Overview

URL cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
IP144.91.69.83
ASNContabo GmbH
Location Germany
Report completed2022-09-27 23:08:18 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-27 2 cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/plugins/woocommerce/packages/woocommerce-blocks/ (...) Malware
2022-09-27 2 cloudsoft.or.ke/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 Malware
2022-09-27 2 cloudsoft.or.ke/wp-includes/css/dashicons.min.css?ver=6.0.2 Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/plugins/woocommerce/packages/woocommerce-blocks/ (...) Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/themes/zakra/assets/css/woocommerce.css?ver=2.0.9 Malware
2022-09-27 2 cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/fo (...) Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/themes/zakra/style.css?ver=6.0.2 Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/frontend/add-to-ca (...) Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/frontend/woocommer (...) Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/frontend/cart-frag (...) Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jqu (...) Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/themes/zakra/assets/js/navigation.min.js?ver=20151215 Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/themes/zakra/assets/js/zakra-custom.min.js?ver=6.0.2 Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/themes/zakra/assets/js/skip-link-focus-fix.min.j (...) Malware
2022-09-27 2 cloudsoft.or.ke/wp-content/plugins/ParticleJs-WP-Plugin-master//includes/pa (...) Malware
2022-09-27 2 cloudsoft.or.ke/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Malware
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed
2022-09-27 2 cloudsoft.or.ke Sinkholed


Files

No files detected



Passive DNS (10)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-27 04:52:25 UTC 23.36.77.32
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-27 21:28:46 UTC 93.184.220.29
mnemonic passive DNS ocsp.pki.goog (2) 175 2017-06-14 07:23:31 UTC 2022-09-27 04:53:14 UTC 142.250.74.3
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-09-27 16:37:28 UTC 142.250.74.10
mnemonic passive DNS cloudsoft.or.ke (23) 0 2020-12-06 09:31:32 UTC 2022-09-27 13:38:29 UTC 144.91.69.83 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-27 05:14:54 UTC 143.204.55.35
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-27 04:52:33 UTC 34.117.237.239
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-27 05:14:54 UTC 54.149.83.187
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-27 13:22:33 UTC 34.120.237.76
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-27 14:55:40 UTC 143.204.55.115


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 144.91.69.83

Date UQ / IDS / BL URL IP
2022-12-06 06:32:56 +0000
0 - 0 - 2 cloudsoft.or.ke/xpra/X/eakdZkYIo.zip 144.91.69.83
2022-11-26 11:30:08 +0000
0 - 0 - 5 bright-waves.com/public/jd3jh5snahplulvgribzk (...) 144.91.69.83
2022-11-25 20:20:52 +0000
0 - 0 - 5 bright-waves.com/public/iZXLJJ4XHbPgb09jLNQ31 (...) 144.91.69.83
2022-11-25 20:14:33 +0000
0 - 0 - 5 bright-waves.com/public/ODnaFq8Z9FnIZoyt91UW8 (...) 144.91.69.83
2022-11-25 17:10:01 +0000
0 - 0 - 5 bright-waves.com/ 144.91.69.83

Last 5 reports on ASN: Contabo GmbH

Date UQ / IDS / BL URL IP
2022-12-10 03:42:53 +0000
0 - 0 - 2 blackstone.bluegreentech.net/ 213.136.94.199
2022-12-10 03:25:09 +0000
0 - 0 - 2 casagrandedeloureiro.com/.wp-admin/user/mcc/a (...) 144.91.92.34
2022-12-10 02:57:40 +0000
3 - 0 - 0 joingrupwhatsapp31.wikaba.com/ 5.189.159.42
2022-12-10 02:51:26 +0000
0 - 0 - 14 inlbtr.com/bar/user/login.php 5.189.177.94
2022-12-10 02:25:39 +0000
0 - 0 - 1 theexchequer.ie/images/arrowy/login.php 79.143.188.144

