Overview

URLdefrankclothier.com/sest/index.php?qbot.zip
IP 63.250.38.5 (United States)
ASN#22612 NAMECHEAP-NET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-18 22:54:17 UTC
StatusLoading report..
IDS alerts0
Blocklist alert132
urlquery alerts No alerts detected
Tags None

Domain Summary (13)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
r3.o.lencr.org (6) 344 No data No data 23.36.77.32
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-18 05:29:52 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-18 05:27:45 UTC 34.117.237.239
defrankclothier.com (52) 0 2022-11-15 15:41:34 UTC 2022-11-18 18:09:13 UTC 63.250.38.5 Unknown ranking
fonts.gstatic.com (1) 0 2014-09-09 00:40:21 UTC 2022-11-18 14:58:55 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-18 20:54:38 UTC 142.250.74.10
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.203.75.56
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 172.64.155.188
ocsp.pki.goog (6) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.35
maps.googleapis.com (1) 33876 2014-10-18 20:19:59 UTC 2022-11-18 10:49:00 UTC 142.250.74.10
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-18 2 defrankclothier.com/sest/index.php?qbot.zip Malware
2022-11-18 2 defrankclothier.com/sest/?qbot.zip Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/woocommerce/packages/woocommerce-blo (...) Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/yith-woocommerce-wishlist/assets/css (...) Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/yith-woocommerce-wishlist/assets/css (...) Malware
2022-11-18 2 defrankclothier.com/wp-includes/css/classic-themes.min.css?ver=1 Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/woocommerce/assets/css/woocommerce-l (...) Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/wp-social/assets/css/frontend.css?ve (...) Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/wp-social/assets/css/font-icon.css?v (...) Malware
2022-11-18 2 defrankclothier.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Malware
2022-11-18 2 defrankclothier.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1 Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/wp-social/assets/js/front-main.js?ve (...) Malware
2022-11-18 2 defrankclothier.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 Malware
2022-11-18 2 defrankclothier.com/wp-content/themes/marketo/assets/css/style.css?ver=1.0 Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/contact-form-7/includes/swv/js/index (...) Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui (...) Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/woocommerce/assets/js/frontend/add-t (...) Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.c (...) Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/woocommerce/assets/js/frontend/wooco (...) Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/woocommerce/assets/js/frontend/cart- (...) Malware
2022-11-18 2 defrankclothier.com/wp-content/themes/marketo/assets/js/bootstrap.min.js?ver=1.0 Malware
2022-11-18 2 defrankclothier.com/wp-content/plugins/revslider/public/assets/js/rs6.min.j (...) Malware
2022-11-18 2 defrankclothier.com/wp-content/themes/marketo/assets/js/vertical-menu.js?ver=1.0 Malware
2022-11-18 2 defrankclothier.com/wp-content/themes/marketo/assets/js/plugins.js?ver=1.0 Malware
2022-11-18 2 defrankclothier.com/wp-content/themes/marketo/assets/js/main.js?ver=1.0 Malware
2022-11-18 2 defrankclothier.com/wp-content/themes/marketo/assets/js/ajax-script.js?ver=6.1.1 Malware
2022-11-18 2 defrankclothier.com/wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iF (...) Malware
2022-11-18 2 defrankclothier.com/wp-content/themes/marketo/assets/fonts/fontawesome-webf (...) Malware

mnemonic secure dns
Scan Date Severity Indicator Comment
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed
2022-11-18 2 defrankclothier.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 63.250.38.5
Date UQ / IDS / BL URL IP
2023-01-08 03:43:13 +0000 0 - 5 - 12 curatedcoronanews.com/ 63.250.38.5
2022-11-19 19:41:08 +0000 0 - 0 - 5 africaatthepark.com/mslu/index.php?e=qbot.zip 63.250.38.5
2022-11-19 00:52:54 +0000 0 - 0 - 214 afribookmarket.com/oesi/index.php?qbot.zip 63.250.38.5
2022-11-19 00:47:15 +0000 0 - 0 - 134 defrankclothier.com/sest/index.php?qbot.zip 63.250.38.5
2022-11-19 00:30:57 +0000 0 - 0 - 4 nigeriaatthepark.com/cuhi/index.php?qbot.zip 63.250.38.5


Last 5 reports on ASN: NAMECHEAP-NET
Date UQ / IDS / BL URL IP
2023-01-30 17:50:10 +0000 0 - 1 - 0 profhiloclinic.co.uk/ 192.64.119.20
2023-01-30 17:48:52 +0000 0 - 1 - 0 365raja78.pro/ 162.255.119.6
2023-01-30 17:47:21 +0000 0 - 0 - 10 storymakerusa.xyz/2023/01/25/the-video-of-wha (...) 199.188.205.46
2023-01-30 17:38:25 +0000 0 - 2 - 0 eayshost.africa/ 162.0.230.213
2023-01-30 17:09:37 +0000 0 - 1 - 0 activefisher.com/ 162.255.119.91


