GMT
etag: "615d8339-a3575"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/10/pexels-tatiana-3312232-min-scaled.jpg
82.223.33.49200 OK 556 kB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/10/pexels-tatiana-3312232-min-scaled.jpg
IP 82.223.33.49:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2560x1707, components 3\012- data
Size 556 kB (556351 bytes)
Hash 96d97000b6c7d66989ec1fcb3a114eee
d6b32f46aa15a720b10e2c32e37d455caa256e0c
fb1b392a80603d6be6a498277dc2710ef46eb9c23eafa5c525773746f5b863c1
GET /wp-content/uploads/2021/10/pexels-tatiana-3312232-min-scaled.jpg HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: image/jpeg
content-length: 556351
last-modified: Wed, 06 Oct 2021 11:02:12 GMT
etag: "615d8234-87d3f"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
scontent-ecv1-1.cdninstagram.com/v/t51.29350-15/323182961_200666755810964_8662682442832134738_n.jpg?_nc_cat=110&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=iuLxImvA7-IAX_DKzoU&_nc_ht=scontent-ecv1-1.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AfBFh_jGCi4H2aX6ve2OBAmOjD6_ILhyIIsVastGUe1pFw&oe=63BB96F0
179.60.193.63200 OK 181 kB URL HTTP/2 scontent-ecv1-1.cdninstagram.com/v/t51.29350-15/323182961_200666755810964_8662682442832134738_n.jpg?_nc_cat=110&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=iuLxImvA7-IAX_DKzoU&_nc_ht=scontent-ecv1-1.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AfBFh_jGCi4H2aX6ve2OBAmOjD6_ILhyIIsVastGUe1pFw&oe=63BB96F0
IP 179.60.193.63:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size 181 kB (181081 bytes)
Hash 3ffb1c14c8fc23ee7d822f8871650876
7436b037f7bac5d4c01e0edde2e851914fbf6d73
cfb5ae4ac0d68a16ea0707269316a6cc25ec139cd8d29677d2b8058a5f21e5f8
GET /v/t51.29350-15/323182961_200666755810964_8662682442832134738_n.jpg?_nc_cat=110&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=iuLxImvA7-IAX_DKzoU&_nc_ht=scontent-ecv1-1.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AfBFh_jGCi4H2aX6ve2OBAmOjD6_ILhyIIsVastGUe1pFw&oe=63BB96F0 HTTP/1.1
Host: scontent-ecv1-1.cdninstagram.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Tue, 03 Jan 2023 17:18:09 GMT
content-type: image/jpeg
x-haystack-needlechecksum: 3286211409
x-needle-checksum: 4207902976
content-digest: adler32=4207902976
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
accept-ranges: bytes
content-length: 181081
x-fb-trip-id: 1679558926
date: Thu, 05 Jan 2023 00:40:06 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.woff
82.223.33.49200 OK 104 kB URL HTTP/2 foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.woff
IP 82.223.33.49:0
File type Web Open Font Format, TrueType, length 104284, version 331.-31458\012- data
Size 104 kB (104284 bytes)
Hash c48d0f239282bb3a0856a4817fa2a5c2
bd4c2e3e55397c69b35b9f1947aa72beedd45651
26701523bfc95c31e4c3a5dbd73943ca1dd4c99a1f2dbc5b48a589943d1afb99
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.woff HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: application/font-woff
content-length: 104284
last-modified: Thu, 25 Feb 2021 06:51:06 GMT
etag: "603748da-1975c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-brands-400.ttf
82.223.33.49200 OK 137 kB URL HTTP/2 foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-brands-400.ttf
IP 82.223.33.49:0
File type TrueType Font data, 13 tables, 1st "FFTM", 28 names, Macintosh\012- data
Size 137 kB (136576 bytes)
Hash dbec1b4af0117cdc7c7a76090903fe77
95567ff8d60e2dffe34d11179086353416441235
3cd97d0d065ef9165afb2966faa989cb143cc14397ea07db7ccbdffe461377f9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-brands-400.ttf HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: application/font-sfnt
content-length: 136576
last-modified: Thu, 25 Feb 2021 06:51:06 GMT
etag: "603748da-21580"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-regular-400.ttf
