r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 96defe1601ba891731eee83f0830649d
ba500679fd337488c3f60543561740ff0dfc1898
d2a320a9feb1a874af3da921db2a8619513968724ef8eb0715c010291c4cf8d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2A320A9FEB1A874AF3DA921DB2A8619513968724EF8EB0715C010291C4CF8D9"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3253
Expires: Mon, 26 Dec 2022 04:40:11 GMT
Date: Mon, 26 Dec 2022 03:45:58 GMT
Connection: keep-alive
thewaxingfactory.com/
66.96.147.112301 Moved Permanently 246 B IP 66.96.147.112:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 277fe4ea24beb7142c293b64c8bd305a
d4d68d4fea33e3ed7fa0cdc809ec46c2326fc031
b37ae78efe7df03854780b33a39de225c6d6b491f4f63de87bb277806f053e75
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: thewaxingfactory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 26 Dec 2022 03:45:57 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 246
Connection: keep-alive
Server: Apache/2
Location: http://thewaxingfactory.com/index.html
Cache-Control: max-age=3600
Expires: Mon, 26 Dec 2022 04:45:58 GMT
Age: 0
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9cce060ddc316540d079e6816a1e7412
709a74969d1996d2b35ef0f7f34ae18455169f1e
6d58b895476c9ab451d8fc51df98809adca445bc6e9d720430e80a0c85242879
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D58B895476C9AB451D8FC51DF98809ADCA445BC6E9D720430E80A0C85242879"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5404
Expires: Mon, 26 Dec 2022 05:16:02 GMT
Date: Mon, 26 Dec 2022 03:45:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 26 Dec 2022 02:46:27 GMT
content-type: application/json
age: 3571
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6b1d63d9d906daa309dc263b4991bbe9
04680ddd86781d46dfe6a9671571b3ad1f3758f3
46fff7230b88de4cd81dfb0feb783d2dec27e49041f9257d2fb891030781bf6c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46FFF7230B88DE4CD81DFB0FEB783D2DEC27E49041F9257D2FB891030781BF6C"
Last-Modified: Fri, 23 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11694
Expires: Mon, 26 Dec 2022 07:00:52 GMT
Date: Mon, 26 Dec 2022 03:45:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 5Sik/uyHA7W9i2nbvZUXdxB6UOC6W2QgcLrKF74YwWXJmXomENsMTks/iNfokT/rJHVb0/qIQEw=
x-amz-request-id: PDFQ9XBZN5CGJ6H7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 26 Dec 2022 02:55:09 GMT
age: 3049
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Dec 2022 03:45:58 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
thewaxingfactory.com/index.html
66.96.147.112200 OK 20 kB URL HTTP/1.1 thewaxingfactory.com/index.html
IP 66.96.147.112:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1350)
Hash 9d4f91040bd9f5d49ef70d01447a7c40
92e235c2c1fa9b50dc73769eef66f7c954769851
6cdb786e0f36ba46f6467197c226d74553023b135601577371e32a6d9e47985b
Analyzer Verdict Alert fortinet Malware
GET /index.html HTTP/1.1
Host: thewaxingfactory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 03:45:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 20478
Connection: keep-alive
Server: Apache/2
Last-Modified: Sun, 25 Dec 2022 01:31:45 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Etag: "4ffe-5f09cfb4a0bbe"
Expires: Mon, 26 Dec 2022 04:45:58 GMT
Age: 0
fonts.googleapis.com/css?family=Gentium+Basic:400,700,400italic,700italic&subset=latin,latin-ext
142.250.74.106200 OK 455 B URL HTTP/1.1 fonts.googleapis.com/css?family=Gentium+Basic:400,700,400italic,700italic&subset=latin,latin-ext
IP 142.250.74.106:0
Hash 8955f61f007b5180b2236ae60ce3fa3a
aea4f9cfcba95f2fd332ff56ae8105aa0eff1522
c3b5d27e233d937b319c71d357d5e7f1f3e816ff2dae6d11357b3d3dee29f05c
GET /css?family=Gentium+Basic:400,700,400italic,700italic&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 26 Dec 2022 03:45:58 GMT
Date: Mon, 26 Dec 2022 03:45:58 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Raleway:400,300,200,700&subset=latin,latin-ext
142.250.74.106200 OK 572 B URL HTTP/1.1 fonts.googleapis.com/css?family=Raleway:400,300,200,700&subset=latin,latin-ext
IP 142.250.74.106:0
Hash 2fa81690e41b4d84141465c6ad385eef
5c9d04e11dc99c2d3e6028f73ff93dad9f337d58
fb4625e08d2005e21d7294dab87bc601e2360ae54f8921470fca000cd5f8ec4f
GET /css?family=Raleway:400,300,200,700&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 26 Dec 2022 03:45:58 GMT
Date: Mon, 26 Dec 2022 03:45:58 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Playfair+Display:400,700,400italic,700italic&subset=latin,latin-ext
142.250.74.106200 OK 558 B URL HTTP/1.1 fonts.googleapis.com/css?family=Playfair+Display:400,700,400italic,700italic&subset=latin,latin-ext
IP 142.250.74.106:0
Hash de2df5765e9a8a64221d1bef18ff7825
6ba2e1fc90d3b8d134761cc55c21c84a8cf0fe3b
