Report - dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

Report Overview

Visitedpublic

2025-04-27 07:11:44

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
weedpharmstore.com	unknown	unknown	2025-04-27	2025-04-27	4.3 kB	0 B	0.0.0.0
dc7131104d.nxcli.io	unknown	2017-12-05	2025-04-27	2025-04-27	1.5 kB	20 kB	192.190.220.156
fonts.bunny.net	unknown	1999-11-22	2022-03-21	2025-04-24	1.1 kB	27 kB	194.242.11.186

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-27 07:11:12	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-04-27 07:11:28	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-04-27 07:11:39	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-04-27 07:11:43	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-27	medium	weedpharmstore.com	Sinkholed
2025-04-27	medium	weedpharmstore.com	Sinkholed
2025-04-27	medium	weedpharmstore.com	Sinkholed
2025-04-27	medium	weedpharmstore.com	Sinkholed
2025-04-27	medium	weedpharmstore.com	Sinkholed
2025-04-27	medium	weedpharmstore.com	Sinkholed
2025-04-27	medium	weedpharmstore.com	Sinkholed
2025-04-27	medium	weedpharmstore.com	Sinkholed
2025-04-27	medium	weedpharmstore.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php	ScriptElement	294 B	2025-04-27	2025-05-14
URL dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php IP / ASN 192.190.220.156 #32244 LIQUIDWEB Introduced by ScriptElement Embedded true Resource Info First Seen 2025-04-27 Last Seen 2025-05-14 Times Seen 2 Size 294 B (294 bytes) MD5 ae1ee7906aa9207d9afc80354535f5e2 SHA1 2e7a4699434186d707b493837b9da6613d2e8623 SHA256 4d596e34699ae221163e57c98807a2b45329279ef0616deae96e43a1653ac04f Format Code Loading...

HTTP Transactions (14)

URL IP Response Size

GET weedpharmstore.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

0.0.0.0

0 B

URL

weedpharmstore.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

IP / ASN

0.0.0.0

Requested byhttps://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605886

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1
Host: weedpharmstore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc7131104d.nxcli.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

192.190.220.156

301 Moved Permanently

6.2 kB

URL

dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

IP / ASN

192.190.220.156

#32244 LIQUIDWEB

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605886

Size6.2 kB (6206 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/themes/twentytwenty/dhl/cart.php HTTP/1.1
Host: dc7131104d.nxcli.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 27 Apr 2025 07:11:16 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0, no-store, private
X-Redirect-By: WordPress
Location: https://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php
X-NoCache: 1

GET weedpharmstore.com/wp-content/plugins/maintenance/load/css/style.css?ver=1695779137

0.0.0.0

0 B

URL

weedpharmstore.com/wp-content/plugins/maintenance/load/css/style.css?ver=1695779137

IP / ASN

0.0.0.0

Requested byhttps://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605886

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/maintenance/load/css/style.css?ver=1695779137 HTTP/1.1
Host: weedpharmstore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc7131104d.nxcli.io/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET weedpharmstore.com/wp-content/uploads/2021/05/mt-sample-background.jpg

0.0.0.0

0 B

URL

weedpharmstore.com/wp-content/uploads/2021/05/mt-sample-background.jpg

IP / ASN

0.0.0.0

Requested byhttps://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605886

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2021/05/mt-sample-background.jpg HTTP/1.1
Host: weedpharmstore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc7131104d.nxcli.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET weedpharmstore.com/wp-content/plugins/maintenance/load/js/jquery.frontend.js?ver=1695779159

0.0.0.0

0 B

URL

weedpharmstore.com/wp-content/plugins/maintenance/load/js/jquery.frontend.js?ver=1695779159

IP / ASN

0.0.0.0

Requested byhttps://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605886

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/maintenance/load/js/jquery.frontend.js?ver=1695779159 HTTP/1.1
Host: weedpharmstore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc7131104d.nxcli.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET fonts.bunny.net/open-sans/files/open-sans-latin-400-normal.woff2

194.242.11.186

200 OK

19 kB

URL

fonts.bunny.net/open-sans/files/open-sans-latin-400-normal.woff2

IP / ASN

194.242.11.186

#34989 ServeTheWorld AS

Requested byhttps://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 18668, version 1.0