82.223.33.49200 OK 34 kB URL HTTP/2 foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-regular-400.ttf
IP 82.223.33.49:0
File type TrueType Font data, 13 tables, 1st "FFTM", 28 names, Macintosh\012- data
Hash 547429d0f054fe33407e57011ca9ab26
8dcc0c72c424c439b0393ca60bcf08d25db9ae99
e54356ac02b129240597fdbb5452a9bed10b923f2f658cd2f44c4e56270cdb05
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-regular-400.ttf HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: application/font-sfnt
content-length: 34052
last-modified: Thu, 25 Feb 2021 06:51:06 GMT
etag: "603748da-8504"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
scontent-ecv1-1.cdninstagram.com/v/t51.29350-15/323841195_839534147589535_7497400786146881262_n.jpg?_nc_cat=106&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=82WMNG-BVlQAX9qaBRM&_nc_ht=scontent-ecv1-1.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AfAIxpl4E22zTK3ZCPxogn21KNRMol9Q-LqU0mh_anzPAw&oe=63BAFA48
179.60.193.63200 OK 189 kB URL HTTP/2 scontent-ecv1-1.cdninstagram.com/v/t51.29350-15/323841195_839534147589535_7497400786146881262_n.jpg?_nc_cat=106&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=82WMNG-BVlQAX9qaBRM&_nc_ht=scontent-ecv1-1.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AfAIxpl4E22zTK3ZCPxogn21KNRMol9Q-LqU0mh_anzPAw&oe=63BAFA48
IP 179.60.193.63:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1912x1080, components 3\012- data
Size 189 kB (189429 bytes)
Hash 9274675fda324e7603cf031938506780
d6bb91b15818ccdcd259e8b18b78e429f1082c90
70dc218ba39335b92487c4ec5220bca293b1d1060b407433c5e1157a91212ccd
GET /v/t51.29350-15/323841195_839534147589535_7497400786146881262_n.jpg?_nc_cat=106&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=82WMNG-BVlQAX9qaBRM&_nc_ht=scontent-ecv1-1.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AfAIxpl4E22zTK3ZCPxogn21KNRMol9Q-LqU0mh_anzPAw&oe=63BAFA48 HTTP/1.1
Host: scontent-ecv1-1.cdninstagram.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
content-length: 189429
last-modified: Wed, 04 Jan 2023 18:38:26 GMT
content-type: image/jpeg
x-haystack-needlechecksum: 1752854281
x-needle-checksum: 2375298812
content-digest: adler32=2375298812
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
accept-ranges: bytes
x-fb-trip-id: 1679558926
date: Thu, 05 Jan 2023 00:40:06 GMT
x-fb-edge-debug: 85sxh7niQzChOM1Y70HwQAnK-Xp7S7fVPiD7rezAijrrIGjKSbhsDQ85fUpCowHbpH7udIWQZWBOtBpNH1NPrDMYiQJDgL7P6z4Jp_yaMw8
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 872ad13c3966689cbd481bebca0b21f8
2a052c414b68b9e71b00fa3903995e8bdd22a81c
bd2222d291deec7ba01875b7ddfd0d27de71e68fc600057fb3d1fa9394aa46fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD2222D291DEEC7BA01875B7DDFD0D27DE71E68FC600057FB3D1FA9394AA46FA"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21531
Expires: Thu, 05 Jan 2023 06:38:57 GMT
Date: Thu, 05 Jan 2023 00:40:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 872ad13c3966689cbd481bebca0b21f8
2a052c414b68b9e71b00fa3903995e8bdd22a81c
bd2222d291deec7ba01875b7ddfd0d27de71e68fc600057fb3d1fa9394aa46fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD2222D291DEEC7BA01875B7DDFD0D27DE71E68FC600057FB3D1FA9394AA46FA"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21531
Expires: Thu, 05 Jan 2023 06:38:57 GMT
Date: Thu, 05 Jan 2023 00:40:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 872ad13c3966689cbd481bebca0b21f8
2a052c414b68b9e71b00fa3903995e8bdd22a81c
bd2222d291deec7ba01875b7ddfd0d27de71e68fc600057fb3d1fa9394aa46fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD2222D291DEEC7BA01875B7DDFD0D27DE71E68FC600057FB3D1FA9394AA46FA"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21531
Expires: Thu, 05 Jan 2023 06:38:57 GMT
Date: Thu, 05 Jan 2023 00:40:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 872ad13c3966689cbd481bebca0b21f8
2a052c414b68b9e71b00fa3903995e8bdd22a81c