43737a44af8b68628ee3ef39ecab4749dfd0ca4808e78fdec75bc7be7d96a387
GET /css?family=Playfair+Display:400,700,400italic,700italic&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 26 Dec 2022 03:45:58 GMT
Date: Mon, 26 Dec 2022 03:45:58 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Montserrat:400,700&subset=latin,latin-ext
142.250.74.106200 OK 521 B URL HTTP/1.1 fonts.googleapis.com/css?family=Montserrat:400,700&subset=latin,latin-ext
IP 142.250.74.106:0
Hash b52e405858cd07e929b5387c0ed0d1de
8dc157b5ece5222f0f175eee9379a699dee76cd8
e289bd897465ef8c6c74d81d09ee98cf500d744073df727158f6323caf335547
GET /css?family=Montserrat:400,700&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 26 Dec 2022 03:45:58 GMT
Date: Mon, 26 Dec 2022 03:45:58 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic&subset=latin,latin-ext
142.250.74.106200 OK 603 B URL HTTP/1.1 fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic&subset=latin,latin-ext
IP 142.250.74.106:0
Hash 12c9e8dd24f193e282f3e350296740b4
af62d74779c35a32dac013fdd63143d236069edf
1e50404b012030e1101f29006d7caadceeaf8e1c7aeab508113a1ec23da16f66
GET /css?family=Lora:400,700,400italic,700italic&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 26 Dec 2022 03:45:58 GMT
Date: Mon, 26 Dec 2022 03:45:58 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
cdn2.editmysite.com/fonts/Saginaw/font.css?2
151.101.129.46200 OK 131 B URL HTTP/1.1 cdn2.editmysite.com/fonts/Saginaw/font.css?2
IP 151.101.129.46:0
Hash c1ae75d75df5957897f43d7823111e07
7864652f9d0431d9159ca7b5c2a2019811ec26e3
9fd66d4bace1195b5e6961b92acbe5aee7b1cabbdbb22b90fdaef3402987d49c
GET /fonts/Saginaw/font.css?2 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 131
Server: nginx
Content-Type: text/css
Last-Modified: Mon, 12 Dec 2022 18:45:57 GMT
ETag: "639776e5-a4"
Expires: Tue, 27 Dec 2022 08:39:30 GMT
Cache-Control: max-age=1209600
X-Host: grn43.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 26 Dec 2022 03:45:58 GMT
Age: 1105589
X-Served-By: cache-sjc10023-SJC, cache-bma1626-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 3, 2
X-Timer: S1672026358.403728,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/css/social-icons.css?buildtime=1502843315
151.101.129.46200 OK 1.6 kB URL HTTP/1.1 cdn2.editmysite.com/css/social-icons.css?buildtime=1502843315
IP 151.101.129.46:0
File type ASCII text, with very long lines (13080)
Hash afb5892bb23e5ac676894e14d27e1287
1415f124674443dbad0492923e08f166f7e11fec
74bfb4e6f63e1b959529a4763197fb6b201457969d51251d0d64194b606e0caf
GET /css/social-icons.css?buildtime=1502843315 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1638
Server: nginx
Content-Type: text/css
Last-Modified: Fri, 16 Dec 2022 00:32:45 GMT
ETag: W/"639bbcad-3319"
Expires: Fri, 30 Dec 2022 10:40:59 GMT
Cache-Control: max-age=1209600
X-Host: blu21.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 26 Dec 2022 03:45:58 GMT
Age: 839099
X-Served-By: cache-sjc10054-SJC, cache-bma1657-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 106, 1
X-Timer: S1672026358.403608,VS0,VE1
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/css/sites.css?buildTime=1671221571
151.101.129.46200 OK 30 kB URL HTTP/1.1 cdn2.editmysite.com/css/sites.css?buildTime=1671221571
IP 151.101.129.46:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash d10158b22b553f723d99dc78eaee6390
80f2d6670cfb0d01cd20c471cf8e3e6465ddd3f6
939c7a8e1ad74a44e0c847e38533e69e36454b6805d25acf3fb0cb5c472d245e
GET /css/sites.css?buildTime=1671221571 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 29746
Server: nginx
Content-Type: text/css
Last-Modified: Fri, 16 Dec 2022 19:54:14 GMT
ETag: W/"639ccce6-347ac"
Expires: Fri, 30 Dec 2022 20:15:50 GMT
Cache-Control: max-age=1209600
X-Host: blu25.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 26 Dec 2022 03:45:58 GMT
Age: 804608
X-Served-By: cache-sjc10036-SJC, cache-bma1662-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 41, 496
X-Timer: S1672026358.402141,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/css/old/fancybox.css?1502843315
151.101.129.46200 OK 1.2 kB URL HTTP/1.1 cdn2.editmysite.com/css/old/fancybox.css?1502843315
IP 151.101.129.46:0
File type ASCII text, with very long lines (3910)
Hash b644e92258f4c7c0b4270047652d1e60
93734d52ee9e86a768159e514076051813c39cd9
29199496fb817668f887938571046abcdfb49063d0207d571b361f221f467907
GET /css/old/fancybox.css?1502843315 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1218
Server: nginx
Content-Type: text/css
Last-Modified: Fri, 16 Dec 2022 19:54:20 GMT
ETag: "639cccec-f47"
Expires: Tue, 03 Jan 2023 07:43:23 GMT
Cache-Control: max-age=1209600
X-Host: blu124.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 26 Dec 2022 03:45:58 GMT