Last 5 reports on domain: defrankclothier.com
Date UQ / IDS / BL URL IP
2022-11-19 00:47:15 +0000 0 - 0 - 134 defrankclothier.com/sest/index.php?qbot.zip 63.250.38.5
2022-11-18 22:54:17 +0000 0 - 0 - 132 defrankclothier.com/sest/index.php?qbot.zip 63.250.38.5
2022-11-17 00:38:02 +0000 0 - 0 - 5 defrankclothier.com/sest/index.php?qbot.zip 63.250.38.5
2022-11-16 22:12:29 +0000 0 - 0 - 5 defrankclothier.com/sest/index.php?qbot.zip 63.250.38.5
2022-11-16 21:52:01 +0000 0 - 0 - 5 defrankclothier.com/sest/index.php?qbot.zip 63.250.38.5


Last 1 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-11-19 00:47:15 +0000 0 - 0 - 134 defrankclothier.com/sest/index.php?qbot.zip 63.250.38.5

JavaScript

Executed Scripts (39)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (81)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9354
Expires: Sat, 19 Nov 2022 01:29:59 GMT
Date: Fri, 18 Nov 2022 22:54:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5439
Cache-Control: max-age=133661
Date: Fri, 18 Nov 2022 22:54:05 GMT
Etag: "63775eeb-1d7"
Expires: Sun, 20 Nov 2022 12:01:46 GMT
Last-Modified: Fri, 18 Nov 2022 10:31:07 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8B4040A645CEC1841A00A22765EB3A74978559DAF15C54BD4B41B6B48AAB7F95"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7289
Expires: Sat, 19 Nov 2022 00:55:34 GMT
Date: Fri, 18 Nov 2022 22:54:05 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 18 Nov 2022 22:44:50 GMT
cache-control: public,max-age=3600
age: 555
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    567df7db606cf5d0871aa5bc9311b6da
Sha1:   4263faac7cbab2fcaf6661911dcad5091c06be17
Sha256: e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 3naWLlStVv/vDW+DEIvjBxASmkDnj5KiVZch57Icn+Uv0n8SsNyRGM09G6RciPSFLqbo5p0ayvY=
x-amz-request-id: 74P6T3GYSTNHTQ2P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 18 Nov 2022 22:53:06 GMT
age: 59
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 18 Nov 2022 22:54:05 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 18 Nov 2022 22:44:49 GMT
cache-control: public,max-age=3600
age: 557
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /sest/index.php?qbot.zip HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         63.250.38.5
HTTP/1.1 301 Moved Permanently
content-type: text/html; charset=UTF-8
                                        
keep-alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
set-cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-redirect-by: WordPress
location: http://defrankclothier.com/sest/?qbot.zip
x-litespeed-cache: miss
content-length: 0
date: Fri, 18 Nov 2022 22:54:06 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5395
Cache-Control: max-age=128565
Date: Fri, 18 Nov 2022 22:54:06 GMT
Etag: "63774b30-1d7"
Expires: Sun, 20 Nov 2022 10:36:51 GMT
Last-Modified: Fri, 18 Nov 2022 09:06:56 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0g/GhuxU1vleJ84AeeBfQA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.203.75.56
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4uFxiRB9rSzWvM4gxSm+L5s7MLw=

                                        
                                            GET /sest/?qbot.zip HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562
Upgrade-Insecure-Requests: 1

search
                                         63.250.38.5
HTTP/1.1 404 Not Found
content-type: text/html; charset=UTF-8
                                        
keep-alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
link: <https://defrankclothier.com/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache-control: public,max-age=3600
x-litespeed-tag: f16_HTTP.404,f16_404,f16_URL.c23091ff19daa6c340bce7b4a1829955,f16_
x-litespeed-cache: miss
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Fri, 18 Nov 2022 22:54:06 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Size:   13754
Md5:    861aaf2c9b874696a57e1f12569aa3b2
Sha1:   00aaaadcc2200c0887b42c50b4f929487b5e8bd5
Sha256: 5cfe4bcac4efc3a879789082ef2143921923db09b6609f4f9592bf478ff21b60

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:06 GMT
last-modified: Thu, 25 Aug 2022 00:12:34 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2253
date: Fri, 18 Nov 2022 22:54:06 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (10435), with no line terminators
Size:   2253
Md5:    bc691db676adafb00ad62e956f11e815
Sha1:   d0fae56b2590dcfe64ab4086ee089ce2697908dc
Sha256: 1016c61921233d319f5409eec320cf010d5ded5de7fb847186039f421c7e5522