bd2222d291deec7ba01875b7ddfd0d27de71e68fc600057fb3d1fa9394aa46fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD2222D291DEEC7BA01875B7DDFD0D27DE71E68FC600057FB3D1FA9394AA46FA"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21531
Expires: Thu, 05 Jan 2023 06:38:57 GMT
Date: Thu, 05 Jan 2023 00:40:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02a9375cec16bfe696766c8d373d9b54
2167c2f197dd44558ac2dea500d8b6b3cfa50e83
6f94fe0c817b031d913d53fee6b317148bdabea044102b8f0c9df8a3737d59f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10696
x-amzn-requestid: 2117681b-ee8b-4881-b860-087a8662a3c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7xM1FK7oAMFd4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae2f1e-5a3648ba2ac7ba01177f361d;Sampled=0
x-amzn-remapped-date: Fri, 30 Dec 2022 00:21:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: p4EQ0DgVF1JVg9r4rzbQsRzgFgqX3Ke8tWzeUHAXGXrawUAhssi71A==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 07:38:33 GMT
age: 61293
etag: "2167c2f197dd44558ac2dea500d8b6b3cfa50e83"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-MP69GDNWHF>m=2oebu0&_p=979101732&gdid=dZTNiMT&cid=1579909504.1672879196&ul=en-us&sr=1280x1024&_s=1&sid=1672879195&sct=1&seg=0&dl=http%3A%2F%2Ffoldingillusions.com%2F&dt=Folding%20Illusions%20I%20%C3%81lbumes%20de%20fotos%20hechos%20a%20mano&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-MP69GDNWHF>m=2oebu0&_p=979101732&gdid=dZTNiMT&cid=1579909504.1672879196&ul=en-us&sr=1280x1024&_s=1&sid=1672879195&sct=1&seg=0&dl=http%3A%2F%2Ffoldingillusions.com%2F&dt=Folding%20Illusions%20I%20%C3%81lbumes%20de%20fotos%20hechos%20a%20mano&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-MP69GDNWHF>m=2oebu0&_p=979101732&gdid=dZTNiMT&cid=1579909504.1672879196&ul=en-us&sr=1280x1024&_s=1&sid=1672879195&sct=1&seg=0&dl=http%3A%2F%2Ffoldingillusions.com%2F&dt=Folding%20Illusions%20I%20%C3%81lbumes%20de%20fotos%20hechos%20a%20mano&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://foldingillusions.com
date: Thu, 05 Jan 2023 00:40:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28d8d17-c213-4b59-b3b0-f11bc3704d76.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28d8d17-c213-4b59-b3b0-f11bc3704d76.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2d5fd3704dbf625d579635e2993692ac
9c87bef027efab0b3fb75240ec857831ebdf7732
e58a7e70d00b80cd14227c70c4a3c12d434de4fd200e3f22401934148f0a8c45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28d8d17-c213-4b59-b3b0-f11bc3704d76.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8494
x-amzn-requestid: 01afadb6-7a9d-4ebe-8d45-96c93306437a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ePKyuF6qIAMFSdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5f1aa-132ce1cb79ecb85530b06efe;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 21:37:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gCnH9byGALxKb21cD6Eqw_Rg0EogxhZvdZx5hDsepCzLUUTor5-GGA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 21:54:15 GMT
age: 9951
etag: "9c87bef027efab0b3fb75240ec857831ebdf7732"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64c5d475-3153-467d-adb9-7187fd47e2e2.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64c5d475-3153-467d-adb9-7187fd47e2e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 01344b4dc7ce7b28acfc81aa36c7e88a
8482062315fe3251d47722e1df723555bd18d262
68f5bc4ae2c0ffd384c61442515711a0d3ef300f2898cc610a9b70a1ba78e775
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64c5d475-3153-467d-adb9-7187fd47e2e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5443
x-amzn-requestid: 600f3682-bfaf-4e00-8636-a075d5bda623
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eJVYAEYrIAMFl5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b39c33-792df8cc005d1ad5528a35d7;Sampled=0
x-amzn-remapped-date: Tue, 03 Jan 2023 03:08:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UorP_k4N65hwuggLXIZ6qyX4cumhoL5_ahxQQF4bOyp7sKJwow11Uw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 03:36:23 GMT