Age: 504154
X-Served-By: cache-sjc10073-SJC, cache-bma1643-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 18, 1
X-Timer: S1672026358.402344,VS0,VE1
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1502843315&
151.101.129.46200 OK 33 kB URL HTTP/1.1 cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1502843315&
IP 151.101.129.46:0
File type ASCII text, with very long lines (65024)
Hash 58a9c1c02a5743ff2107715d041d28b7
619d9394e8b3afce9f9cc066b924ddb5d3265265
98b8090e2292b69bb8ad0ef4082f55458b891130ee6b3d9c6fce5075eec64dbf
GET /js/lang/en/stl.js?buildTime=1502843315& HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 32800
Server: nginx
Content-Type: application/javascript
Last-Modified: Fri, 16 Dec 2022 19:53:10 GMT
ETag: "639ccca6-2c22a"
Expires: Wed, 04 Jan 2023 13:34:43 GMT
Cache-Control: max-age=1209600
X-Host: blu117.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 26 Dec 2022 03:45:58 GMT
Age: 396675
X-Served-By: cache-sjc10061-SJC, cache-bma1621-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 27, 1
X-Timer: S1672026358.402627,VS0,VE1
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1671221571&
151.101.129.46200 OK 33 kB URL HTTP/1.1 cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1671221571&
IP 151.101.129.46:0
File type ASCII text, with very long lines (65024)
Hash 58a9c1c02a5743ff2107715d041d28b7
619d9394e8b3afce9f9cc066b924ddb5d3265265
98b8090e2292b69bb8ad0ef4082f55458b891130ee6b3d9c6fce5075eec64dbf
GET /js/lang/en/stl.js?buildTime=1671221571& HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 32800
Server: nginx
Content-Type: application/javascript
Last-Modified: Fri, 16 Dec 2022 19:53:10 GMT
ETag: "639ccca6-2c22a"
Expires: Fri, 30 Dec 2022 20:13:42 GMT
Cache-Control: max-age=1209600
X-Host: grn43.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 26 Dec 2022 03:45:58 GMT
Age: 804736
X-Served-By: cache-sjc10058-SJC, cache-bma1626-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 40, 140
X-Timer: S1672026358.416921,VS0,VE0
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 508c2c991a10f5f048c213f732698d4c
5a43bb96597ada2c1a16fb35c6cd74529bb306c4
bdf5e18cacb564fe4be4448d268ecee27b7139b91109b6d0727f2b809c6b5f3f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 03:45:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1671221571
151.101.129.46200 OK 159 kB URL HTTP/1.1 cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1671221571
IP 151.101.129.46:0
File type ASCII text, with very long lines (32007)
Size 159 kB (159020 bytes)
Hash 19fd4a473c58275a9e8110c598292a56
3ff56cbf5a3677387aef743acdf1a8abf822d28d
89b155f71eeef3fb8d9c95ff95288c29a0b5b722d9c0a3dfdeadfea8b8032884
GET /js/site/main-customer-accounts-site.js?buildTime=1671221571 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 159020
Server: nginx
Content-Type: application/javascript
Last-Modified: Fri, 16 Dec 2022 19:54:38 GMT
ETag: "639cccfe-82588"
Expires: Fri, 30 Dec 2022 20:15:51 GMT
Cache-Control: max-age=1209600
X-Host: grn64.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 26 Dec 2022 03:45:58 GMT
Age: 804607
X-Served-By: cache-sjc10062-SJC, cache-bma1620-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 10, 1
X-Timer: S1672026358.490094,VS0,VE1
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
thewaxingfactory.com/gdpr/gdprscript.js?buildTime=1671221571&hasRemindMe=true&stealth=false
66.96.147.112200 OK 971 B URL HTTP/1.1 thewaxingfactory.com/gdpr/gdprscript.js?buildTime=1671221571&hasRemindMe=true&stealth=false
IP 66.96.147.112:0
File type ASCII text, with very long lines (823)
Hash d1c8e0045f8f26e03009921099b76214
d7a5df15987971e861eaceafa3f57b9d60a0d44c
71c180ed6b55b974a8009ec77c3aec88b801cf3744536ae7445c6b50317f535d
GET /gdpr/gdprscript.js?buildTime=1671221571&hasRemindMe=true&stealth=false HTTP/1.1
Host: thewaxingfactory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/index.html
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 03:45:58 GMT
Content-Type: application/x-javascript
Content-Length: 971
Connection: keep-alive
Server: Apache/2
Last-Modified: Fri, 26 Feb 2021 15:03:02 GMT
ETag: "3cb-5bc3e908355f6"
Accept-Ranges: bytes
Cache-Control: max-age=14400
Expires: Mon, 26 Dec 2022 07:45:58 GMT
Age: 0
cdn2.editmysite.com/js/site/main.js?buildTime=1671221571
151.101.129.46200 OK 472 B URL HTTP/1.1 cdn2.editmysite.com/js/site/main.js?buildTime=1671221571
IP 151.101.129.46:0
Hash 508c2c991a10f5f048c213f732698d4c
5a43bb96597ada2c1a16fb35c6cd74529bb306c4
bdf5e18cacb564fe4be4448d268ecee27b7139b91109b6d0727f2b809c6b5f3f
GET /js/site/main.js?buildTime=1671221571 HTTP/1.1
Host: cdn2.editmysite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 146400
