r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3595
Expires: Sun, 05 Feb 2023 09:24:58 GMT
Date: Sun, 05 Feb 2023 08:25:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4254
Expires: Sun, 05 Feb 2023 09:35:57 GMT
Date: Sun, 05 Feb 2023 08:25:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 07:36:17 GMT
content-type: application/json
age: 2926
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11935
Expires: Sun, 05 Feb 2023 11:43:58 GMT
Date: Sun, 05 Feb 2023 08:25:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: HgnxkQisJMu8AbCJVJkIPQNbdk++6zpDYKRK7fQ6vnDY1LnBse+7RrswJ+Xu8PrHx1Cj6uO2Bmw=
x-amz-request-id: 6HFKJ268EM7SZRVE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 07:53:11 GMT
age: 1912
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 08:25:03 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
poistenie-deti.sk/
37.9.175.132301 Moved Permanently 0 B IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: openresty
Date: Sun, 05 Feb 2023 08:25:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://www.poistenie-deti.sk/
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 07:49:07 GMT
age: 2157
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19720
Expires: Sun, 05 Feb 2023 13:53:44 GMT
Date: Sun, 05 Feb 2023 08:25:04 GMT
Connection: keep-alive
push.services.mozilla.com/
54.148.87.114101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.87.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: g9PbjRV3H1sWbug4pYyC6Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XknyPHeRhgBbmzBtJdhT4QVjFpM=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 08:25:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 08:25:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Nunito%3A400%2C900&display=swap&ver=5.6.10
142.250.74.106200 OK 998 B URL HTTP/2 fonts.googleapis.com/css?family=Nunito%3A400%2C900&display=swap&ver=5.6.10
IP 142.250.74.106:0
Hash 4dc7569757391f4ac2f91580159c7bbe
b9cf3ef65cec521c421f61a8ef36762f3d65b488
b0f71eb6a6f2c3c666ecdc723768fa43258f6469640db1d86e32591c494a2c60
GET /css?family=Nunito%3A400%2C900&display=swap&ver=5.6.10 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 08:25:04 GMT
date: Sun, 05 Feb 2023 08:25:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-includes/js/wp-embed.min.js?ver=5.6.10
37.9.175.132200 OK 2.4 kB URL HTTP/2 www.poistenie-deti.sk/wp-includes/js/wp-embed.min.js?ver=5.6.10
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
File type ASCII text, with very long lines (1413)
Hash c9cf288c2367d95e154928086a309d31
62f050544f314c452754b85f7238e2c6cdda2371
9fca572e6dc1a67d947d9baaeb3b8dd618b43da4bae7785f1a8acbc1800cfa51
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-embed.min.js?ver=5.6.10 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 04 Feb 2021 12:43:15 GMT
etag: W/"141e-5ba820c187ec0"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-includes/js/jquery/ui/mouse.min.js?ver=1.12.1
37.9.175.132200 OK 2.7 kB URL HTTP/2 www.poistenie-deti.sk/wp-includes/js/jquery/ui/mouse.min.js?ver=1.12.1
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
File type ASCII text, with very long lines (3224)
Hash 97fe0ab592323033c7e13ac3592f94ab
9a634c30773a74440241f92f12111d00630a0c9a
b678414f712ac29cd1714533faa4f6ee873bc650dc110ff8b2354bdf7ed0fb3c
GET /wp-includes/js/jquery/ui/mouse.min.js?ver=1.12.1 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 04 Feb 2021 12:43:15 GMT
etag: W/"1bc0-5ba820c187ec0"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/fonts/mfn-icons.woff?31690507
37.9.175.132200 OK 81 kB URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/fonts/mfn-icons.woff?31690507
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
File type Web Open Font Format, TrueType, length 81448, version 1.0\012- data
Hash 743706216bfe3fc0728d0bd15313ac92
d923ae95df3ea7676e8dc34f4de04abf2eefaaab
559a910060423ed485ddc062a9ab5318859bbfde26be3f73d9b83ac0b9dae677
GET /wp-content/themes/betheme/fonts/mfn-icons.woff?31690507 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/wp-content/themes/betheme/css/base.css?ver=21.9.7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:05 GMT
content-type: font/woff
content-length: 81448
last-modified: Sun, 17 Jan 2021 18:14:17 GMT
etag: "13e28-5b91c92d3e6f3"
accept-ranges: bytes
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/css/responsive.css?ver=21.9.7
37.9.175.132200 OK 47 kB URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/css/responsive.css?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
File type ASCII text, with very long lines (612)
Hash a28c4f6e45f37a6fcce1fb332bb6d966
0553f642d48be38e92f42732602d6255370eaef2
80f565530ce171f90fb30fb0485dcf79ee3833e559ccc45901b23027ee8ba6ad
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/css/responsive.css?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:13:55 GMT
etag: W/"e165-5b91c91906781"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.3.3
37.9.175.132200 OK 82 kB URL HTTP/2 www.poistenie-deti.sk/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.3.3
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
File type ASCII text, with very long lines (42889)
Hash 8b2be1bfeb9fbdde39afa1d057317bea
43c3813d326058e855424d3bb356c675d4df615a
7e195ab9d0029fe75248df53f6168b0675c7081d99aee25357ccdc1bfdfbf033
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.3.3 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 21:54:44 GMT
etag: W/"1ea06-5b91fa735d100"
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 08:25:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
walk.classicpartnerships.com/noise.js
194.135.30.42200 OK 689 B URL HTTP/2 walk.classicpartnerships.com/noise.js
IP 194.135.30.42:0
ASN #2856 British Telecommunications PLC
File type ASCII text, with very long lines (1529), with no line terminators
Hash 4155ee2aeda036a7db96986ed8567463
3b9091b7fa1268ee548741e23539984adc44a47f
3db23fb0511f34e3654d3546626ff6659ffa7c312a30fb02efeb9d744cf77ea6
Analyzer Verdict Alert fortinet Malware
GET /noise.js HTTP/1.1