age: 75823
etag: "8482062315fe3251d47722e1df723555bd18d262"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4b3f51e-7201-449c-bafd-6691bfdcc3ca.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4b3f51e-7201-449c-bafd-6691bfdcc3ca.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5606a32ed5935df2456542509faa2c62
e0dc893a7ea83a60e6ed085052c2ccaa08dd1db9
f851cb63b9f5be987ac53ecdd616f7651ccc13c4494d7a9819f82827133319fa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4b3f51e-7201-449c-bafd-6691bfdcc3ca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6361
x-amzn-requestid: 927f8ca4-205c-413b-bcf0-15f326520564
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ePKz5F_2oAMFlzQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5f1b2-654b3cef7115fea07fa60a94;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 21:37:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5G0rTZ1ZVVfvW8PPObuPVGBkc9uikExQpJiS-gBgdEGvtqfaQPKDxA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 21:58:15 GMT
age: 9711
etag: "e0dc893a7ea83a60e6ed085052c2ccaa08dd1db9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5a657be-81af-4d2c-9568-aee5876c48e0.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5a657be-81af-4d2c-9568-aee5876c48e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6b5700cf82b61ea38a5ad19aba19a8f9
0cf764c822da089fe5ca34108ab1411bf3ac959e
56fc14e57bc80952d476a542bd19fdc16f7773f33bb57fd225ab125587a2fc7c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5a657be-81af-4d2c-9568-aee5876c48e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6264
x-amzn-requestid: 080167f0-5818-48f1-9612-67862c64a3d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eGmY1GB_IAMFW6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b28438-44153184754f6afd2f512a8b;Sampled=0
x-amzn-remapped-date: Mon, 02 Jan 2023 07:14:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -NiIptkIBRwNTsKYq9NXrXayzV4Kgq8wlAIFCIor4OBVWYySBS4eYg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 08:17:53 GMT
age: 58933
etag: "0cf764c822da089fe5ca34108ab1411bf3ac959e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa32e61e5-fcf0-4825-a1bf-ea145dd3ae6c.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa32e61e5-fcf0-4825-a1bf-ea145dd3ae6c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4cecd6a1a228ac55f193a180229d3a33
9e5fd5a101828d5491305deb539dc5836c5b3065
7bbd9e261625c2d2a700a817c2f10b779c8463baacda02f9f34161c08487ca31
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa32e61e5-fcf0-4825-a1bf-ea145dd3ae6c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8721
x-amzn-requestid: 8e0c9bb9-d00e-47dc-8847-7e94edf1fae2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eAA8tEPwIAMF6sg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63afe1ea-32a8c3572fabb11d35d0ca8c;Sampled=0
x-amzn-remapped-date: Sat, 31 Dec 2022 07:16:58 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: wL4yI6X5FFE7MTEuxkfmgR8OGTxhca6zQBPxJXjiRSAmzYGefL_ZYw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 0ec9ddba08fcd99386924593dbdbd44a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 07:31:52 GMT
age: 61694
etag: "9e5fd5a101828d5491305deb539dc5836c5b3065"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 04 Jan 2023 23:34:02 GMT
expires: Thu, 05 Jan 2023 01:34:02 GMT
cache-control: public, max-age=7200
age: 3964
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/11/cropped-Logo_Folding_Illusions-192x192.png
82.223.33.49200 OK 8.2 kB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/11/cropped-Logo_Folding_Illusions-192x192.png
IP 82.223.33.49:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash 40df24a24d61b60d31cb777c1b63af2e
9afbe17d8b41f6f141a194a4466e4d1a7a270ee9
02d5e0ed2f4a1c1dcc24bee7d424531261d5529b6135904f10e3d5b8a2c04e55