Server: nginx
Content-Type: application/javascript
Last-Modified: Fri, 16 Dec 2022 19:54:38 GMT
ETag: "639cccfe-74804"
Expires: Fri, 30 Dec 2022 20:15:50 GMT
Cache-Control: max-age=1209600
X-Host: blu13.sf2p.intern.weebly.net
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 26 Dec 2022 03:45:58 GMT
Age: 804608
X-Served-By: cache-sjc10073-SJC, cache-bma1620-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 43, 1
X-Timer: S1672026358.402288,VS0,VE1
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
thewaxingfactory.com/files/theme/mobile.js?1496698124
66.96.147.112200 OK 11 kB URL HTTP/1.1 thewaxingfactory.com/files/theme/mobile.js?1496698124
IP 66.96.147.112:0
File type ASCII text, with very long lines (782)
Hash 3fb900ff600910b0a8bfa22638b60c78
52ffb5868e89a4e5b2d2cd6b3c39a48704636d77
55bf1ba6bac560a22931d64590af8f173dc53c2a9060298e380fc3063a52d4af
Analyzer Verdict Alert fortinet Malware
GET /files/theme/mobile.js?1496698124 HTTP/1.1
Host: thewaxingfactory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/index.html
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 03:45:58 GMT
Content-Type: application/x-javascript
Content-Length: 11155
Connection: keep-alive
Server: Apache/2
Last-Modified: Fri, 26 Feb 2021 15:03:02 GMT
Accept-Ranges: bytes
Cache-Control: max-age=14400
Etag: "2b93-5bc3e90830fb5"
Expires: Mon, 26 Dec 2022 07:45:58 GMT
Age: 0
thewaxingfactory.com/files/theme/custom.js?1496698124
66.96.147.112200 OK 4.0 kB URL HTTP/1.1 thewaxingfactory.com/files/theme/custom.js?1496698124
IP 66.96.147.112:0
File type ASCII text, with very long lines (764)
Hash e05dd16662f99fd60107b9e78d41225a
14f33fea965a7ded8fe05feb6eed887ceedffe9c
e35f69e36025776803b552e3df421daf3206b5d6fb89639a73d1898b95c7d7f7
Analyzer Verdict Alert fortinet Malware
GET /files/theme/custom.js?1496698124 HTTP/1.1
Host: thewaxingfactory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/index.html
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 03:45:58 GMT
Content-Type: application/x-javascript
Content-Length: 3977
Connection: keep-alive
Server: Apache/2
Last-Modified: Fri, 26 Feb 2021 15:03:02 GMT
Accept-Ranges: bytes
Cache-Control: max-age=14400
Etag: "f89-5bc3e90829e66"
Expires: Mon, 26 Dec 2022 07:45:58 GMT
Age: 0
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 26 Dec 2022 03:33:30 GMT
age: 748
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
thewaxingfactory.com/files/theme/plugins.js?1496698124
66.96.147.112200 OK 86 kB URL HTTP/1.1 thewaxingfactory.com/files/theme/plugins.js?1496698124
IP 66.96.147.112:0
File type ASCII text, with very long lines (744)
Hash 4a17f22df1512349eebc10bf0be9302d
cb3598f401cf5bd713ac50e8417cf42b9e9a1765
f91a349654e6cd999777714bd5bee8e2757fa496a9285c4f54976a6b0d045efb
Analyzer Verdict Alert fortinet Malware
GET /files/theme/plugins.js?1496698124 HTTP/1.1
Host: thewaxingfactory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/index.html
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 03:45:58 GMT
Content-Type: application/x-javascript
Content-Length: 85541
Connection: keep-alive
Server: Apache/2
Last-Modified: Fri, 26 Feb 2021 15:03:02 GMT
ETag: "14e25-5bc3e90833a9a"
Accept-Ranges: bytes
Cache-Control: max-age=14400
Expires: Mon, 26 Dec 2022 07:45:58 GMT
Age: 0
thewaxingfactory.com/files/main_style.css?1502896090
66.96.147.112200 OK 27 kB URL HTTP/1.1 thewaxingfactory.com/files/main_style.css?1502896090
IP 66.96.147.112:0
File type ASCII text, with very long lines (531)
Hash 0dfa5caf70e54dc203b4b2ac0e072348
6cb253bd10be11d8a5262c4e36ae792d392d7bb1
7457ffb13cb975eed2d363c526fbe5348bac1748c983d1f9add61e50fcc06eb8
GET /files/main_style.css?1502896090 HTTP/1.1
Host: thewaxingfactory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/index.html
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 03:45:58 GMT
Content-Type: text/css
Content-Length: 27107
Connection: keep-alive
Server: Apache/2
Last-Modified: Wed, 13 Oct 2021 02:53:05 GMT
ETag: "69e3-5ce330fb8111c"
Accept-Ranges: bytes
Cache-Control: max-age=14400
Expires: Mon, 26 Dec 2022 07:45:58 GMT
Age: 0
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 31 kB URL HTTP/1.1 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://thewaxingfactory.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 30928
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 23 Dec 2022 13:33:54 GMT
Expires: Sat, 23 Dec 2023 13:33:54 GMT
Cache-Control: public, max-age=31536000
Age: 223924
Last-Modified: Mon, 11 Jul 2022 18:57:39 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/gentiumbasic/v18/WnzmHAw9aB_JD2VGQVR80We3LAixMT8ub6KM.woff2