First Seen2023-12-15

Last Seen2025-08-02

Times Seen12241

Size19 kB (18668 bytes)

MD58655d20bbcc8cdbfab17b6be6cf55df3

SHA190edbfa9a7dabb185487b4774076f82eb6412270

SHA256e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

Certificate Info

IssuerLet's Encrypt

Subjectfonts.bunny.net

FingerprintBF:19:B5:3D:6E:18:DD:BF:92:5A:80:E9:68:1A:27:20:66:98:C1:C5

ValidityThu, 27 Mar 2025 19:10:07 GMT - Wed, 25 Jun 2025 19:10:06 GMT

HTTP Headers

GET /open-sans/files/open-sans-latin-400-normal.woff2 HTTP/1.1
Host: fonts.bunny.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://dc7131104d.nxcli.io
DNT: 1
Connection: keep-alive
Referer: https://fonts.bunny.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 07:11:17 GMT
content-type: font/woff2
content-length: 18668
server: BunnyCDN-NO1-830
cdn-pullzone: 781720
cdn-uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=2592000
etag: "66f072c3-48ec"
last-modified: Sun, 22 Sep 2024 19:40:51 GMT
cdn-storageserver: SE-583
cdn-fileserver: 344
cdn-proxyver: 1.23
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/19/2025 19:24:25
cdn-edgestorageid: 830
cdn-requestid: 2386b8c5cabb5bb05cfb0905a37e13c7
cdn-cache: HIT
cdn-status: 200
cdn-requesttime: 0
accept-ranges: bytes
X-Firefox-Spdy: h2

GET weedpharmstore.com/wp-content/plugins/maintenance/load/js/jquery.frontend.js?ver=1695779159

0.0.0.0

0 B

URL

weedpharmstore.com/wp-content/plugins/maintenance/load/js/jquery.frontend.js?ver=1695779159

IP / ASN

0.0.0.0

Requested byhttps://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605886

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/maintenance/load/js/jquery.frontend.js?ver=1695779159 HTTP/1.1
Host: weedpharmstore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc7131104d.nxcli.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET weedpharmstore.com/wp-content/uploads/2020/12/weed-pharm-favicon.png

0.0.0.0

0 B

URL

weedpharmstore.com/wp-content/uploads/2020/12/weed-pharm-favicon.png

IP / ASN

0.0.0.0

Requested byhttps://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605886

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2020/12/weed-pharm-favicon.png HTTP/1.1
Host: weedpharmstore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc7131104d.nxcli.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET weedpharmstore.com/wp-content/uploads/2020/12/weed-pharm-favicon-100x100.png

0.0.0.0

0 B

URL

weedpharmstore.com/wp-content/uploads/2020/12/weed-pharm-favicon-100x100.png

IP / ASN

0.0.0.0

Requested byhttps://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605886

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2020/12/weed-pharm-favicon-100x100.png HTTP/1.1
Host: weedpharmstore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc7131104d.nxcli.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

192.190.220.156

404 Not Found

6.2 kB

URL

dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

IP / ASN

192.190.220.156

#32244 LIQUIDWEB

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (1102)

First Seen2025-04-27

Last Seen2025-04-27

Times Seen1

Size6.2 kB (6206 bytes)

MD5e610d2970a6a1601ceabd3264615340d

SHA128ac0944d4425b8d16415c69acd9fddffa478fb3

SHA256d80ab045105375c7ede2bd4eee6108afae5e609d8b2197cbaddbe75c3ee011e7

Certificate Info

IssuerLet's Encrypt

Subjectdc7131104d.nxcli.io

Fingerprint54:BE:25:B6:93:DF:82:2D:ED:22:2A:84:16:26:94:D2:F9:B6:6F:C6

ValidityThu, 27 Mar 2025 10:06:19 GMT - Wed, 25 Jun 2025 10:06:18 GMT

HTTP Headers

GET /wp-content/themes/twentytwenty/dhl/cart.php HTTP/1.1
Host: dc7131104d.nxcli.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Sun, 27 Apr 2025 07:11:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://weedpharmstore.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
content-encoding: br
X-Firefox-Spdy: h2