Host: walk.classicpartnerships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 08:25:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 689
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9b19a342554888b6578e9dc59c23437a
8a0652b7e141edbbb684c491d1800ab5e8f8e48a
ae0c7cdebf91c6a828be2b58007acb1c5d52ea7295b304cb004fc85a099daafe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AE0C7CDEBF91C6A828BE2B58007ACB1C5D52EA7295B304CB004FC85A099DAAFE"
Last-Modified: Fri, 03 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15921
Expires: Sun, 05 Feb 2023 12:50:26 GMT
Date: Sun, 05 Feb 2023 08:25:05 GMT
Connection: keep-alive
back.firstblackphase.com/mbRB96
194.135.30.210200 OK 1.2 kB URL HTTP/1.1 back.firstblackphase.com/mbRB96
IP 194.135.30.210:0
ASN #2856 British Telecommunications PLC
File type ASCII text, with very long lines (3022), with no line terminators
Hash eb02d53f0152c5c871ed775e2caf9250
ebd44170acd88dc736ea779f6ab8f8ff7caa5c6d
2a005b344967b5d077e8c2fa6f3290cd3c97442b58ef79cc8050df763f448683
GET /mbRB96 HTTP/1.1
Host: back.firstblackphase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2023 08:25:05 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 1176
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Expires: 0
Pragma: no-cache
Set-Cookie: _subid=s8hnpa7n0kf;Expires=Wednesday, 08-Mar-2023 08:25:05 GMT;Max-Age=2678400;Path=/
3936f=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjdcIjoxNjc1NTg1NTA1fSxcImNhbXBhaWduc1wiOntcIjNcIjoxNjc1NTg1NTA1fSxcInRpbWVcIjoxNjc1NTg1NTA1fSJ9.3XpBu-Oc-t2niDQ__NophylkNBq4ShBeYr83v5oF2_k;Expires=Thursday, 12-Mar-2076 16:50:10 GMT;Max-Age=1675671905;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6295
Expires: Sun, 05 Feb 2023 10:10:00 GMT
Date: Sun, 05 Feb 2023 08:25:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6295
Expires: Sun, 05 Feb 2023 10:10:00 GMT
Date: Sun, 05 Feb 2023 08:25:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6295
Expires: Sun, 05 Feb 2023 10:10:00 GMT
Date: Sun, 05 Feb 2023 08:25:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c8da623-73ab-4c2d-afaa-03d28de3a280.png
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c8da623-73ab-4c2d-afaa-03d28de3a280.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e0c38abfcd86f8074d4182d49fc354f
1367bebb73fa652695242100b26c394f1bfe4457
e42d110060133ac05e6cdfafa6473c55473220fdc7eaf03e3a89f58aa3603670
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c8da623-73ab-4c2d-afaa-03d28de3a280.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11056
x-amzn-requestid: 4acc3364-4a33-4934-bdcb-41284d952113
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPFrwEW4IAMF_Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8317-33872f461a2faab552322837;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:04:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4xmWa9XVzQ3xzjzIZyrdv3GpFSaTcoacse6b0lgGch2IMvV69AZ57w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:45:28 GMT
age: 38377
etag: "1367bebb73fa652695242100b26c394f1bfe4457"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 11:30:27 GMT
age: 75278
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e7140400336984afc6093c1246f863
59e0b21cdf4cfdac3f1ea05badd007727939ac42
4d927e74922159db5d07b9947fa1021cff74bb7b55759960cb3941d05c1e8f11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9579
x-amzn-requestid: 377c182d-43e8-4251-8731-6364d29fb955
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRFs0oAMFreQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-1ad3e68f50fc15707ec0406a;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sUtUjqOLpq42m22bLgmLggmPbtatZC01og_xzkVI1o8rJtAnvhvqHA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 14:15:26 GMT
age: 65379
etag: "59e0b21cdf4cfdac3f1ea05badd007727939ac42"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c1f3df5bbad5048923e29c0767d703d3
48c408d37a7bd7f96653174359178eed46ddf298
c8bae041c3d64334964b2aa771a07bc2709ced4c497e1795f864d9416fed728f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5801
x-amzn-requestid: 441284a8-923a-4b22-b39f-95dec713c292
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fjj9jHu_IAMFZ-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d7b389-788174a773fcd695540cc95e;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 12:09:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DgvqiQwdytO2caPNzg2OhGcv8ly9N_YeQTzpuf6iwAVt8AQZEXRLqw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:44:03 GMT
age: 38462
etag: "48c408d37a7bd7f96653174359178eed46ddf298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7a466d89c75ff3459b7328591db52cf
c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb
e73243be3d01d12a224c4e9826c4f52610cf7722eee69f62755278d7550705f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 5846c080-9f25-4590-863c-8af2126cdbe1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WXEEbnoAMFRdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f9-1bd490125feadc14366e7ca0;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d8aQmkW-aqLFpb79RynlJG2vY1GTDbjLNY0Qukgg_WIjdI6cmbVKFw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:51:26 GMT
age: 38019
etag: "c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:42:59 GMT
age: 16926
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d82966335d13b6ee953e4883ddff20d7
b2e0c35181ea54d9dd16b8926bf6861034f5ddda
cf6a48cbe611d5e0e0c0220c2bb42931be7405b6d05e8b6f97b67b8fed0d189f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF6A48CBE611D5E0E0C0220C2BB42931BE7405B6D05E8B6F97B67B8FED0D189F"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1924
Expires: Sun, 05 Feb 2023 08:57:10 GMT
Date: Sun, 05 Feb 2023 08:25:06 GMT
Connection: keep-alive
goaway.dofollowgreenline.com/follow/finish.php?pid=658745-22-658734323
194.135.30.210302 Found 0 B URL HTTP/1.1 goaway.dofollowgreenline.com/follow/finish.php?pid=658745-22-658734323
IP 194.135.30.210:0
ASN #2856 British Telecommunications PLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /follow/finish.php?pid=658745-22-658734323 HTTP/1.1
Host: goaway.dofollowgreenline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 05 Feb 2023 08:25:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://goaway.dofollowgreenline.com/follow/finish.php?mid=8678670756767