216.58.207.227200 OK 23 kB URL HTTP/1.1 fonts.gstatic.com/s/gentiumbasic/v18/WnzmHAw9aB_JD2VGQVR80We3LAixMT8ub6KM.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 22912, version 1.0\012- data
Hash f275bed2aafb7a6c43cf20ca29e971fe
303b96967e15f15f068a9e5790b206b7a303a2fb
2a64adc4944a33dade7ce5f07f3cc779418559a3505c7f4d88f44fb2f9f28734
GET /s/gentiumbasic/v18/WnzmHAw9aB_JD2VGQVR80We3LAixMT8ub6KM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://thewaxingfactory.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 22912
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 26 Dec 2022 00:51:37 GMT
Expires: Tue, 26 Dec 2023 00:51:37 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 18 Jul 2022 19:23:00 GMT
Content-Type: font/woff2
Age: 10461
fonts.gstatic.com/s/gentiumbasic/v18/WnzjHAw9aB_JD2VGQVR80We3LAi5iho7.woff2
216.58.207.227200 OK 24 kB URL HTTP/1.1 fonts.gstatic.com/s/gentiumbasic/v18/WnzjHAw9aB_JD2VGQVR80We3LAi5iho7.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 23452, version 1.0\012- data
Hash fd429ebb107aaeef4e7ab6c4f074fe69
c2179ec5537853c528ec55ea739918c0c73d12c2
3321247c19a6fc9f33ea7e8dd5d11d1bb2031a4b2e540cf2ae14680d9ef4ca82
GET /s/gentiumbasic/v18/WnzjHAw9aB_JD2VGQVR80We3LAi5iho7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://thewaxingfactory.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23452
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 24 Dec 2022 23:03:58 GMT
Expires: Sun, 24 Dec 2023 23:03:58 GMT
Cache-Control: public, max-age=31536000
Age: 103320
Last-Modified: Mon, 18 Jul 2022 19:47:23 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/gentiumbasic/v18/WnzgHAw9aB_JD2VGQVR80We3JLasnT0ebQ.woff2
216.58.207.227200 OK 23 kB URL HTTP/1.1 fonts.gstatic.com/s/gentiumbasic/v18/WnzgHAw9aB_JD2VGQVR80We3JLasnT0ebQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 23092, version 1.0\012- data
Hash fbc48f4ba67342809d14d913827fe06e
65c83346eba829399cc81adbcd92ec3310516bd2
93fee62a91f4982e7e8b93a0f1e19d1d2d99bbdd7c8cf5f4bfee53368fe26032
GET /s/gentiumbasic/v18/WnzgHAw9aB_JD2VGQVR80We3JLasnT0ebQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://thewaxingfactory.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23092
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 26 Dec 2022 00:51:38 GMT
Expires: Tue, 26 Dec 2023 00:51:38 GMT
Cache-Control: public, max-age=31536000
Age: 10460
Last-Modified: Mon, 18 Jul 2022 19:21:41 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/gentiumbasic/v18/Wnz9HAw9aB_JD2VGQVR80We3LA2JiA.woff2
216.58.207.227200 OK 22 kB URL HTTP/1.1 fonts.gstatic.com/s/gentiumbasic/v18/Wnz9HAw9aB_JD2VGQVR80We3LA2JiA.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 22300, version 1.0\012- data
Hash 52816d3afe8fe9387bedba3ead9ea741
7b1d04d4a5668d54eecce9f1e2532bc3cdcdc351
d797eb315470e8d46f5253a69a148138ba87353a08d2e566c1b35fb58ae152d9
GET /s/gentiumbasic/v18/Wnz9HAw9aB_JD2VGQVR80We3LA2JiA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://thewaxingfactory.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 22300
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 21 Dec 2022 14:18:11 GMT
Expires: Thu, 21 Dec 2023 14:18:11 GMT
Cache-Control: public, max-age=31536000
Age: 394067
Last-Modified: Mon, 18 Jul 2022 19:39:24 GMT
Content-Type: font/woff2
thewaxingfactory.com/uploads/1/0/6/2/106200053/published/the-waxing-factory-sign-logo.jpeg?1494731478
66.96.147.112200 OK 21 kB URL HTTP/1.1 thewaxingfactory.com/uploads/1/0/6/2/106200053/published/the-waxing-factory-sign-logo.jpeg?1494731478
IP 66.96.147.112:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 886x184, components 3\012- data
Hash 46b7d756b0c8d694f0c2b813f2e2dbf4
0b42b14f83e8768057238a7652c0a5d9eea8574d
58960ba0c2989d221ad5b26aa4d1baf2a33d3839876a39aab902e884977e883d
Analyzer Verdict Alert fortinet Malware
GET /uploads/1/0/6/2/106200053/published/the-waxing-factory-sign-logo.jpeg?1494731478 HTTP/1.1
Host: thewaxingfactory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/index.html
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 03:45:58 GMT
Content-Type: image/jpeg
Content-Length: 20773
Connection: keep-alive
Server: Apache/2
Last-Modified: Wed, 24 May 2017 21:19:42 GMT
Accept-Ranges: bytes
Cache-Control: max-age=14400
Etag: "5125-5504ba9ab5593"
Expires: Mon, 26 Dec 2022 07:45:58 GMT
Age: 0
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
216.58.207.227200 OK 46 kB URL HTTP/1.1 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://thewaxingfactory.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 46524
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 20 Dec 2022 14:12:39 GMT
Expires: Wed, 20 Dec 2023 14:12:39 GMT
Cache-Control: public, max-age=31536000
Age: 480799
Last-Modified: Mon, 18 Jul 2022 19:58:01 GMT