GET /wp-content/uploads/2021/11/cropped-Logo_Folding_Illusions-192x192.png HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: image/png
content-length: 8164
last-modified: Tue, 23 Nov 2021 12:53:12 GMT
etag: "619ce438-1fe4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/11/cropped-Logo_Folding_Illusions-32x32.png
82.223.33.49200 OK 1.2 kB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/11/cropped-Logo_Folding_Illusions-32x32.png
IP 82.223.33.49:0
File type PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced\012- data
Hash d8f72e1d65df907322448fb4e6fdf530
a618d7d998fef24802759ba07ae988956bc3c6b9
d27a3b1c908861c13b7d14808f98017e7faec16cd4a487d6d65875cf7fb2b024
GET /wp-content/uploads/2021/11/cropped-Logo_Folding_Illusions-32x32.png HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: image/png
content-length: 1178
last-modified: Tue, 23 Nov 2021 12:53:12 GMT
etag: "619ce438-49a"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/01/logox2-1.png
82.223.33.49200 OK 34 kB URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/01/logox2-1.png
IP 82.223.33.49:0
File type PNG image data, 300 x 323, 8-bit/color RGBA, non-interlaced\012- data
Hash 7e0500f407eec1099385570e0da721bb
7643b29df83055477145d20b5b21e6ef0d1551f1
0afb569855fbd0d87f890112ec4031808f3bca0f6b79dcde200fffe46ce6553f
GET /wp-content/uploads/2021/01/logox2-1.png HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:08 GMT
content-type: image/png
content-length: 33797
last-modified: Thu, 25 Feb 2021 06:51:07 GMT
etag: "603748db-8405"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/?wc-ajax=get_refreshed_fragments
82.223.33.49301 Moved Permanently 0 B URL HTTP/1.1 foldingillusions.com/?wc-ajax=get_refreshed_fragments
IP 82.223.33.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: http://foldingillusions.com/
Cookie: _ga_MP69GDNWHF=GS1.1.1672879195.1.0.1672879195.0.0.0; _ga=GA1.1.1579909504.1672879196
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 05 Jan 2023 00:40:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
WPO-Cache-Status: not cached
WPO-Cache-Message: The request method was not GET (POST), In the settings, caching is disabled for matches for one of the current request's GET parameters
X-Redirect-By: WordPress
Location: https://foldingillusions.com/?wc-ajax=get_refreshed_fragments
X-Powered-By: PHP/7.3.33, PleskLin
foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.ttf
82.223.33.49200 OK 0 B URL HTTP/2 foldingillusions.com/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.ttf
IP 82.223.33.49:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.ttf HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: https://foldingillusions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:06 GMT
content-type: application/font-sfnt
content-length: 204528
last-modified: Thu, 25 Feb 2021 06:51:06 GMT
etag: "603748da-31ef0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
foldingillusions.com/?wc-ajax=get_refreshed_fragments
82.223.33.49200 OK 0 B URL HTTP/2 foldingillusions.com/?wc-ajax=get_refreshed_fragments
IP 82.223.33.49:0
Analyzer Verdict Alert fortinet Malware
OPTIONS /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Referer: http://foldingillusions.com/
Origin: http://foldingillusions.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:10 GMT
content-type: text/html; charset=UTF-8
wpo-cache-status: not cached
wpo-cache-message: The request method was not GET (OPTIONS), In the settings, caching is disabled for matches for one of the current request's GET parameters
access-control-allow-origin: http://foldingillusions.com
access-control-allow-credentials: true
x-powered-by: PHP/7.3.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-header-56432496.min.js
82.223.33.49200 OK 0 B URL HTTP/2 foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-header-56432496.min.js