Last 5 reports on domain: cloudsoft.or.ke

Date UQ / IDS / BL URL IP
2022-12-06 06:32:56 +0000
0 - 0 - 2 cloudsoft.or.ke/xpra/X/eakdZkYIo.zip 144.91.69.83
2022-11-19 01:25:48 +0000
0 - 0 - 29 cloudsoft.or.ke/xpra/X/eakdZkYIo.zip 144.91.69.83
2022-11-18 11:58:54 +0000
0 - 0 - 4 cloudsoft.or.ke/xpra/X/eakdZkYIo.zip 144.91.69.83
2022-11-18 05:04:32 +0000
0 - 0 - 4 cloudsoft.or.ke/xpra/X/eakdZkYIo.zip 144.91.69.83
2022-11-17 21:56:17 +0000
0 - 0 - 4 cloudsoft.or.ke/xpra/X/eakdZkYIo.zip 144.91.69.83

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-06 06:32:56 +0000
0 - 0 - 2 cloudsoft.or.ke/xpra/X/eakdZkYIo.zip 144.91.69.83
2022-11-19 01:25:48 +0000
0 - 0 - 29 cloudsoft.or.ke/xpra/X/eakdZkYIo.zip 144.91.69.83
2022-11-18 11:58:54 +0000
0 - 0 - 4 cloudsoft.or.ke/xpra/X/eakdZkYIo.zip 144.91.69.83
2022-11-18 05:04:32 +0000
0 - 0 - 4 cloudsoft.or.ke/xpra/X/eakdZkYIo.zip 144.91.69.83
2022-11-17 21:56:17 +0000
0 - 0 - 4 cloudsoft.or.ke/xpra/X/eakdZkYIo.zip 144.91.69.83


JavaScript

Executed Scripts (20)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (42)


Request Response
                                        
                                            GET /xpra/s3LqQ3ZGtJ.zip HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         144.91.69.83
HTTP/1.1 301 Moved Permanently
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-length: 707
date: Tue, 27 Sep 2022 23:08:07 GMT
server: LiteSpeed
location: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   707
Md5:    1304294c0823ca486542ba408ed761e3
Sha1:   b2a70fb2d810ca13985882e6981f33998823e83e
Sha256: 3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8982
Expires: Wed, 28 Sep 2022 01:37:49 GMT
Date: Tue, 27 Sep 2022 23:08:07 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 22:15:34 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: dug-xWYFmIdTMHOe2n1U_EALXvrh0DaDG6yVpVyW6ANObMxWrFYb2w==
Age: 3153


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 38XBgOxiHYtd-VdzEmZsnfmsB8T18Ux9kTs_IfGP9Z6jod5w6Duzwg==
age: 49434
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 27 Sep 2022 23:08:07 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 22:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 23:08:53 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tKLpsc-B_la7Lpu1E3sS2mk0e3wc9RFqwQ0jJd_WrhaM3Od5CUyECw==
Age: 3442