Access-Control-Allow-Origin: *
goaway.dofollowgreenline.com/follow/finish.php?mid=8678670756767
194.135.30.210200 OK 468 B URL HTTP/1.1 goaway.dofollowgreenline.com/follow/finish.php?mid=8678670756767
IP 194.135.30.210:0
ASN #2856 British Telecommunications PLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 08e8234eb4f242db487b6e2e7dd8c982
67b6e4405501881c9c019068e123050e61fdf89a
ace45fbb63550554ab79503ae6b48e7abdc05c3a295e4f688aa9afb3c62a3f9e
GET /follow/finish.php?mid=8678670756767 HTTP/1.1
Host: goaway.dofollowgreenline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.poistenie-deti.sk/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2023 08:25:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ae3fef8c98129884f1122de3eb1e1522
528d30a2a9d4cf68621ecd4ca6d582b58b194d2a
a08b1b2c4baffdd7de3683c7df379d931adb61440ddd08267e45f32bc138c3c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 08:25:06 GMT
Etag: "63de71bf-117"
Server: ECS (amb/6B7F)
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ae3fef8c98129884f1122de3eb1e1522
528d30a2a9d4cf68621ecd4ca6d582b58b194d2a
a08b1b2c4baffdd7de3683c7df379d931adb61440ddd08267e45f32bc138c3c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 08:25:06 GMT
Etag: "63de71bf-117"
Last-Modified: Sun, 05 Feb 2023 08:25:06 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8769266b76a4168b20fa0e0af854f9cb
0a9eb7edd4c848f686634c56ef427e283db028cc
1219f724e6b17cffe154eb34bc611a2e177ad8923ac8a44e1de4921ff9927672
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1219F724E6B17CFFE154EB34BC611A2E177AD8923AC8A44E1DE4921FF9927672"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19829
Expires: Sun, 05 Feb 2023 13:55:35 GMT
Date: Sun, 05 Feb 2023 08:25:06 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 182e466a5c18a9846e86b8400e674752
06505bc802040b462b2cc73884d1673bdec8c0b9
3ac2a1eb99ce0ed78af74c5390109b1671a4a3b77243aae89c2ce5623e7d1734
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5628
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 08:25:07 GMT
Last-Modified: Sun, 05 Feb 2023 06:51:19 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 182e466a5c18a9846e86b8400e674752
06505bc802040b462b2cc73884d1673bdec8c0b9
3ac2a1eb99ce0ed78af74c5390109b1671a4a3b77243aae89c2ce5623e7d1734
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5628
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 08:25:07 GMT
Last-Modified: Sun, 05 Feb 2023 06:51:19 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
ecrwqu.com/phtbload?a=1&e=aeyJwaWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTJ9
185.162.85.3200 OK 7.5 kB URL HTTP/2 ecrwqu.com/phtbload?a=1&e=aeyJwaWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTJ9
IP 185.162.85.3:0
ASN #39572 DataWeb Global Group B.V.
Hash fe5d065247eabf51241dd43b19409ba4
bbca96f9d398b99d41fcc55be8b3b083d3b986d8
58a1385704ba69a65afb35947454f1dffd07d09006aca6ae628d1509cb658235
GET /phtbload?a=1&e=aeyJwaWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTJ9 HTTP/1.1
Host: ecrwqu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3e5cj.haxbyq.com/
Origin: https://3e5cj.haxbyq.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 Feb 2023 08:25:09 GMT
content-length: 0
X-Firefox-Spdy: h2
azkcqs.com/rpe?a=1&s=1&act=7&src=2&p=1054030&st=1184602&wd=422612&d=haxbyq.com&tpl=24&rnd=0.7197755645598363&sbid=sandy1&sbid2=
185.162.85.1200 OK 0 B URL HTTP/2 azkcqs.com/rpe?a=1&s=1&act=7&src=2&p=1054030&st=1184602&wd=422612&d=haxbyq.com&tpl=24&rnd=0.7197755645598363&sbid=sandy1&sbid2=
IP 185.162.85.1:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rpe?a=1&s=1&act=7&src=2&p=1054030&st=1184602&wd=422612&d=haxbyq.com&tpl=24&rnd=0.7197755645598363&sbid=sandy1&sbid2= HTTP/1.1
Host: azkcqs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3e5cj.haxbyq.com
Connection: keep-alive
Referer: https://3e5cj.haxbyq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 05 Feb 2023 08:25:09 GMT
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3661244f083d52fd33f984ff56b9df7
41471293b775714a81169e15b91325ec12917488
6772b0d0845f581a05dbe586499283cc3e043c8d76ec6f667c535e21e3529484
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6772B0D0845F581A05DBE586499283CC3E043C8D76EC6F667C535E21E3529484"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=864
Expires: Sun, 05 Feb 2023 08:39:33 GMT
Date: Sun, 05 Feb 2023 08:25:09 GMT
Connection: keep-alive
tratbc.com/tb?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=9
138.68.123.185302 Found 0 B URL HTTP/1.1 tratbc.com/tb?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=9
IP 138.68.123.185:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tb?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=9 HTTP/1.1
Host: tratbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3e5cj.haxbyq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.15.0
Date: Sun, 05 Feb 2023 08:25:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://track.wbdpnz.com/0f72aceb-1686-4bca-a918-ff82f889bf8f?source_id=a422612&campaign_id=&country=&browser=&zone_id=&creative_id=&format=&os=&partner_id=1054030&sub_period=&cost=&click_id=TINmurCNVjgY3aBe
X-Zone: eu
track.wbdpnz.com/0f72aceb-1686-4bca-a918-ff82f889bf8f?source_id=a422612&campaign_id=&country=&browser=&zone_id=&creative_id=&format=&os=&partner_id=1054030&sub_period=&cost=&click_id=TINmurCNVjgY3aBe
18.158.88.249302 Found 0 B URL HTTP/2 track.wbdpnz.com/0f72aceb-1686-4bca-a918-ff82f889bf8f?source_id=a422612&campaign_id=&country=&browser=&zone_id=&creative_id=&format=&os=&partner_id=1054030&sub_period=&cost=&click_id=TINmurCNVjgY3aBe
IP 18.158.88.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0f72aceb-1686-4bca-a918-ff82f889bf8f?source_id=a422612&campaign_id=&country=&browser=&zone_id=&creative_id=&format=&os=&partner_id=1054030&sub_period=&cost=&click_id=TINmurCNVjgY3aBe HTTP/1.1
Host: track.wbdpnz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3e5cj.haxbyq.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 05 Feb 2023 08:25:10 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://aws.redirclickid.com/click.php?key=8x1zwkc4izpjr9qwgtf7&aff_click_id=w08evhb4a4mhggdmi6cg3h1g&sub_id1=a422612