Content-Type: font/woff2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bdc6ddd27a64c85bd15f78b39a79874c
965b8f1b763483b4b4dfe35526d27393d1fdf05c
d2f4dee4d920109e0751634731bea278c9ea9e6c0120ac07969eba74ddbfe615
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6127
Cache-Control: max-age=111777
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 03:45:58 GMT
Etag: "63a812a8-1d7"
Expires: Tue, 27 Dec 2022 10:48:55 GMT
Last-Modified: Sun, 25 Dec 2022 09:06:48 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
thewaxingfactory.com/uploads/1/0/6/2/106200053/background-images/616604583.jpg
66.96.147.112200 OK 124 kB URL HTTP/1.1 thewaxingfactory.com/uploads/1/0/6/2/106200053/background-images/616604583.jpg
IP 66.96.147.112:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 676x944, components 3\012- data
Size 124 kB (124385 bytes)
Hash 48ad4025e76896d7c8e074fc790f8d55
165daa62fd7c7838e1f6f51051a200ce7d258f13
d5d39421f55727a53ca6cbeb08fe014e968e3c307ba7123a9b09a60f6894135e
GET /uploads/1/0/6/2/106200053/background-images/616604583.jpg HTTP/1.1
Host: thewaxingfactory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/index.html
Cookie: gdpr-kb=true
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 03:45:58 GMT
Content-Type: image/jpeg
Content-Length: 124385
Connection: keep-alive
Server: Apache/2
Last-Modified: Wed, 24 May 2017 21:19:45 GMT
ETag: "1e5e1-5504ba9d00886"
Accept-Ranges: bytes
Cache-Control: max-age=14400
Expires: Mon, 26 Dec 2022 07:45:58 GMT
Age: 0
push.services.mozilla.com/
52.13.173.34101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.13.173.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6DChhqseSUAozGUMpH/Qaw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: w2ym5KdJCdT4yfX9uaAnobkNtwU=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3f96afb407a8f69edcbedd2fd9c8d5
54ad2f1dd4fe5a99339793c88a773033686dff6a
6ba4645804f8d4188c09bdfb44b5e666779640b0fbd82c6d6e0f6ebc66f277d7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BA4645804F8D4188C09BDFB44B5E666779640B0FBD82C6D6E0F6EBC66F277D7"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21552
Expires: Mon, 26 Dec 2022 09:45:11 GMT
Date: Mon, 26 Dec 2022 03:45:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fa46a57d59121e03714649d5dfb3476c
47c623c6e2ec300d316873b6847d3a33c886d2a0
bb1f09f5c29d4ae541554325250fa54a301226f78a03c7ce5974c6cc3d92bbe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB1F09F5C29D4AE541554325250FA54A301226F78A03C7CE5974C6CC3D92BBE2"
Last-Modified: Sun, 25 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21593
Expires: Mon, 26 Dec 2022 09:45:52 GMT
Date: Mon, 26 Dec 2022 03:45:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fa46a57d59121e03714649d5dfb3476c
47c623c6e2ec300d316873b6847d3a33c886d2a0
bb1f09f5c29d4ae541554325250fa54a301226f78a03c7ce5974c6cc3d92bbe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB1F09F5C29D4AE541554325250FA54A301226F78A03C7CE5974C6CC3D92BBE2"
Last-Modified: Sun, 25 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21551
Expires: Mon, 26 Dec 2022 09:45:10 GMT
Date: Mon, 26 Dec 2022 03:45:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3f96afb407a8f69edcbedd2fd9c8d5
54ad2f1dd4fe5a99339793c88a773033686dff6a
6ba4645804f8d4188c09bdfb44b5e666779640b0fbd82c6d6e0f6ebc66f277d7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BA4645804F8D4188C09BDFB44B5E666779640B0FBD82C6D6E0F6EBC66F277D7"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 26 Dec 2022 09:45:59 GMT
Date: Mon, 26 Dec 2022 03:45:59 GMT
Connection: keep-alive
for.dontkinhooot.tw/stat.js
103.224.182.253404 Not Found 196 B URL HTTP/1.1 for.dontkinhooot.tw/stat.js
IP 103.224.182.253:0
ASN #133618 Trellian Pty. Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert fortinet Malware
GET /stat.js HTTP/1.1
Host: for.dontkinhooot.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://thewaxingfactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
date: Mon, 26 Dec 2022 03:45:59 GMT
server: Apache/2.4.38 (Debian)
content-length: 196
content-type: text/html; charset=iso-8859-1
connection: close
www.weebly.com/uploads/reseller/assets/1001-favicon.ico
74.115.50.110404 Not Found 3.7 kB URL HTTP/1.1 www.weebly.com/uploads/reseller/assets/1001-favicon.ico
IP 74.115.50.110:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (368)
Hash 2eeb3e560ca8f369be20ceb5858a4701
6c53e6b66c1bc6d0b93116e14fb79c30424bf36c
ac2d9485acf7e9c29d94d31f19d3aedda958cd4f6119ddc888fbbde52d6078dd
GET /uploads/reseller/assets/1001-favicon.ico HTTP/1.1
Host: www.weebly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://thewaxingfactory.com/
HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 26 Dec 2022 03:45:59 GMT