GET fonts.bunny.net/css?family=Open%20Sans:300,300italic,regular,italic,600,600italic,700,700italic,800,800italic:300

194.242.11.186

200 OK

6.3 kB

URL

fonts.bunny.net/css?family=Open%20Sans:300,300italic,regular,italic,600,600italic,700,700italic,800,800italic:300

IP / ASN

194.242.11.186

#34989 ServeTheWorld AS

Requested byhttps://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

Resource Info

File typeASCII text, with very long lines (1445)

First Seen2025-01-04

Last Seen2025-08-02

Times Seen112

Size6.3 kB (6336 bytes)

MD5fcb98820f67d11281c51cf82d75201bc

SHA11bef3e3e13ea32dfbfc0595be15756a9566eb7a9

SHA25645c1649dae3c4cba7e3829c7a852d4dc607f1b727ed1955ed7c82b5be0debba5

Certificate Info

IssuerLet's Encrypt

Subjectfonts.bunny.net

FingerprintBF:19:B5:3D:6E:18:DD:BF:92:5A:80:E9:68:1A:27:20:66:98:C1:C5

ValidityThu, 27 Mar 2025 19:10:07 GMT - Wed, 25 Jun 2025 19:10:06 GMT

HTTP Headers

GET /css?family=Open%20Sans:300,300italic,regular,italic,600,600italic,700,700italic,800,800italic:300 HTTP/1.1
Host: fonts.bunny.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc7131104d.nxcli.io/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 07:11:17 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
server: BunnyCDN-NO1-830
cdn-pullzone: 781720
cdn-uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
alt-svc: h3=":443"
cache-control: public, max-age=2592000
last-modified: Wed, 09 Apr 2025 17:06:49 GMT
cdn-proxyver: 1.22
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/09/2025 17:06:49
cdn-edgestorageid: 830
cdn-requestid: b6f56b81b7841a4eafdc60d279265d70
cdn-cache: HIT
cdn-status: 200
cdn-requesttime: 0
content-encoding: br
X-Firefox-Spdy: h2

GET weedpharmstore.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

0.0.0.0

0 B

URL

weedpharmstore.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

IP / ASN

0.0.0.0

Requested byhttps://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605886

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1
Host: weedpharmstore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc7131104d.nxcli.io/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET weedpharmstore.com/wp-content/plugins/maintenance/load/css/fonts.css?ver=1695779137

0.0.0.0

0 B

URL

weedpharmstore.com/wp-content/plugins/maintenance/load/css/fonts.css?ver=1695779137

IP / ASN

0.0.0.0

Requested byhttps://dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605886

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/maintenance/load/css/fonts.css?ver=1695779137 HTTP/1.1
Host: weedpharmstore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dc7131104d.nxcli.io/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

192.190.220.156

404 Not Found

6.2 kB

URL

dc7131104d.nxcli.io/wp-content/themes/twentytwenty/dhl/cart.php

IP / ASN

192.190.220.156

#32244 LIQUIDWEB

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (1102)

First Seen2025-04-27

Last Seen2025-04-27

Times Seen1

Size6.2 kB (6206 bytes)

MD5e610d2970a6a1601ceabd3264615340d

SHA128ac0944d4425b8d16415c69acd9fddffa478fb3

SHA256d80ab045105375c7ede2bd4eee6108afae5e609d8b2197cbaddbe75c3ee011e7

Certificate Info

IssuerLet's Encrypt

Subjectdc7131104d.nxcli.io

Fingerprint54:BE:25:B6:93:DF:82:2D:ED:22:2A:84:16:26:94:D2:F9:B6:6F:C6

ValidityThu, 27 Mar 2025 10:06:19 GMT - Wed, 25 Jun 2025 10:06:18 GMT

HTTP Headers

GET /wp-content/themes/twentytwenty/dhl/cart.php HTTP/1.1
Host: dc7131104d.nxcli.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Sun, 27 Apr 2025 07:11:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://weedpharmstore.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0, no-store, private
content-encoding: br
X-Firefox-Spdy: h2