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:06 GMT
last-modified: Thu, 17 Nov 2022 22:20:40 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 16113
date: Fri, 18 Nov 2022 22:54:06 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (47826)
Size:   16113
Md5:    f900baa20a50cc986670a1acfed3c04a
Sha1:   ee2ca8a3fc0287cddf2a5546b747a68b60738950
Sha256: ca674f5479ab55e973bea867cf11312f726bd00fee6669855bf404acd179e758

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/yith-woocommerce-wishlist/assets/css/font-awesome.css?ver=4.7.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 14 Nov 2022 18:45:40 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 7846
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (30441)
Size:   7846
Md5:    6f5945f9dfe235e6bca4b4699894a04a
Sha1:   c22e901fd25fa4fecc4914d2ea3388b96e37a7cf
Sha256: 8e383c69a9f82008768f00083e935826a383f13de0854cf798d479dd257d7407

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/yith-woocommerce-wishlist/assets/css/jquery.selectBox.css?ver=1.2.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 14 Nov 2022 18:45:40 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 877
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (2630), with no line terminators
Size:   877
Md5:    29c796a05bc5dbccf354d704073cd82b
Sha1:   814c0de03c208b74124b48b5e8822824fc00e39f
Sha256: e62dfa56a1da15afd290931d07fa501f604c7cb49d62ee51cae450bb72f45449

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/yith-woocommerce-wishlist/assets/css/style.css?ver=3.15.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 14 Nov 2022 18:45:40 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 6175
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (29337), with no line terminators
Size:   6175
Md5:    6d7c6e5874c56aa6e8e5367c2c980b27
Sha1:   fbfc1dd3a47d2f9c107b8611f4a0894c0f3a2f74
Sha256: 5198eaafc1e779068dc05b6c4bf2fe33f33e83ae139be0890711dd7399cd5aec

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/css/prettyPhoto.css?ver=3.1.6 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Wed, 22 Dec 2021 00:24:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2348
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (9281), with no line terminators
Size:   2348
Md5:    073cb4e3c22b0ea2e7aa54d404daa64f
Sha1:   97b4b8e67b32251aaf418c9bf1905df124e858eb
Sha256: 389dfb9744fa08425590e49b4f52863cd0c319357d1e212a80ac8f6c6e117364

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Tue, 25 Oct 2022 23:15:16 GMT
accept-ranges: bytes
content-length: 217
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text
Size:   217
Md5:    95e891f28e44a9b314c09545d86be2b7
Sha1:   f9b13a8bd47273b086a0a07df15f314e0af0bc3e
Sha256: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 18 Nov 2022 22:54:07 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 17 Nov 2022 08:39:02 GMT
Expires: Thu, 24 Nov 2022 08:39:01 GMT
Etag: "505aa77711af1dd8c1884a15bf01e35b76926dd3"
Cache-Control: max-age=466493,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76c4493ecb70b509-OSL

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 18 Nov 2022 22:54:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 18 Nov 2022 22:54:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 18 Nov 2022 22:54:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Thu, 03 Nov 2022 20:38:34 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 33587
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Size:   33587
Md5:    7566ad4c53479123deb98210bbf9acc7
Sha1:   602c92b348228f79a78ca6b127bf902a29c601a9
Sha256: 8e8074c753ef699c77880fcd640afd839ed85cf941fc9bea3a8fc589199ed936

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /maps/api/js?key=AIzaSyCy7becgYuLwns3uumNm6WdBYkBpLfy44k&ver=6.1.1 HTTP/1.1 
Host: maps.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://defrankclothier.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
date: Fri, 18 Nov 2022 22:54:07 GMT
expires: Fri, 18 Nov 2022 23:24:07 GMT
cache-control: public, max-age=1800
vary: Accept-Language
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 53355
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=21
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2453)
Size:   53355
Md5:    630758e595f81807df8e3a63f1e9ea51
Sha1:   89f0fd2ec9f86fc49f2735e47c71f45e59132840
Sha256: 471303be8931ec0237cd9e8f87a60c4beccb8cc46658f999560beed736e60320
                                        
                                            GET /wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Tue, 01 Nov 2022 23:29:26 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 11082
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (62781), with no line terminators
Size:   11082
Md5:    2672180e845df1571b5d9e563679bdc2
Sha1:   d161eaf769e9bf616e49662678551787901d8727
Sha256: a8f9f8cb0e4ce85743e2c70a11bb2ca86d3156ee186c195132f76ccf3b91c076

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Wed, 22 Dec 2021 00:24:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3060
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (17809), with no line terminators
Size:   3060
Md5:    c8ae788e26d3d7f48505568e7c72132b
Sha1:   b805fc0b26324c98d6c520f4f7500b48788fce7a
Sha256: a9d92cc15de84401f0427fb67cb14eb356cdc172e4def9c28681973a29845c3e