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5982
Cache-Control: 'max-age=158059'
Date: Tue, 27 Sep 2022 23:08:08 GMT
Last-Modified: Tue, 27 Sep 2022 21:28:26 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ElkALdwjzJYbZSa1N/j6tw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.149.83.187
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uFcaq/0FeSm6O/w62kpq9pwx2xQ=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15994
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Tue, 27 Sep 2022 23:08:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15994
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Tue, 27 Sep 2022 23:08:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15994
Expires: Wed, 28 Sep 2022 03:34:43 GMT
Date: Tue, 27 Sep 2022 23:08:09 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13299
x-amzn-requestid: 926df8b6-beec-470d-b0b3-33be326cd379
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF8YIAMF3Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-343e91e735af43d01fc83ddd;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KmVkKXoPqZmnwFtpKhuox1kJNDoSxMEmYE39_zVPyaeoU4sPqq-_wA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:44:23 GMT
age: 5026
etag: "651600f2ef18cecc2e38370069bbb5e1d86f68e0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13299
Md5:    ad84ed0c5b2090df7996007514cf1984
Sha1:   651600f2ef18cecc2e38370069bbb5e1d86f68e0
Sha256: a3d0729e1d43afeadd2dd8273c858b8839d9e476f773c8ec9d96b5969a9e0b4a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02722822-e024-44b9-8ec1-48ec9500ca58.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9733
x-amzn-requestid: fff8214b-48f7-4b45-bd91-69ea4db871d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCAWhG9HIAMFloQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330adc3-1cffa63711378c525e49e11d;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 19:36:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Vak91l2UKRnX0Go62y1yPwJ8E-Af7XBurmQATw5MSZXBqhUJrIgOCQ==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 04:55:01 GMT
age: 65588
etag: "2142075b27d0d355c51231ab06fea46e25eb9c59"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9733
Md5:    f3e1fd3401c5e635a8dbeec5f78b721d
Sha1:   2142075b27d0d355c51231ab06fea46e25eb9c59
Sha256: 2e17a43985b624e6b6592d402c36dd45b915cd6e1ac84e187c18c46420eb9a1d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc892aae9-4381-46ed-9dd8-bd581d7389ee.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8621
x-amzn-requestid: 5a828651-41c2-4aa0-931d-6522098a8438
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZASUWEYvIAMFUJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ffdb5-5ace75523a98a9237fabca8f;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 07:05:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _r1yeWUGcjSAzmlPcqiZrNgOGrGb29Dxgrz3AOm9oU0-wgHy7axiKw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 07:40:36 GMT
age: 55653
etag: "883e61d46ef6c09013724aa7b8f560272ee08574"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8621
Md5:    59163c799f3d48e74abdd285ee615119
Sha1:   883e61d46ef6c09013724aa7b8f560272ee08574
Sha256: e1bafc575ff4274b210bee481a8e73c065de5bc14ddf46c269ef91eda0df8d84
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11314
x-amzn-requestid: 9f410158-cd1a-45a9-9e86-4005b25577e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e4Hw7oAMFpAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-70683c681f22a3b6103fcb4a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: l9IinQYCcQV_iymSArIEnOWgbmLlmVqz94402zcsmga5Bp3Sty7QRg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:40:49 GMT
age: 5240
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11314
Md5:    ee83d08d024d127fad5918e1ffacb78b
Sha1:   8ad289a77705358ab660b6123e9d90de991b6c13
Sha256: aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8a264fec-4624-4025-b0d1-044fc33e338f.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9780
x-amzn-requestid: 9938422e-12cd-4aab-9e58-c26b8fee53b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UOH3DoAMFZRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-37105d923f19437025abec71;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Halsx09hxT_sMRc2jy-fJA0tE85F6Bgz9P9Trx02Z9aMfIZVLkLW4g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:11:14 GMT
age: 3415
etag: "1a1139cff14aff6755b9e43ff4ef8c9ece1102c1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9780
Md5:    43d7c0db2af42ad4d0095324b2691f6c
Sha1:   1a1139cff14aff6755b9e43ff4ef8c9ece1102c1
Sha256: 42073c84e0c215109b54ab55a53cce9e6cce44f4619f5988fa4e2776ff70b362
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52d10f53-5e95-4bc8-aa34-09983b7221cd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6721
x-amzn-requestid: ea4416a4-ffbe-4006-bb09-aa0a70763ab2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3xTGNOoAMFXeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336cd4-6634cd372bd677227f755769;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TlEcmqE03c_aVOwGbXRCTsU5MOTiUF4C93U3zcIVqzg6NCGJJGup7A==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:09:10 GMT
age: 3539
etag: "e951f6b11e473b68d2fdd95b822cef120d37b1eb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6721
Md5:    c4a66beda24621e812a929933c52025d
Sha1:   e951f6b11e473b68d2fdd95b822cef120d37b1eb
Sha256: 28efb1495fdb363cea9ccc6c38f84b2731dbd44dd4dbbe42996fa6fab74e1ce6
                                        
                                            GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.3.3 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Mon, 26 Sep 2022 23:11:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1754
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10435), with no line terminators
Size:   1754
Md5:    f7237084ac82ea6a4f5bf1448c3a2148
Sha1:   60457635a5e809ee1199c61090d8e33b91e8e1f2
Sha256: 18a1cb7f08c1ace52a79f46d73461ed03bf8cf5c9e8a3687eacc3e04f08e7a09

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/everest-forms/assets/css/everest-forms.css?ver=1.9.4.1 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Tue, 27 Sep 2022 11:28:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3656
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (31693), with no line terminators
Size:   3656
Md5:    850cb80039a0c9e97f6a64e7be629fe2
Sha1:   7130e825db863c36d6f3994fbbbbe5ad940e83c0
Sha256: 1e53bcf1ee63baa2a75f6ac1cfc8256a6b85208e2cd861aabf6e2bd151439b13