pragma: no-cache
set-cookie: 0f72aceb-1686-4bca-a918-ff82f889bf8f-v4=h2WMkmpgb-WVIoua9Yt0gIgx5W-CLpsiLH6dhgvSKxI; Max-Age=86400; Expires=Mon, 06-Feb-2023 08:25:10 GMT; Domain=track.wbdpnz.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=DFQdI0OWSa5O0VqWovKwP6Fmf86%2Bp4G0FAb7sjucPq4A2XGy7XM0Yidx6DNnfwxpGOK17jQ3gOw727iHA%2F0GAMFLCT2AK%2FUbZjnWJ3Xez134l05dmVhHKC4zDunrAoty%2FMIgkGa96VAcr%2Fys%2BsJywg%3D%3D; Max-Age=31536000; Expires=Mon, 05-Feb-2024 08:25:10 GMT; Domain=track.wbdpnz.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
aws.redirclickid.com/click.php?key=8x1zwkc4izpjr9qwgtf7&aff_click_id=w08evhb4a4mhggdmi6cg3h1g&sub_id1=a422612
161.35.204.207302 Found 0 B URL HTTP/1.1 aws.redirclickid.com/click.php?key=8x1zwkc4izpjr9qwgtf7&aff_click_id=w08evhb4a4mhggdmi6cg3h1g&sub_id1=a422612
IP 161.35.204.207:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click.php?key=8x1zwkc4izpjr9qwgtf7&aff_click_id=w08evhb4a4mhggdmi6cg3h1g&sub_id1=a422612 HTTP/1.1
Host: aws.redirclickid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3e5cj.haxbyq.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.20.2
Date: Sun, 05 Feb 2023 08:25:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=17qdtwdu0; expires=Mon, 06-Feb-2023 08:25:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=17qdtwdu0-17qdtwdu0-fe-0-fe-i4-fe-8ef959; expires=Mon, 06-Feb-2023 08:25:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: http://kooolboomin.com/redirect?tid=900714&subid=1235_bd95e41dbe220c1d3df4f065db8fb008&puid=35d0417qdtwdu0ea7
Strict-Transport-Security: max-age=31536000
kooolboomin.com/redirect?tid=900714&subid=1235_bd95e41dbe220c1d3df4f065db8fb008&puid=35d0417qdtwdu0ea7
65.9.44.106302 Found 0 B URL HTTP/1.1 kooolboomin.com/redirect?tid=900714&subid=1235_bd95e41dbe220c1d3df4f065db8fb008&puid=35d0417qdtwdu0ea7
IP 65.9.44.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=900714&subid=1235_bd95e41dbe220c1d3df4f065db8fb008&puid=35d0417qdtwdu0ea7 HTTP/1.1
Host: kooolboomin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Date: Sun, 05 Feb 2023 08:25:10 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
set-cookie: csu=5e5a2448-bbf9-4c70-b863-32a18441e7ce
Location: https://qtjsn.heparlorne.com/EIJGSVU?tag_id=900714&sub_id1=1235_bd95e41dbe220c1d3df4f065db8fb008&sub_id2=9140710491036486113&cookie_id=5e5a2448-bbf9-4c70-b863-32a18441e7ce&lp=allow18_b&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fkooolboomin.com%2F%3Ftid%3D900720%26noocp%3D1%26subid%3D1235_bd95e41dbe220c1d3df4f065db8fb008&geo=NO
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 d30a7800f939c215cded21c657c43fc8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: rLLOvdU4a2q6lNWL-C1tbdJFulM-cU5WKYA63jLGg8EibWFj9KvsDw==
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4866bf0974713031f175b7299fb8b250
ca66d432830e8d61b1e89fc4da55e48016def585
41848ac3cdfa810960aacc84a9ddf7743f7e60fc4dd00725e03a46a968811c7d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41848AC3CDFA810960AACC84A9DDF7743F7E60FC4DD00725E03A46A968811C7D"
Last-Modified: Sat, 04 Feb 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4392
Expires: Sun, 05 Feb 2023 09:38:22 GMT
Date: Sun, 05 Feb 2023 08:25:10 GMT
Connection: keep-alive
qtjsn.heparlorne.com/favicon.ico
52.20.131.174204 No Content 0 B URL HTTP/2 qtjsn.heparlorne.com/favicon.ico
IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: qtjsn.heparlorne.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtjsn.heparlorne.com/EIJGSVU?tag_id=900714&sub_id1=1235_bd95e41dbe220c1d3df4f065db8fb008&sub_id2=9140710491036486113&cookie_id=5e5a2448-bbf9-4c70-b863-32a18441e7ce&lp=allow18_b&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fkooolboomin.com%2F%3Ftid%3D900720%26noocp%3D1%26subid%3D1235_bd95e41dbe220c1d3df4f065db8fb008&geo=NO
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d09cd05d951779967af874274fbb4875
119e58de80b389f59c445f045371d49e4414767e
1a3f1b8c4f3a485afca5745a30c8402d66b56434f360e11d7ec2063fc9851908
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 08:25:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d09cd05d951779967af874274fbb4875
119e58de80b389f59c445f045371d49e4414767e
1a3f1b8c4f3a485afca5745a30c8402d66b56434f360e11d7ec2063fc9851908
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 08:25:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
verysilenit.com/utx?tid=900714&top=qtjsn.heparlorne.com&cb=0uA6gBIBIlMg
108.157.229.13204 No Content 0 B URL HTTP/2 verysilenit.com/utx?tid=900714&top=qtjsn.heparlorne.com&cb=0uA6gBIBIlMg
IP 108.157.229.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=900714&top=qtjsn.heparlorne.com&cb=0uA6gBIBIlMg HTTP/1.1
Host: verysilenit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://qtjsn.heparlorne.com
Connection: keep-alive
Referer: https://qtjsn.heparlorne.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 05 Feb 2023 08:25:11 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://qtjsn.heparlorne.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 05 Feb 2023 08:26:11 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fdac35835bcf0937b6f910eeac10720e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 9l4T5jY5QGjuigtDzPzUCi_y0iqFpmeMXc2U0vVq9E13Ot1mRs6ECw==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ac85d3e0a8ec2827b2e3f0eca3336919
4b630e134dcb05e77c44e313f22f2214b51841a2
d1747dfa46c4ca2dcc3239bd1376ae7401b4b3e7b8d260dc4162b9b8208cd6f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3901
Cache-Control: max-age=93137
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 08:25:11 GMT
Etag: "63de217b-1d7"
Expires: Mon, 06 Feb 2023 10:17:28 GMT
Last-Modified: Sat, 04 Feb 2023 09:12:27 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
qtjsn.heparlorne.com/dlp?st=1&lp=allow18_b&geo=NO
52.20.131.174200 OK 28 kB URL HTTP/2 qtjsn.heparlorne.com/dlp?st=1&lp=allow18_b&geo=NO
IP 52.20.131.174:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source text\012- exported SGML document, ASCII text, with very long lines (55568)