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/wp-social/assets/css/frontend.css?ver=2.2.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Wed, 16 Nov 2022 17:25:31 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 8206
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   8206
Md5:    7e8cdb83aa99c229a887f7893343a376
Sha1:   2b4a660c52e52d01ecf1369f72812a081523a48b
Sha256: e010943866b52a63338ff251a42fad05392564233b730c8bfba810c32e888de3

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/wp-social/assets/css/font-icon.css?ver=2.2.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Wed, 16 Nov 2022 17:25:31 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 8477
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (43781), with no line terminators
Size:   8477
Md5:    4f48a09cfbdbd625103e10bec65490b8
Sha1:   a403f5f3495007b0c94f929bb32a3591169fcd6e
Sha256: 53d4a79cb41f058e8ae13c2d35e26c7dea4ec11081f2432c6eeb36ca670880bd

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/css/responsive.css?ver=1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 6990
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text
Size:   6990
Md5:    3a6e2520cd6facf36c92de67a891dab0
Sha1:   6ddcf3baafd3fb5e7abd279e717c1b474e736a69
Sha256: 4a112c554bd3d3d3965cf2930acfde0e12c767897239cf5607c543f8aca303e7

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/css/gutenberg-custom.css?ver=1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 6387
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (432)
Size:   6387
Md5:    13d40aab3ab7d4be1d35b46ed750b0ce
Sha1:   f352ee4a2421ef13afb1bd3bad016088c9139f35
Sha256: 60efc224cb9692868cac7a183a4571f609916cbc576099ad768604d86ef86802

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/2022/04/D-F-C2.png HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://defrankclothier.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         63.250.38.5
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Tue, 12 Apr 2022 07:28:35 GMT
accept-ranges: bytes
content-length: 26194
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 431 x 387, 8-bit/color RGBA, non-interlaced\012- data
Size:   26194
Md5:    d384d2c8ac8b4d3e19b88a8c11134546
Sha1:   97092cc4fea8bcf1e0328275691e3c81d7d1a4e6
Sha256: c9194b05bec75654ef8a948ac8285236e3bec14bbdc43a3f83bd8fea6bc59239

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/css/bootstrap.min.css?ver=1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 27972
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (65325)
Size:   27972
Md5:    242da5585090e8ddcfd32cfd1df8de5a
Sha1:   01d7ebd149483a85c7599b7325adc4edbe5b2dbe
Sha256: e9d971e427e2a86639ba887281e6d206a6187d486fde1f433af1584d07e6f8b4

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/css/plugins.css?ver=1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 25414
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (34408)
Size:   25414
Md5:    c826a452f8ce9da438b2d1d26c4c91ea
Sha1:   65490b141cf1ff529a2355f6a3a707f0eb40bd62
Sha256: ae17d50dc4094da9d2321d76bbe415ab822647d832b505c6ec4c41db5d43cbfb

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Wed, 18 Nov 2020 19:36:06 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4564
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   4564
Md5:    a5ffc5f13084a2c13c864ba30fea34aa
Sha1:   0ddd15b8c844e0a39734a45668f772907913901a
Sha256: 18846359c368facb0a297df866b58c9d9c1ac2cb6c4bb1222e8b9b195b2c201e

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 19 Sep 2022 23:46:24 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 36096
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   36096
Md5:    3fefa18e3cbe3acddd34a143490f3568
Sha1:   fb58024ffc3f0776f8deb6690930aaa8d0846599
Sha256: 850052eb84c33764aa1ea684fe1448bf6e6eb65d9bb16fa8e30cd472a53fe28c

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/wp-social/assets/js/front-main.js?ver=2.2.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Wed, 16 Nov 2022 17:25:31 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1031
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (2341), with no line terminators
Size:   1031
Md5:    63918f09f317824ad26a459b29d9339d
Sha1:   8ed15bee5b8180bcb36a13694501ff2bda558a0b
Sha256: 513e221d85941746943a735ec0d848b98120b81c1b2acf7a7a516f1b9674b783