IP 82.223.33.49:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-header-56432496.min.js HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: application/javascript
last-modified: Wed, 08 Dec 2021 11:29:14 GMT
etag: W/"61b0970a-5b529"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-header-26c75ab0.min.css
82.223.33.49200 OK 0 B URL HTTP/2 foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-header-26c75ab0.min.css
IP 82.223.33.49:0
GET /wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-header-26c75ab0.min.css HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: text/css
last-modified: Wed, 08 Dec 2021 11:32:49 GMT
etag: W/"61b097e1-182a97"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-header-27134c07.min.css
82.223.33.49200 OK 0 B URL HTTP/2 foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-header-27134c07.min.css
IP 82.223.33.49:0
GET /wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-header-27134c07.min.css HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: text/css
last-modified: Wed, 02 Nov 2022 09:42:42 GMT
etag: W/"63623b92-45893"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-footer-8de213aa.min.css
82.223.33.49200 OK 0 B URL HTTP/2 foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-footer-8de213aa.min.css
IP 82.223.33.49:0
GET /wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-footer-8de213aa.min.css HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: text/css
last-modified: Wed, 08 Dec 2021 11:32:50 GMT
etag: W/"61b097e2-182ae"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/10/pexels-cottonbro-6667305-scaled.jpg
82.223.33.49301 Moved Permanently 0 B URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/10/pexels-cottonbro-6667305-scaled.jpg
IP 82.223.33.49:0
GET /wp-content/uploads/2021/10/pexels-cottonbro-6667305-scaled.jpg HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 05 Jan 2023 00:40:08 GMT
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: Rank Math SEO
location: https://foldingillusions.com
x-powered-by: PHP/7.3.33, PleskLin
X-Firefox-Spdy: h2
foldingillusions.com/wp-admin/admin-ajax.php
82.223.33.49200 OK 0 B URL HTTP/2 foldingillusions.com/wp-admin/admin-ajax.php
IP 82.223.33.49:0
Analyzer Verdict Alert fortinet Malware
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 211
Origin: http://foldingillusions.com
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:09 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: http://foldingillusions.com
access-control-allow-credentials: true
x-robots-tag: noindex
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-powered-by: PHP/7.3.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-footer-00440e2f.min.js
82.223.33.49200 OK 0 B URL HTTP/2 foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-footer-00440e2f.min.js
IP 82.223.33.49:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-footer-00440e2f.min.js HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://foldingillusions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:04 GMT
content-type: application/javascript
last-modified: Wed, 08 Dec 2021 11:32:50 GMT
etag: W/"61b097e2-11403"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
foldingillusions.com/wp-content/uploads/2021/12/andris-romanovskis-267865-unsplash.jpg
82.223.33.49200 OK 0 B URL HTTP/2 foldingillusions.com/wp-content/uploads/2021/12/andris-romanovskis-267865-unsplash.jpg
IP 82.223.33.49:0
GET /wp-content/uploads/2021/12/andris-romanovskis-267865-unsplash.jpg HTTP/1.1
Host: foldingillusions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://foldingillusions.com/wp-content/cache/wpo-minify/1638962926/assets/wpo-minify-header-26c75ab0.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 00:40:05 GMT
content-type: image/jpeg
content-length: 339469
last-modified: Wed, 08 Dec 2021 10:43:51 GMT
etag: "61b08c67-52e0d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2