Hash e85bda7cb8d7a6efb391493830ef54ef
0c5d95f0fbda402d1548d422e70a7f98f70417da
be2a25f0be524939a40d51ba9779979ec76153691e89e673c6cd36b71186a86e
GET /dlp?st=1&lp=allow18_b&geo=NO HTTP/1.1
Host: qtjsn.heparlorne.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtjsn.heparlorne.com/EIJGSVU?tag_id=900714&sub_id1=1235_bd95e41dbe220c1d3df4f065db8fb008&sub_id2=9140710491036486113&cookie_id=5e5a2448-bbf9-4c70-b863-32a18441e7ce&lp=allow18_b&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fkooolboomin.com%2F%3Ftid%3D900720%26noocp%3D1%26subid%3D1235_bd95e41dbe220c1d3df4f065db8fb008&geo=NO
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"11194-GBL60PCpELCqqhwZcBLZokVwJ98"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 397 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385)
Hash d85a63c502ae10c9719c9c8efeec53ab
7c0bd9ec5a228eaac7e2e6d09908624e510fa2ee
d70a3e2baa6c401194be19a8fa7281065a73b8c9a28e9488a11662d71ab8249a
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtjsn.heparlorne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 Feb 2023 08:25:11 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-2029729103%3A1675585511616876&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcZ7op5aFkPaoKXl_LYfF11wX3BhnNBovT1pJchUyfbbqvbU28Kq7nyuEdgTea2A4-iMhSGKw
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-RM5kjPDviLv_HJiDVafFRw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 397
server: GSE
set-cookie: __Host-GAPS=1:zGKa3ckmLJcV3mq7w3_GvLDFAfAXvA:EWcElxpzPTt7_4OI;Path=/;Expires=Tue, 04-Feb-2025 08:25:11 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-1509427002%3A1675585511577591&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf7fzhIor2fnPeY4CrtrivXipUZiqN4j0ftYJUUOG4B6X_-y2gCYHtDVBUL_TwNPtL8Cm8HIA
216.58.207.237403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-1509427002%3A1675585511577591&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf7fzhIor2fnPeY4CrtrivXipUZiqN4j0ftYJUUOG4B6X_-y2gCYHtDVBUL_TwNPtL8Cm8HIA
IP 216.58.207.237:0
Hash 40302a403eac6e76c694019ed3421a26
962fd6031012cb221bc3de3a075d9ec2468ff187
5890d70e2582244e94a3ddfcc6bc2f6879ff9cfc2e5453c72e683fdb50966bd9
GET /v3/signin/identifier?dsh=S-1509427002%3A1675585511577591&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHf7fzhIor2fnPeY4CrtrivXipUZiqN4j0ftYJUUOG4B6X_-y2gCYHtDVBUL_TwNPtL8Cm8HIA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qtjsn.heparlorne.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 Feb 2023 08:25:11 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-aUT89ABIwWef4e4CNnoZDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S-2029729103%3A1675585511616876&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcZ7op5aFkPaoKXl_LYfF11wX3BhnNBovT1pJchUyfbbqvbU28Kq7nyuEdgTea2A4-iMhSGKw
216.58.207.237403 Forbidden 1.3 kB URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S-2029729103%3A1675585511616876&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcZ7op5aFkPaoKXl_LYfF11wX3BhnNBovT1pJchUyfbbqvbU28Kq7nyuEdgTea2A4-iMhSGKw
IP 216.58.207.237:0
Hash 8a24d8ca2855ba2c0eeb13b187e54a26
a8f9873dad887a948b595ac8b9d2ae00d51002d0
ef3b72637b26bc13547b730cf720bea97d049744e2605866b71db7174f6a8bdd
GET /v3/signin/identifier?dsh=S-2029729103%3A1675585511616876&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcZ7op5aFkPaoKXl_LYfF11wX3BhnNBovT1pJchUyfbbqvbU28Kq7nyuEdgTea2A4-iMhSGKw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qtjsn.heparlorne.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 05 Feb 2023 08:25:11 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-1NT9pD-IdbN-RfZp3HZtAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
qtjsn.heparlorne.com/
52.20.131.174200 OK 0 B IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: qtjsn.heparlorne.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 420
Origin: https://qtjsn.heparlorne.com
Connection: keep-alive
Referer: https://qtjsn.heparlorne.com/EIJGSVU?tag_id=900714&sub_id1=1235_bd95e41dbe220c1d3df4f065db8fb008&sub_id2=9140710491036486113&cookie_id=5e5a2448-bbf9-4c70-b863-32a18441e7ce&lp=allow18_b&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fkooolboomin.com%2F%3Ftid%3D900720%26noocp%3D1%26subid%3D1235_bd95e41dbe220c1d3df4f065db8fb008&geo=NO
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.221.35200 OK 6.8 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.221.35:0
File type ASCII text, with very long lines (11285), with no line terminators
Hash 172adbee15614c82427607a9ff4e7d4b
b8dc41e5fc73d4e4fa416ae646d0c60408f2b898
e37fa895d5e94c4f8de59f228761c5bec2a8abe2675c6464d077263ffdc9683e
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtjsn.heparlorne.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: aSzoQ84Q5I6lUzJu7uLGigubyZoX3EBgLEmRpGRviujESXZm+plCFhWAWKhMJhPhGHdv354SE4X0+cxYr857pg==
date: Sun, 05 Feb 2023 08:25:11 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
qtjsn.heparlorne.com/
52.20.131.174200 OK 0 B IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: qtjsn.heparlorne.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qtjsn.heparlorne.com/UmZ1clYJRExCZmVXQVB6cFdHQWMNBBFLYzdSRBY0N1RHQjVjAkYWMGYARURjNgRNFDRiVk1QenBfREZmZVdFRm9jVkZEYmpQRENlcEpXRzNnB0dGYmpLFxAwa0tBEWFiSxdKYGFLRkA3Y15BRmc3URYXdH5EBgV0fkQEBjwhCFsaMyIHBx45IAgQXDU9C1dedGNWW0d0fgAUHiU3ShMTOiEDWRQ3PhUQLw
Content-Type: text/plain;charset=UTF-8
Origin: https://qtjsn.heparlorne.com
Content-Length: 390
Connection: keep-alive
Cookie: addfd6a4b528db9ec8aafee532738db0=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 92cdaebc8efa4ca71fa80d05d8c4752d
b7b66658e4df0633ca3777ee1e5d4ab1393f9300
f342a7321c1baba7ebab7dda3e8609c019fce515b7c2f5b9805d82266218a52d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=155541
Date: Sun, 05 Feb 2023 08:25:12 GMT
Etag: "63df2034-1d7"
Expires: Tue, 07 Feb 2023 03:37:33 GMT
Last-Modified: Sun, 05 Feb 2023 03:19:16 GMT
Server: ECS (dcb/7EEA)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aUqh9qbSNMBinARJCSLPcFrxWeOwGNvTKt5hjGAJ61KMgHTZpMLv_A==
Age: 1097