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11573
Expires: Sat, 19 Nov 2022 02:07:00 GMT
Date: Fri, 18 Nov 2022 22:54:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11573
Expires: Sat, 19 Nov 2022 02:07:00 GMT
Date: Fri, 18 Nov 2022 22:54:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11573
Expires: Sat, 19 Nov 2022 02:07:00 GMT
Date: Fri, 18 Nov 2022 22:54:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11573
Expires: Sat, 19 Nov 2022 02:07:00 GMT
Date: Fri, 18 Nov 2022 22:54:07 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce07c59e-2c1b-4d3b-8c02-f1ed4bca6607.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3962
x-amzn-requestid: 29b553ab-9ef2-44b8-aea9-b1582b207a6b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QRWGKmIAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6e-3fb68804386112d17eba689d;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:38 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NlXk5HDtG5jJpocFatW40jmG60DcpFCl4o6MqkAPSHH13lP66E4d6w==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:36:25 GMT
age: 4662
etag: "14582e35cacbfc2543587e546cb3b4faf2c898bf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3962
Md5:    49115517a3f79b5092934e128d54c721
Sha1:   14582e35cacbfc2543587e546cb3b4faf2c898bf
Sha256: 0f9015683cacc252fb5e5053681da1b85b3dd0694e2cd04417e73e5e82ecac2f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6865a9f2-7103-433d-8ba8-2a1cca0f76d1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5226
x-amzn-requestid: c0655cd4-83f6-4c7c-97b6-2847f38df126
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QRwFPwoAMFV5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa71-5f7eca026395cbe72daed116;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:41 GMT
x-amz-cf-pop: SEA19-C3, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gSAFmiB37Xf-Ytu7_BEwytLEY9rflh0ruTy-mU3vHQlS9Amx90qUcg==
via: 1.1 2c6b5dd77f1abe60653ce0454f344b64.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:36:25 GMT
age: 4662
etag: "6b50f4fdc7d7dcbb11d8739b71e8e1eecec047b4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5226
Md5:    b834de670098398062ac06865cfa82a4
Sha1:   6b50f4fdc7d7dcbb11d8739b71e8e1eecec047b4
Sha256: 9eefe7101330de28d8d0fdb3f17a5453f3368324fbacb9f3a36826f76b7c9bde
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e34e5df-e3b1-4670-9ba0-f2403f02010c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5097
x-amzn-requestid: ff66512d-5563-4824-badb-5d3bf4ad9e21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QR6HXXoAMF7qA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa72-784a02bd76dd22987f137400;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xihx8hCMattIRiLwxAz43PjTxdufkHAXbcMAJBeRv2MIXWLnxwS7cw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:36:25 GMT
age: 4662
etag: "c9aa687d03ef0d1bd8ca2d024b1c0c22e53b57b0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5097
Md5:    2d658c05b4c8027fcd618510e09a3fb1
Sha1:   c9aa687d03ef0d1bd8ca2d024b1c0c22e53b57b0
Sha256: 89a4b61edc8a8e8d6db418731208c6e08ad987f1336e4c62f4fc0c4cd140d959
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7589
x-amzn-requestid: 533d7650-cb21-4090-a50a-e205adad316d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brr5zH4qoAMF79Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748d0b-017f7bf4390eb124097af648;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:11:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G_b9L1-WBsD1eh58iF6Cwh8ij3yZVOei6oIUjwdoKQzHLayBLJdv0A==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 16:26:42 GMT
age: 23245
etag: "22884cbc78622d6f78c1c3397c9b440946144a99"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7589
Md5:    06c6e720bc9900b38e88cd72f739603e
Sha1:   22884cbc78622d6f78c1c3397c9b440946144a99
Sha256: 8675d08e6d8ae5bdedbc7c7ce647f8c6e72cc457917b4ed1856c50b11c2fe88b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0d2467c-b158-442b-92be-e4cb236d17fa.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3035
x-amzn-requestid: 3e3f3a7f-9a1d-4b37-b932-22c6e3e638f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QRcFOuoAMF_fQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6f-09dc20ea5620dd167e3f7265;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xvVfLfP2DUilu7GSJMGArO90Kdoq5cPBVtmtyVjZmX5ZKnvOjpR_UQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:36:25 GMT
age: 4662
etag: "72369ebeccf447fa91ef77711d6297063c99777e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3035
Md5:    d6b026c34985bbf2ebf89a62d0724c66
Sha1:   72369ebeccf447fa91ef77711d6297063c99777e
Sha256: e5598ada634274ab9995dedda8c1fd18344abcfdd49b3a1aaede0a86fafc0f40
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8089
x-amzn-requestid: f3c55266-9b03-4b7f-b076-fdf56704318e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QQyECioAMFzdQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6b-3e10cef6117a10a4115cfce7;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9FO1gkdftjvJFDvAlxwLD63BP-liwnS2MImVhVdjg83wi4xJdM73Kg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:36:25 GMT
age: 4662
etag: "318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8089
Md5:    c8f6118fc03f31862ff68fef8a2b9a7f
Sha1:   318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73
Sha256: cdd4d44f05cc524d7f2b1d6d792ecd8a9a933e52ecb7685a7d7ea786a510ef39
                                        