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Tue, 12 Jul 2022 23:12:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10946
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   10946
Md5:    d45207ee05c1f0c57dfa075e61405ccd
Sha1:   a8d35143a2d828a739ea0fdde75f97d33621e7ec
Sha256: a9a4adbbcee31ec277f1bdd573eef97dc4341f29f2db3b5685a02dfe4d2fe9bb

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 23:08:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-includes/css/dashicons.min.css?ver=6.0.2 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Wed, 03 Mar 2021 23:46:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 35110
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (58981)
Size:   35110
Md5:    54c5bfb8a890d87139d9abfe01662c83
Sha1:   f9eddf5b8a3269e6d6fa40b4f13083705e6267c6
Sha256: 9685e5cabe4efc8c85e986725af8009b306416aad3ecc9086ca5bb12b84ce4ef

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.3.3 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Mon, 26 Sep 2022 23:11:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 20885
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Size:   20885
Md5:    b949966fb1c62c392babd0eb97a080ca
Sha1:   68842cbc531c38a01569da81eff51b1d358f7734
Sha256: c7804b0b1571c1986e8661aef7343839d797bb368222a537c996b062f1d9f695

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.9.4 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Mon, 26 Sep 2022 23:11:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2329
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (17809), with no line terminators
Size:   2329
Md5:    09d93f4de720fc11a2944fea38fcafcd
Sha1:   e46cf6a8d3373c7fa5feba0b30cd9b9983f719b2
Sha256: cf900721be13309b96cf6c6f56b1c0a40194e8aea1b0a0361739219c9c0f9998

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/zakra/assets/css/woocommerce.css?ver=2.0.9 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Tue, 08 Mar 2022 11:44:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1354
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1354
Md5:    e8c22b055fcf5951b578dee5b08f3d98
Sha1:   c01d88b4ebcdc1915b4dc19b9463313c9067286c
Sha256: 47bb921dd08acd98f5ba19ffb9e5bffdeb00f90d5935d4c1a50791a94c5c70f5

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /xpra/s3LqQ3ZGtJ.zip HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         144.91.69.83
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://cloudsoft.or.ke/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Size:   16760
Md5:    177704afd4b1d4a624e92e1c488e5415
Sha1:   dc4c10b04fc968c654d76f420484702153a8dbf6
Sha256: 5da2e0ab0edffe782fb542274839038f7b16f5bd9457a6ea9530630f2d12a18a

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Tue, 20 Sep 2022 23:11:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6657
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (30837)
Size:   6657
Md5:    5dbbe85d6a3308dceb97d91b740b0f11
Sha1:   3f70abf9963371962665167f98ba52365481496d
Sha256: 751d4fdd16bd33cc9c93bcaadcd316922ca9bbd74cb6a9e1705c8bef4330dabf

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/zakra/style.css?ver=6.0.2 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Tue, 08 Mar 2022 11:44:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 9419
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1208)
Size:   9419
Md5:    f6dda8f28e405ce74a86852861072006
Sha1:   75f057314e5476f19b07e36d5d503a783f1caa6a
Sha256: bb874681e82ff48cca08a47478a5441c7a80897e7be9fb0d280a893c6477b680

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Wed, 18 Nov 2020 11:36:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3995
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   3995
Md5:    7e058b51f939eacfa31cdface14dded5
Sha1:   9d732e5afdeb42edef9e1b9631b7e95e054787cc
Sha256: 4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.9.4 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Mon, 26 Sep 2022 23:11:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 899
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1668)
Size:   899
Md5:    22d65ba38528349e705d912ce26bf8ac
Sha1:   c89ba006009043d93b88ff155b4fec8797330550
Sha256: 6253bcb85e4267ad3ba843145534e729ee2c1d7e85e5b4ab5b2e074ae636bca3

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.9.4 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Mon, 26 Sep 2022 23:11:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 974
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (3037), with no line terminators
Size:   974
Md5:    fd8b126d3265cc6afc5b672273f78531
Sha1:   5058e579885cccf36c44bdeb5b7318bd75952af9
Sha256: 72da6709db061566cb5f67322f674a77f68acb69ac6181d37f9ca4a1bb7287b7