kooolboomin.com/?tid=900720&noocp=1&subid=1235_bd95e41dbe220c1d3df4f065db8fb008
65.9.44.55302 Found 0 B URL HTTP/2 kooolboomin.com/?tid=900720&noocp=1&subid=1235_bd95e41dbe220c1d3df4f065db8fb008
IP 65.9.44.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?tid=900720&noocp=1&subid=1235_bd95e41dbe220c1d3df4f065db8fb008 HTTP/1.1
Host: kooolboomin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtjsn.heparlorne.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://redirect.yieldtrk.com/c50deefa-9b7f-4292-b45b-88751a1ac853?siteid=900720&conversion=7184304446441820094&fl=
date: Sun, 05 Feb 2023 08:25:12 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=cc84e15e-c12e-4bd7-bbea-62340b34c256
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 efe5edfc97620ce0a17f2dafd5991870.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: AKwmwzkOf_Z1PhVM1d5yIF8z-BIq6UqQac7ZX-7Ts6Jk2ezFaIGdoA==
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.3.3
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.3.3
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.3.3 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 21:54:44 GMT
etag: W/"52a65-5b91fa735d100"
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Nunito%3A1%2C300%2C400%2C400italic%2C500%2C600%2C700%2C700italic%2C800%2C900&display=swap&ver=5.6.10
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Nunito%3A1%2C300%2C400%2C400italic%2C500%2C600%2C700%2C700italic%2C800%2C900&display=swap&ver=5.6.10
IP 142.250.74.106:0
GET /css?family=Nunito%3A1%2C300%2C400%2C400italic%2C500%2C600%2C700%2C700italic%2C800%2C900&display=swap&ver=5.6.10 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 08:25:04 GMT
date: Sun, 05 Feb 2023 08:25:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
qtjsn.heparlorne.com/mwystqvoxbdoa.php
52.20.131.174200 OK 0 B URL HTTP/2 qtjsn.heparlorne.com/mwystqvoxbdoa.php
IP 52.20.131.174:0
GET /mwystqvoxbdoa.php HTTP/1.1
Host: qtjsn.heparlorne.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qtjsn.heparlorne.com/EIJGSVU?tag_id=900714&sub_id1=1235_bd95e41dbe220c1d3df4f065db8fb008&sub_id2=9140710491036486113&cookie_id=5e5a2448-bbf9-4c70-b863-32a18441e7ce&lp=allow18_b&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fkooolboomin.com%2F%3Ftid%3D900720%26noocp%3D1%26subid%3D1235_bd95e41dbe220c1d3df4f065db8fb008&geo=NO
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-includes/js/jquery/ui/accordion.min.js?ver=1.12.1
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-includes/js/jquery/ui/accordion.min.js?ver=1.12.1
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/accordion.min.js?ver=1.12.1 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 04 Feb 2021 12:43:15 GMT
etag: W/"3063-5ba820c187ec0"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/js/plugins.js?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/js/plugins.js?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/js/plugins.js?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:47:55 GMT
etag: W/"32e2f-5b91d0b1a0cc0"
content-encoding: br
X-Firefox-Spdy: h2
efm5r.haxbyq.com/access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=3
185.56.234.205200 OK 0 B URL HTTP/2 efm5r.haxbyq.com/access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=3
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=3 HTTP/1.1
Host: efm5r.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ti137.haxbyq.com/
Cookie: truniq=1; ufp2=f793ac2db85098c57a1b2fe485f57ad0a9b87480
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 05 Feb 2023 08:25:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
qtjsn.heparlorne.com/UmZ1clYJRExCZmVXQVB6cFdHQWMNBBFLYzdSRBY0N1RHQjVjAkYWMGYARURjNgRNFDRiVk1QenBfREZmZVdFRm9jVkZEYmpQRENlcEpXRzNnB0dGYmpLFxAwa0tBEWFiSxdKYGFLRkA3Y15BRmc3URYXdH5EBgV0fkQEBjwhCFsaMyIHBx45IAgQXDU9C1dedGNWW0d0fgAUHiU3ShMTOiEDWRQ3PhUQLw
52.20.131.174200 OK 0 B URL HTTP/2 qtjsn.heparlorne.com/UmZ1clYJRExCZmVXQVB6cFdHQWMNBBFLYzdSRBY0N1RHQjVjAkYWMGYARURjNgRNFDRiVk1QenBfREZmZVdFRm9jVkZEYmpQRENlcEpXRzNnB0dGYmpLFxAwa0tBEWFiSxdKYGFLRkA3Y15BRmc3URYXdH5EBgV0fkQEBjwhCFsaMyIHBx45IAgQXDU9C1dedGNWW0d0fgAUHiU3ShMTOiEDWRQ3PhUQLw
IP 52.20.131.174:0
GET /UmZ1clYJRExCZmVXQVB6cFdHQWMNBBFLYzdSRBY0N1RHQjVjAkYWMGYARURjNgRNFDRiVk1QenBfREZmZVdFRm9jVkZEYmpQRENlcEpXRzNnB0dGYmpLFxAwa0tBEWFiSxdKYGFLRkA3Y15BRmc3URYXdH5EBgV0fkQEBjwhCFsaMyIHBx45IAgQXDU9C1dedGNWW0d0fgAUHiU3ShMTOiEDWRQ3PhUQLw HTTP/1.1
Host: qtjsn.heparlorne.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: addfd6a4b528db9ec8aafee532738db0=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8466-nhnj2wR0bEj7DT67UjuBIf+P3no"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.3.3
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.3.3
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.3.3 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 21:54:44 GMT
etag: W/"eb81-5b91fa7365c0d"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-includes/js/jquery/ui/tabs.min.js?ver=1.12.1
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-includes/js/jquery/ui/tabs.min.js?ver=1.12.1
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/tabs.min.js?ver=1.12.1 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 15 Apr 2021 13:10:26 GMT
etag: W/"3d17-5c0029633d480"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.12.1 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 15 Apr 2021 13:10:26 GMT
etag: W/"5fbf-5c0029633d480"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-includes/js/jquery/ui/sortable.min.js?ver=1.12.1
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-includes/js/jquery/ui/sortable.min.js?ver=1.12.1
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
GET /wp-includes/js/jquery/ui/sortable.min.js?ver=1.12.1 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 15 Apr 2021 13:10:26 GMT
etag: W/"6f5a-5c0029633d480"
content-encoding: br
X-Firefox-Spdy: h2
ti137.haxbyq.com/access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=2
185.56.234.205200 OK 0 B URL HTTP/2 ti137.haxbyq.com/access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=2
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=2 HTTP/1.1