                                            GET /wp-content/plugins/wp-social/assets/js/social-front.js?ver=6.1.1 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Wed, 16 Nov 2022 17:25:31 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 288
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (459), with no line terminators
Size:   288
Md5:    d294fb6ceda2f35bfae6cecfb465b25c
Sha1:   43de788a4ada0eb4544e9a446e7aa950bf817308
Sha256: cb4d6988b32cce4a6142f17eaa0c8430157e6ccbb220ea9d1591a69f126a923b

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.8 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 11 Apr 2022 17:45:53 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 14940
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (12602)
Size:   14940
Md5:    80fac698148d17e69fa11d9bae87a599
Sha1:   73f391dd8204a7f69382b281e8a18293402a0c96
Sha256: b8d2fc3618314a563c5bb567bb3e87634dc5002db607ca9394eeb91c16b3d371

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.min.js?ver=1.2.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 14 Nov 2022 18:45:40 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4425
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (14924), with no line terminators
Size:   4425
Md5:    dbec0163f35d6146fdaaf88ff387f6c2
Sha1:   9136c9c0d030c25e1423da3019b07592c4b768fe
Sha256: 89ecc57dbda2c372f24df521da90e9e5450aafda6540db801df301a08bbed238

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Tue, 12 Apr 2022 15:26:24 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 5806
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   5806
Md5:    8d1ea9267894d63ba4c9ba45b845bf75
Sha1:   d42e28a1369c0c3e3d4eff65f21b8c72960cee0a
Sha256: 3be43ab5ea0a6131c8bc5b7a4207eff0516ac5c37fabddd5d879784bcbb299ba

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js?ver=3.1.6 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Tue, 19 Jul 2022 23:16:40 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 6576
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (21310), with no line terminators
Size:   6576
Md5:    213621986e291b1b8df3b6dd5bcd2125
Sha1:   1bf98b21020fda46c1c57814b0e10f236a26f874
Sha256: 46e9c7ffd4211b51b257a3bbfb9ba365646886c198a85c3c7dec083fd9effdc5

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.min.js?ver=3.15.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 14 Nov 2022 18:45:40 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 7888
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (24951), with no line terminators
Size:   7888
Md5:    92f212158f7070181b275bf3a3d22923
Sha1:   8e51a2c52ff8ab08feb3b2f37648ce0c5dd47745
Sha256: 1fd11632ef073601a7df1e8a4f314a10dfd1621c91c463b387db94338a9b8d0a

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/css/style.css?ver=1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 58315
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text
Size:   58315
Md5:    0d898e49746f9a533626c705addd6969
Sha1:   b04cd0dffdd2a85ed5598b0a569d21d0439a885c
Sha256: 5cef23ac2e55f7fd9f13b5baf570d79f14288b0d2db5c415f9a4be0d0d279360

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Wed, 19 Oct 2022 21:59:09 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3233
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (9937), with no line terminators
Size:   3233
Md5:    c656ef0bc45466d8d70c48170dfba5e6
Sha1:   2bcb45cf1ccf2c02e4d8a8198d380f5ac6cce3f3
Sha256: fc6c04eb9db98ef94c0837b8177d5518225ed38614cfa084bbb46061999d25dc

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Wed, 19 Oct 2022 21:59:09 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4395
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (12310), with no line terminators
Size:   4395
Md5:    9df8f1fd651bbe27c01093ac84e3db78
Sha1:   d14ad03675de2377096546e4148bcc2e877ec776
Sha256: 5ba22255e1ed2b732455c913cae86d1d9116c1efac71eb86782e70b5ade798ea

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 18 Nov 2022 22:54:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 18 Nov 2022 22:54:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/rubik/v21/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://defrankclothier.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 21:38:57 GMT
expires: Fri, 17 Nov 2023 21:38:57 GMT
cache-control: public, max-age=31536000
age: 90911
last-modified: Mon, 18 Jul 2022 19:32:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 33580, version 1.0\012- data
Size:   33580
Md5:    848cd2ecd011428969dc6b90431bc482
Sha1:   6b1a7b562a56bd54510e0f6f95e26babca331a1b
Sha256: 981307dcbbd348f6fb4e3eab184077392f9ee15097ea868f630debefad9044e9
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Wed, 19 Oct 2022 00:34:38 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3753
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (9111)
Size:   3753
Md5:    965e5cf69f1e5c407096d070fa6e957c
Sha1:   0cae83da017e53752da1c65afbb869e805f752b8
Sha256: 5995fea8ecc8196751e24a27541eeadcc51675b25b28df740702fd8136f24ede