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.9.4 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Mon, 26 Sep 2022 23:11:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 677
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2139), with no line terminators
Size:   677
Md5:    a43fc0dde8fdd69656ad0957e62849c7
Sha1:   4b07cf702ac8a770c8cbffc22b9a788b6e5389ba
Sha256: 1ce3d0493424870c81deec0ec41de0592d2af9f91cd8081cd40a1d7ea89b614f

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.9.4 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Mon, 26 Sep 2022 23:11:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 934
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2938), with no line terminators
Size:   934
Md5:    cf25dd071a208312bdc07f34d2cee027
Sha1:   76119563119eaae392ecc8903c989d98d0b93002
Sha256: 8635ba2cad8f887e72779bd526f8738ff6343c74cba715caf2eddea383ba7ce6

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.9.4 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Mon, 26 Sep 2022 23:11:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3245
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (9115)
Size:   3245
Md5:    66c388e07cfb57895688b3347ab7290b
Sha1:   f23bd7a31995b3b19924575f2afa297a29257856
Sha256: 3971f3ab5179d1f4f91d2c102f27c2bf1dac2c04e2f62ff3eae3ebfa8c28494e

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/zakra/assets/js/navigation.min.js?ver=20151215 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Tue, 08 Mar 2022 11:44:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1290
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4251), with no line terminators
Size:   1290
Md5:    4da834e4d3a2e7bb317a7be45b90e426
Sha1:   f631d4066e135f27a099a2e0d5a84cda242e191f
Sha256: fcef27b3bdf1d2f31d171579ab835b79b8513000bd99ee74a58c794bb5aa5a33

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/zakra/assets/js/zakra-custom.min.js?ver=6.0.2 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Tue, 08 Mar 2022 11:44:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1375
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4701), with no line terminators
Size:   1375
Md5:    00b7760498e68018ac4b027ca6b20c4e
Sha1:   34752c5f472fdc8e6d479270b94a8b3cd7bdb4ab
Sha256: d53c8c2f667b9d393a7b3d5905f5c84498d3805b472409a3282e4d7cbf8620da

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/zakra/assets/js/skip-link-focus-fix.min.js?ver=20151215 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Tue, 08 Mar 2022 11:44:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 173
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (327), with no line terminators
Size:   173
Md5:    377f9358525ffffc52c6c5d2b4f4c466
Sha1:   52459e22f3928cfbfadd8a22151fe604a9d4db14
Sha256: c20ff146e9eba44010b7ee7c469b18c9c7482e23405db35e740c3dc03976aa16

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/2022/03/Cloudsoft-Logo-1-1.png HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Sat, 19 Mar 2022 13:42:15 GMT
accept-ranges: bytes
content-length: 7774
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 300 x 37, 8-bit colormap, non-interlaced\012- data
Size:   7774
Md5:    c95e4d2e6311afe2bb0e09adfb8d0fb0
Sha1:   8f7ca18fd482b62c48dcb70cc4f80213763ddb22
Sha256: 0ee651aa0151a63d4c15be46ff8ba9295ca9c793a74fb0d7d1afcdae67f77da4

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/ParticleJs-WP-Plugin-master//includes/particles.js?ver=6.0.2 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Fri, 11 Mar 2022 17:36:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8757
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   8757
Md5:    e616185a3adf94b449dc5bfc89ec02b0
Sha1:   d392f36c4ff97a18016b49c5cafa9033cd10daba
Sha256: 5c98985db619b7ce8dcd6a644e5dcc37c000b5052fe1d7615c119358df1dbd64

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: cloudsoft.or.ke
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/s3LqQ3ZGtJ.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         144.91.69.83
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 04 Oct 2022 23:08:10 GMT
last-modified: Wed, 10 Mar 2021 17:37:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30273
date: Tue, 27 Sep 2022 23:08:10 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   30273
Md5:    34f918ada1fe4f01c5a4b90065bbc37a
Sha1:   a731f6ce2d413805e39ae45994012b1bd5ea1e2b
Sha256: eba158d5ab26a5a54a3dcfcea1072c636f44e92fc2eb30a3f27cd5be3f891dfc

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 27 Sep 2022 23:08:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=-apple-system%3A400&1&display=swap&ver=2.0.9 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 400 Bad Request
content-type: text/html; charset=utf-8
                                        
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 27 Sep 2022 23:08:10 GMT
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---