Host: ti137.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2yxqc.haxbyq.com/
Cookie: truniq=1; ufp2=f793ac2db85098c57a1b2fe485f57ad0a9b87480
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 05 Feb 2023 08:25:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
72elu.haxbyq.com/access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=5
185.56.234.205200 OK 0 B URL HTTP/2 72elu.haxbyq.com/access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=5
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=5 HTTP/1.1
Host: 72elu.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://53izu.haxbyq.com/
Cookie: truniq=1; ufp2=f793ac2db85098c57a1b2fe485f57ad0a9b87480
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 05 Feb 2023 08:25:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/css/shortcodes.css?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/css/shortcodes.css?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/css/shortcodes.css?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:13:57 GMT
etag: W/"211f7-5b91c91a17ea9"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/assets/ui/jquery.ui.all.css?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/assets/ui/jquery.ui.all.css?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/assets/ui/jquery.ui.all.css?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:13:40 GMT
etag: W/"48eb-5b91c90a643e0"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.5.1 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 02 Sep 2022 09:50:35 GMT
etag: W/"18116-5e7aea95810c0"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/js/parallax/translate3d.js?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/js/parallax/translate3d.js?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
GET /wp-content/themes/betheme/js/parallax/translate3d.js?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:47:56 GMT
etag: W/"1e07-5b91d0b294f00"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3.2
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3.2
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3.2 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 21:54:43 GMT
etag: W/"780-5b91fa72a3690"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/css/layout.css?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/css/layout.css?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
GET /wp-content/themes/betheme/css/layout.css?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:13:54 GMT
etag: W/"1cd5c-5b91c917f11d9"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/js/menu.js?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/js/menu.js?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/js/menu.js?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:47:54 GMT
etag: W/"1819-5b91d0b0aca80"
content-encoding: br
X-Firefox-Spdy: h2
ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6MiwicG0iOjJ9eyJ&d=haxbyq.com&tpl=24&pbd=iOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNpMSI6InNhbmR5MSIsImkiOiIxIn0=eyJwaWQ
172.67.197.128200 OK 0 B URL HTTP/2 ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6MiwicG0iOjJ9eyJ&d=haxbyq.com&tpl=24&pbd=iOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNpMSI6InNhbmR5MSIsImkiOiIxIn0=eyJwaWQ
IP 172.67.197.128:0
GET /v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6MiwicG0iOjJ9eyJ&d=haxbyq.com&tpl=24&pbd=iOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNpMSI6InNhbmR5MSIsImkiOiIxIn0=eyJwaWQ HTTP/1.1
Host: ulmoyc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2yxqc.haxbyq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 08:25:07 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=14400
access-control-allow-origin: https://haxbyq.com
etag: W/"lGNaHaCuCcGG4rNFS0YTIded5VA"
x-zone: eu
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WJWE4CUWFu35%2FyKMlUWyI1zObFIlDJ%2Bdi%2BImyPVnIqP%2BH3tgzQj28eeSfKO6ZPdJQJV1zcSeM9BwXnOauFt5WZn0yzULqmJZCW7hSPTPEy10bOTbPKNAcY1zuE66"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794a40ec2c500b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ulmoyc.com/fp.js?d=2yxqc.haxbyq.com
172.67.197.128200 OK 0 B URL HTTP/2 ulmoyc.com/fp.js?d=2yxqc.haxbyq.com
IP 172.67.197.128:0
GET /fp.js?d=2yxqc.haxbyq.com HTTP/1.1
Host: ulmoyc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2yxqc.haxbyq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 08:25:07 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
max-age: 0
access-control-allow-origin: https://2yxqc.haxbyq.com
x-zone: eu
last-modified: Sun, 05 Feb 2023 08:25:07 GMT
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2XaQIqoiiLKhq%2FayLB4pPGgWStMdprfXHRtsaRWpnf%2B%2BXt%2FDnsA16WmUik7yY6o8sym%2FNyVKZ%2Fgy9e4ZYHf4WshEAWfzMH9%2FKAQusHbZVZE12%2F9G2KvNz%2FD58gBJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794a40ec8ca70b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s645t.haxbyq.com/access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=6
185.56.234.205200 OK 0 B URL HTTP/2 s645t.haxbyq.com/access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=6
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&i=6 HTTP/1.1
Host: s645t.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://72elu.haxbyq.com/
Cookie: truniq=1; ufp2=f793ac2db85098c57a1b2fe485f57ad0a9b87480
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 05 Feb 2023 08:25:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-includes/css/dist/block-library/style.min.css?ver=5.6.10
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-includes/css/dist/block-library/style.min.css?ver=5.6.10
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.6.10 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 22 Feb 2021 19:16:29 GMT
etag: W/"c88a-5bbf1a38fd650"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/assets/animations/animations.min.css?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/assets/animations/animations.min.css?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/assets/animations/animations.min.css?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:13:37 GMT