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Wed, 19 Oct 2022 00:34:38 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1171
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (3029), with no line terminators
Size:   1171
Md5:    541e4b2ab7f0b9c76e81c96ea44c819e
Sha1:   bc717ff2f20a28f674162c1f4c933d69851a8e6a
Sha256: cf36b55ed07f0c0ef70545ce553230e16f89b40b663c423d11f0d5215c4131be

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Wed, 20 Jan 2021 04:55:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1002
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (1668)
Size:   1002
Md5:    d7deb7ee25dbefd306d47300dda470c4
Sha1:   99e7371a8d131897bd9119562e5f963a9eb7c034
Sha256: bfeb62c906eedb44b08a84e0eb3f61c2417b57124af8cacd3824339628e980a6

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 18 Nov 2022 22:54:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Tue, 18 May 2021 21:00:20 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 843
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (2139), with no line terminators
Size:   843
Md5:    70873bef1381d7a38bdc4fd14aa1e7a9
Sha1:   70c93e2b3d71105e67dd625a95de4ff0498a48d9
Sha256: c01c3001448f10876291254b9f846cddadefce5c41c15504a90790960308efe1

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Wed, 24 Nov 2021 03:30:14 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1103
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (2938), with no line terminators
Size:   1103
Md5:    7e78d2690c41928cdc4824c813604e07
Sha1:   d1a5d7c7250cdd49970a1cd18ad4b18fcfec71ba
Sha256: 15e7a4fa22e1578475d3a664b1baba0b919db90a28ee2375730dff2c33d093f9

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/js/bootstrap.min.js?ver=1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 16088
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (48664)
Size:   16088
Md5:    7313aab837b864477779a4c8639c32b5
Sha1:   a4ff3831ee0e592027778f496979fc6b6612a88e
Sha256: 6e99b296b8f0ddb559a67257a70f6e5dce69654c65366e50e072ae30145cbf01

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/js/jquery.menu-aim.js?ver=1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3842
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text
Size:   3842
Md5:    60e7e16bf200f62256f60d575f07a2d8
Sha1:   d1c087499dfbf7fd40113c3c11e5735fa1b4bf6e
Sha256: 85d4fb78bfd09df20b45ec35771cbf179e126760ecf334e982df55e49d474e70

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.8 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 11 Apr 2022 17:45:53 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 119395
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (64288)
Size:   119395
Md5:    a8ca3d7c150a4e328410331a688841f4
Sha1:   858eeadcdc312304cf497c8897d540cc3e4d2119
Sha256: be14ebdda090c532d3e38fbcb8cee3089d1751eec92f844a66e4eb9abf7978ad

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.8 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:07 GMT
last-modified: Mon, 11 Apr 2022 17:45:53 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 53210
date: Fri, 18 Nov 2022 22:54:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (42889)
Size:   53210
Md5:    83121b9cdc72f97c64e0330a7c56b2bc
Sha1:   aefaeeb3d5bb0ee546fe048646ccced764c8bc95
Sha256: 39b3fb72107ac93a08d98a41663b997d5336defdc629ee9ee5e9aaf2c63aa17b

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/js/vertical-menu.js?ver=1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1158
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text
Size:   1158
Md5:    d0232c892cedf23d4c72a5ee87a8b564
Sha1:   55ab52bae772c877000ac178a0a8c35f4f5f59a3
Sha256: 96cee603fcb6abed4e67776ef9f758830bcee901afe61f895cd1ee6c18bc0761

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/js/plugins.js?ver=1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 35563
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (20707)
Size:   35563
Md5:    c5bb701276ece4aed7757921a9a05d6b
Sha1:   ce3d5af2cd159ead6924d6990b4b7a8f96c16062
Sha256: c7f350f4ccb605a7c1ef7082b387ac6eea11315cac6c560cf6a470561a92abab

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/js/main.js?ver=1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 6535
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text
Size:   6535
Md5:    d8d9840c47ed38eb0cc4693fd8dd3656
Sha1:   4b045ec00227ec9ecdc78ff02e2e85b153cce188
Sha256: f1ef77dc764571bf73f7ebaa7a11851d79d4e0406888980573012e2aba1334f1

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/js/ajax-script.js?ver=6.1.1 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/javascript
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1907
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text
Size:   1907
Md5:    02792eeff889e7879e32ca288dfc06f3
Sha1:   4a1284854820e60229154e5edd715e2466771a49
Sha256: 723cb343e0badc67651ef469eeac53455f138f8a1791d10d29e832be95ee5851

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/fonts/rubik/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0UzdYPFkaVN.woff HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: font/woff
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Wed, 20 Jul 2022 08:31:55 GMT
accept-ranges: bytes
content-length: 22124
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 22124, version 1.1\012- data
Size:   22124
Md5:    3bf0e4e0a25ab0fc5e14bc89363e9d81
Sha1:   88b0b7edd64c09860d972ef32ce43708c296c29f
Sha256: f91972a384da06c3dcc27365962b590ddb6e6cae8300826e9fd8cf5aee9ee7c2