Content-Type: text/html
Content-Length: 3739
Connection: keep-alive
ETag: "630fbfe7-e9b"
X-Host: blu81.sf2p.intern.weebly.net
X-W-DC: SFO
for.dontkinhooot.tw/stat.js
103.224.182.253404 Not Found 196 B URL HTTP/1.1 for.dontkinhooot.tw/stat.js
IP 103.224.182.253:0
ASN #133618 Trellian Pty. Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert fortinet Malware
GET /stat.js HTTP/1.1
Host: for.dontkinhooot.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://thewaxingfactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
date: Mon, 26 Dec 2022 03:45:59 GMT
server: Apache/2.4.38 (Debian)
content-length: 196
content-type: text/html; charset=iso-8859-1
connection: close
for.dontkinhooot.tw/stat.js
103.224.182.253404 Not Found 196 B URL HTTP/1.1 for.dontkinhooot.tw/stat.js
IP 103.224.182.253:0
ASN #133618 Trellian Pty. Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert fortinet Malware
GET /stat.js HTTP/1.1
Host: for.dontkinhooot.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://thewaxingfactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
date: Mon, 26 Dec 2022 03:45:59 GMT
server: Apache/2.4.38 (Debian)
content-length: 196
content-type: text/html; charset=iso-8859-1
connection: close
for.dontkinhooot.tw/stat.js
103.224.182.253404 Not Found 196 B URL HTTP/1.1 for.dontkinhooot.tw/stat.js
IP 103.224.182.253:0
ASN #133618 Trellian Pty. Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert fortinet Malware
GET /stat.js HTTP/1.1
Host: for.dontkinhooot.tw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://thewaxingfactory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
date: Mon, 26 Dec 2022 03:45:59 GMT
server: Apache/2.4.38 (Debian)
content-length: 196
content-type: text/html; charset=iso-8859-1
connection: close
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5708
Expires: Mon, 26 Dec 2022 05:21:08 GMT
Date: Mon, 26 Dec 2022 03:46:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5708
Expires: Mon, 26 Dec 2022 05:21:08 GMT
Date: Mon, 26 Dec 2022 03:46:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5708
Expires: Mon, 26 Dec 2022 05:21:08 GMT
Date: Mon, 26 Dec 2022 03:46:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd9e22c8-a9cc-48fe-a821-b6c7e317e433.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd9e22c8-a9cc-48fe-a821-b6c7e317e433.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10713b0c2cec301fcd45db80ae0a10eb
78d9719593aa9e972921ae6555cf235286f50709
32d4474f99a79b9e05b31722af47fa45b6876ebbb042b57260a351d2a2601fb7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd9e22c8-a9cc-48fe-a821-b6c7e317e433.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10195
x-amzn-requestid: 04589666-4416-4780-a959-9e3c6b140194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dq6efFnzIAMFebA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a77129-4415c578420b56920685c331;Sampled=0
x-amzn-remapped-date: Sat, 24 Dec 2022 21:37:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: slM8cEpVBQ5acYETTSdN8QQB4w3lNhFmGJnUFL67ZY8H5dVs5E2jvQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 07:48:52 GMT
age: 71828
etag: "78d9719593aa9e972921ae6555cf235286f50709"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1170b8f7-9efd-47d4-8f22-05af9334d2a1.webp
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1170b8f7-9efd-47d4-8f22-05af9334d2a1.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4dba0cdb1d2b6c9d61f85f66817137bb
e97b3e4f82bfea16e1991c566fa647d0531a4265
2aee5b88869edcdcb8427831e1c547828f5f013e793646ebbe29e56955df90fa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1170b8f7-9efd-47d4-8f22-05af9334d2a1.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9040
x-amzn-requestid: 155323c6-61ec-42c2-9a6d-a25493949cdf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duMupGpNoAMFrBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c190-32280eaf0734f99d555ffb02;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:33:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: hZzrydMtwKz3g7jNxoeX0aHGPGOHKZfr8hAdxFV6teHfI0G4HVJ20A==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 21:58:59 GMT
etag: "e97b3e4f82bfea16e1991c566fa647d0531a4265"
content-type: image/jpeg
age: 20821
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7dbee83-176a-4fa9-a42c-2a2c9db4001b.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7dbee83-176a-4fa9-a42c-2a2c9db4001b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b46e077944b0d53e361327e6d690f2ec
c9f17cad706817aa66832633d1307a91c8c7d61e
b00a16c34c95675a08bafb198f7cc4b374e88a9041a6bb8593a61cb08ef3c306
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7dbee83-176a-4fa9-a42c-2a2c9db4001b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10961