etag: W/"e4a1-5b91c90704ee2"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 12 Sep 2022 14:26:04 GMT
etag: W/"4710-5e87bacf8e132"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/assets/jplayer/jplayer.min.js?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/assets/jplayer/jplayer.min.js?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
GET /wp-content/themes/betheme/assets/jplayer/jplayer.min.js?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:13:38 GMT
etag: W/"dbed-5b91c907eb880"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/plugins/google-analytics-for-wordpress/assets/css/frontend.min.css?ver=7.14.0
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/plugins/google-analytics-for-wordpress/assets/css/frontend.min.css?ver=7.14.0
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/google-analytics-for-wordpress/assets/css/frontend.min.css?ver=7.14.0 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:11:16 GMT
etag: W/"1e0f-5b91c88127282"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-includes/js/wp-emoji-release.min.js?ver=5.6.10
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-includes/js/wp-emoji-release.min.js?ver=5.6.10
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.6.10 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 20 Aug 2022 10:20:53 GMT
etag: W/"5a09-5e6a991c4ab40"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/assets/animations/animations.min.js?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/assets/animations/animations.min.js?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
GET /wp-content/themes/betheme/assets/animations/animations.min.js?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:13:37 GMT
etag: W/"15b3-5b91c906f7640"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/js/scripts.js?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/js/scripts.js?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/js/scripts.js?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:47:55 GMT
etag: W/"12310-5b91d0b1a0cc0"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3.2
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3.2
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3.2 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 21:54:43 GMT
etag: W/"4654-5b91fa7268ec0"
content-encoding: br
X-Firefox-Spdy: h2
cqwajn.com/gosl/InNpZCI6MTE4NDYwMiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=sandy1
172.67.199.124302 Found 0 B URL HTTP/2 cqwajn.com/gosl/InNpZCI6MTE4NDYwMiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=sandy1
IP 172.67.199.124:0
GET /gosl/InNpZCI6MTE4NDYwMiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=sandy1 HTTP/1.1
Host: cqwajn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goaway.dofollowgreenline.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 05 Feb 2023 08:25:06 GMT
content-type: text/html; charset=UTF-8
location: https://haxbyq.com/access-website?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTIsInNyYyI6Mn0=eyJ&si1=sandy1&si2=
cache-control: no-cache
max-age: 0
x-zone: eu
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UpmM%2FB0SEGZloNWzfn0MSdLcoJ%2B7L2DoqyNZdXM%2BV6fJQebIN35q0ESSxKTJ%2BAW4ZtmvTlQHsH9qBOsVd17cGJ1Kw1dI%2F6vFz71Ieua7mVAmeWl69JfhrGpNu6e7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794a40e98e501bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
qtjsn.heparlorne.com/EIJGSVU?tag_id=900714&sub_id1=1235_bd95e41dbe220c1d3df4f065db8fb008&sub_id2=9140710491036486113&cookie_id=5e5a2448-bbf9-4c70-b863-32a18441e7ce&lp=allow18_b&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fkooolboomin.com%2F%3Ftid%3D900720%26noocp%3D1%26subid%3D1235_bd95e41dbe220c1d3df4f065db8fb008&geo=NO
52.20.131.174200 OK 0 B URL HTTP/2 qtjsn.heparlorne.com/EIJGSVU?tag_id=900714&sub_id1=1235_bd95e41dbe220c1d3df4f065db8fb008&sub_id2=9140710491036486113&cookie_id=5e5a2448-bbf9-4c70-b863-32a18441e7ce&lp=allow18_b&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fkooolboomin.com%2F%3Ftid%3D900720%26noocp%3D1%26subid%3D1235_bd95e41dbe220c1d3df4f065db8fb008&geo=NO
IP 52.20.131.174:0
GET /EIJGSVU?tag_id=900714&sub_id1=1235_bd95e41dbe220c1d3df4f065db8fb008&sub_id2=9140710491036486113&cookie_id=5e5a2448-bbf9-4c70-b863-32a18441e7ce&lp=allow18_b&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fkooolboomin.com%2F%3Ftid%3D900720%26noocp%3D1%26subid%3D1235_bd95e41dbe220c1d3df4f065db8fb008&geo=NO HTTP/1.1
Host: qtjsn.heparlorne.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"3227-VqrXvmYR36xbChXndi1h1UHAGwg"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
www.poistenie-deti.sk/
37.9.175.132404 Not Found 0 B IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.poistenie-deti.sk/wp-json/>; rel="https://api.w.org/"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/style.css?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/style.css?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/style.css?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:13:34 GMT
etag: W/"15e-5b91c90448b5c"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/css/base.css?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/css/base.css?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/css/base.css?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:13:53 GMT
etag: W/"da37-5b91c9172bd7c"
content-encoding: br
X-Firefox-Spdy: h2
www.poistenie-deti.sk/wp-content/themes/betheme/assets/jplayer/css/jplayer.blue.monday.css?ver=21.9.7
37.9.175.132200 OK 0 B URL HTTP/2 www.poistenie-deti.sk/wp-content/themes/betheme/assets/jplayer/css/jplayer.blue.monday.css?ver=21.9.7
IP 37.9.175.132:0
ASN #51013 WebSupport s.r.o.
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/betheme/assets/jplayer/css/jplayer.blue.monday.css?ver=21.9.7 HTTP/1.1
Host: www.poistenie-deti.sk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.poistenie-deti.sk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Sun, 05 Feb 2023 08:25:04 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 17 Jan 2021 18:13:38 GMT
etag: W/"266a-5b91c908dca07"
content-encoding: br
X-Firefox-Spdy: h2