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/images/arrow-2.png HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/wp-content/themes/marketo/assets/css/style.css?ver=1.0
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: image/png
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-length: 1166
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  PNG image data, 9 x 5, 8-bit/color RGBA, non-interlaced\012- data
Size:   1166
Md5:    86518ea38eafaaafdeab9c27641d4088
Sha1:   57a0780d0078c2eaad5350d5dd6af8b4bdef64f4
Sha256: b42c06b46b17ee6f8c3cc4328c9836a04865db34b5555b18eb9609abb2938129

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=7.1.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: text/css
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Wed, 17 Feb 2021 04:11:32 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1331
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  ASCII text, with very long lines (7043), with no line terminators
Size:   1331
Md5:    8fb1c2c7152e7b1a69c898bdf630bcf8
Sha1:   18a9cb14cea8da01e239aefe77d500b14e13d859
Sha256: 02e00ded13c91bb6cb1267252ee16e718f646bdf35ddb7aac49d31fdab343eab

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://defrankclothier.com/wp-content/themes/marketo/assets/css/plugins.css?ver=1.0
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: font/woff2
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-length: 77160
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size:   77160
Md5:    af7ae505a9eed503f8b8e6982036873e
Sha1:   d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
Sha256: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/marketo/assets/fonts/iconfont.ttf?3m11x9 HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://defrankclothier.com/wp-content/themes/marketo/assets/css/plugins.css?ver=1.0
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: font/ttf
                                        
keep-alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:08 GMT
last-modified: Mon, 11 Apr 2022 17:45:18 GMT
accept-ranges: bytes
content-length: 176952
date: Fri, 18 Nov 2022 22:54:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  TrueType Font data, 11 tables, 1st "OS/2", 22 names, Macintosh\012- data
Size:   176952
Md5:    7a1cb2492dd0f74ea967031b35a30b8e
Sha1:   f4698a2398947a5f6c0b606d860616ae19f3dda2
Sha256: cb3605a302c918b3654f637498b852b9bc62baadfdb1cae4369fdbd2b6a7e41a

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            POST /?wc-ajax=get_refreshed_fragments HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: http://defrankclothier.com
Connection: keep-alive
Referer: http://defrankclothier.com/sest/?qbot.zip
Cookie: PHPSESSID=b1fec60028029ef04b3a57a7e64ea562

search
                                         63.250.38.5
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
                                        
keep-alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
access-control-allow-origin: http://defrankclothier.com
access-control-allow-credentials: true
x-content-type-options: nosniff
x-robots-tag: noindex
x-litespeed-tag: f16_HTTP.200,f16_HTTP.200
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-litespeed-cache-control: no-cache
content-length: 295
date: Fri, 18 Nov 2022 22:54:09 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   295
Md5:    62780d5efb352248841f958666e817eb
Sha1:   a1bb34b0b6953c064722a0a25d64c730ee65a176
Sha256: 8c783b1ef60b2c84a7e1aa6519a9d62d02af7c6a8e7c127852dcad6d1152df75

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/2022/04/D-F-C2-300x300.png HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://defrankclothier.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         63.250.38.5
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:09 GMT
last-modified: Tue, 12 Apr 2022 07:28:36 GMT
accept-ranges: bytes
content-length: 19639
date: Fri, 18 Nov 2022 22:54:09 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size:   19639
Md5:    24b6f996585db54a7496607b2ebd09cf
Sha1:   2c0a2d5db5559208bdd399ea4d8f92619df05d92
Sha256: e938964a1a348a1e204af9372263072254cd01d98fd3b9f8e040f3bed38540e7

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/2022/04/D-F-C2-100x100.png HTTP/1.1 
Host: defrankclothier.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://defrankclothier.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         63.250.38.5
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Fri, 25 Nov 2022 22:54:09 GMT
last-modified: Tue, 12 Apr 2022 07:28:36 GMT
accept-ranges: bytes
content-length: 5506
date: Fri, 18 Nov 2022 22:54:09 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size:   5506
Md5:    eb65fb32fc2e38e012bbf3349cad71cb
Sha1:   ac1e041570eb856400a6b26a4ce4972c2cdea148
Sha256: 39937b79f4cc8f49b31f4dfce7b85f31110c5e3c389b04ab960c550e980316dc

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /css?family=Rubik%3A300%2C400%2C500%2C700%7CPacifico%3A200%2C400%2C500%2C600%2C700&ver=1.0 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://defrankclothier.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 18 Nov 2022 22:54:07 GMT
date: Fri, 18 Nov 2022 22:54:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---