x-amzn-requestid: 4013aad4-805c-4abd-a748-9619aad6c134
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duNb5Ha0oAMFzfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c2b2-5701d49371016fb7580ba6c8;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:37:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Axg_RTSiVQPB7tFIaN91OfTysuh7NTs0FH5w_vI0SsV3Fv_m3X1YyQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 22:08:59 GMT
age: 20221
etag: "c9f17cad706817aa66832633d1307a91c8c7d61e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a394e27-3391-4992-8278-c17b6af6f6e6.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a394e27-3391-4992-8278-c17b6af6f6e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4c1c005f6a410f9a70bb3dfca6e3946
db8224a2f6a985ae37c1ba6b7edd669e8fd2b097
62018c535821be673031b5a9f48e0a208763ce2ba270cf1211b96a6bee950fbe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a394e27-3391-4992-8278-c17b6af6f6e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5205
x-amzn-requestid: e77f5360-eb30-4e16-b481-e9823a2b94a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duMunF_YIAMF_MA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c190-5727986253815e4d5fe64ee9;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:33:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: hSuINwOLEb9yadXYM8-wjj5s50dflddwYw_WqqNuNiV7fUW0PUvRnw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 21:51:28 GMT
age: 21272
etag: "db8224a2f6a985ae37c1ba6b7edd669e8fd2b097"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8987286d-0da9-4e2a-a674-43d900e573e4.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8987286d-0da9-4e2a-a674-43d900e573e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6e79b945cb70d09691397e022efa506b
ab355a55dadbdb52f57f2179bcb016cd4bbeff48
7d9ef5d21e701e90302a4c195cb84abb4419d2c5fada3878aea00a8fc9675685
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8987286d-0da9-4e2a-a674-43d900e573e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8848
x-amzn-requestid: 0b602342-cbce-43d0-b9d3-6bd95221fb9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duO9oF1ioAMFwUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c523-15e9ffaa144f9e001f19b3f4;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:48:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XfAE8-I8KZDnzcB8lVz2buLE_9_sWPF_NVkt1xl-PNDyfKk_Tn6KFw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 22:25:36 GMT
age: 19224
etag: "ab355a55dadbdb52f57f2179bcb016cd4bbeff48"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f5421b0-4d90-4126-813c-f0b20b8058dc.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f5421b0-4d90-4126-813c-f0b20b8058dc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4a39035081117434c8be0b4b9d247edd
62ce877ea88dc4c691fce6ce36149eb3db8849ba
594754f2ab4a2f394d465893b9f73364c6ca1d03b688c8bc71ae687b70364c4d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f5421b0-4d90-4126-813c-f0b20b8058dc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6402
x-amzn-requestid: e473a47b-af93-4aef-87ee-0ae9bd9ea1fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duNbQHdWoAMFRZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c2ae-571725cd15512b1d33f622c7;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:37:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sjzsgESZF2HPFLG-oYV2IkkmOmbWCxfWLndFjEAwvbrVIO18yH8Bfw==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 21:57:04 GMT
age: 20936
etag: "62ce877ea88dc4c691fce6ce36149eb3db8849ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
thewaxingfactory.com/ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails]
66.96.147.112200 OK 348 B URL HTTP/1.1 thewaxingfactory.com/ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails]
IP 66.96.147.112:0
File type JSON data\012- , ASCII text, with very long lines (348), with no line terminators
Hash a944dd688c99d2901d6719be713271c0
4f5454d5d434829baf46671638610791758725d9
adb97e1bc686c58b4286f1208d2bd969687c6cf3e2fc468697dfd956d260de49
Analyzer Verdict Alert fortinet Malware
POST /ajax/api/JsonRPC/CustomerAccounts/?CustomerAccounts[CustomerAccounts::getAccountDetails] HTTP/1.1
Host: thewaxingfactory.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 83
Origin: http://thewaxingfactory.com
Connection: keep-alive
Referer: http://thewaxingfactory.com/index.html
Cookie: gdpr-kb=true
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 03:46:01 GMT
Content-Type: application/json
Content-Length: 348
Connection: keep-alive
Server: Apache/2
X-Powered-By: PHP/7.4.10
Vary: X-W-SSL,User-Agent
X-Host: grn86.sf2p.intern.weebly.net
X-UA-Compatible: IE=edge,chrome=1
X-DS-Version: 1502896092
Age: 2