r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4a5e9bc8b7891ac5f4552c29bcbaedb0
39735081eeb64eae477c61c1147daeb68fb37b22
c465efaf205ff2992af02c16187ca14a658cd5335b892903374f3adab32a8cd9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C465EFAF205FF2992AF02C16187CA14A658CD5335B892903374F3ADAB32A8CD9"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3451
Expires: Fri, 16 Dec 2022 02:14:51 GMT
Date: Fri, 16 Dec 2022 01:17:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 381442da2a14cb93770f4c8f6e19d35b
31c48467751e2450a63004c57eea0c7872023eaf
61b0985f47033bd7020ab3b8cdcbc6c17be6ab9b6feba69e006088b78e21c0f0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61B0985F47033BD7020AB3B8CDCBC6C17BE6AB9B6FEBA69E006088B78E21C0F0"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7646
Expires: Fri, 16 Dec 2022 03:24:46 GMT
Date: Fri, 16 Dec 2022 01:17:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5b38399fcc8246505e5e6b0f62803a5a
bb374f8d97b2bd798873d74c6bbab20ad6843e96
406ab3af8adf2b151c052a06c0379fd8d83d3362e90c17ac2e5481b6b9a7441f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "406AB3AF8ADF2B151C052A06C0379FD8D83D3362E90C17AC2E5481B6B9A7441F"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5305
Expires: Fri, 16 Dec 2022 02:45:45 GMT
Date: Fri, 16 Dec 2022 01:17:20 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 16 Dec 2022 00:33:57 GMT
content-type: application/json
age: 2603
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 7a+HFhbC8YZy9hoM5/YYhSvwp/my1R+qc9RZpYnJTaivsFgBoSqfAlGj49l3Qf4ZoEmM4oIVLwc=
x-amz-request-id: 3NK0EW6M0HZKKC5Z
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 16 Dec 2022 00:53:00 GMT
age: 1460
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 16 Dec 2022 01:17:20 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 9ce1639fb7c62920349b95d551f94b83
0d3c636baa476437b3dde916ef317739dfb6af2c
c077cc43e6c97cb099be6b496e04dc72ba611a2c64cbb3f96f94c483cc1e5e7b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:17:20 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 14 Dec 2022 18:56:47 GMT
Expires: Wed, 21 Dec 2022 18:56:46 GMT
Etag: "0d3c636baa476437b3dde916ef317739dfb6af2c"
Cache-Control: max-age=494965,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77a394291f1eb506-OSL
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 16 Dec 2022 00:33:21 GMT
age: 2639
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b9f0adeb27a19629aeff6f34de67f3ad
3876d1b871d7da6d18de23c2edb301eb30728066
c5744a90c8f66629aa2331465a32afe0d430b36d16fd98bc821e370f1b24463c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5082
Cache-Control: max-age=119662
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:17:20 GMT
Etag: "639ae3b4-1d7"
Expires: Sat, 17 Dec 2022 10:31:42 GMT
Last-Modified: Thu, 15 Dec 2022 09:07:00 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.161.136.21101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.136.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CG0IBsL1+DOobco5fOl7Pg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IcUfTHrtyAH9mfrcaHVH9hTASrk=
joblets.com.ng/ta/index.php?qbot.zip
66.29.141.206301 Moved Permanently 0 B URL HTTP/2 joblets.com.ng/ta/index.php?qbot.zip
IP 66.29.141.206:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /ta/index.php?qbot.zip HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
x-powered-by: PHP/7.4.33
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
x-redirect-by: WordPress
location: https://joblets.com.ng/ta/?qbot.zip
content-length: 0
date: Fri, 16 Dec 2022 01:17:21 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7915
Expires: Fri, 16 Dec 2022 03:29:17 GMT
Date: Fri, 16 Dec 2022 01:17:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7915
Expires: Fri, 16 Dec 2022 03:29:17 GMT
Date: Fri, 16 Dec 2022 01:17:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7915
Expires: Fri, 16 Dec 2022 03:29:17 GMT
Date: Fri, 16 Dec 2022 01:17:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7915
Expires: Fri, 16 Dec 2022 03:29:17 GMT
Date: Fri, 16 Dec 2022 01:17:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7915
Expires: Fri, 16 Dec 2022 03:29:17 GMT
Date: Fri, 16 Dec 2022 01:17:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6873e310-18bc-4048-a538-a334095e2630.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6873e310-18bc-4048-a538-a334095e2630.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05e3e1b7b913ea0135618df17b15cf3d
af81d8f513ce5e57331b23e7293c24b788d14814
c18f41a6b4367ad833d41ff6686cc8987e5b34961db4ac689834b4c013946ad7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6873e310-18bc-4048-a538-a334095e2630.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3482
x-amzn-requestid: 01bd8674-7772-4df9-a9ab-f4769a77a856
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNQQKEMOoAMFZ-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9400-4fa03c782e961da07a7ea339;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:39:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lYZHdOdBQ9Kqvd1HG6uZY20FkoQqm0NeQvgTWCi6LHhIy3qqisF4BQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 21:56:47 GMT
age: 12035
etag: "af81d8f513ce5e57331b23e7293c24b788d14814"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61dd0e23-c172-4f68-b254-9fd26e2782f6.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61dd0e23-c172-4f68-b254-9fd26e2782f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d9d95001bfc942895a41fb4bbd50c56
67e1f40fbf45d7f32e4bd05f7c9e71f352483fa9
042c3809a802ef44ff6de8a270194cdf69cc3ba9d8f5192110dda7829d2d52d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61dd0e23-c172-4f68-b254-9fd26e2782f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5710
x-amzn-requestid: 9e587daa-7632-4765-a8c5-6cea13058bac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNQQJEp6IAMF1Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9400-63c04fa4691c32f914301a3d;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:39:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Qj7aKHjYDmSpAkdiFXcYQ5fL2bIwo2KEYkDvvKo-_YBToKJVM2GWng==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 22:12:29 GMT
age: 11093
etag: "67e1f40fbf45d7f32e4bd05f7c9e71f352483fa9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4be35fbc-e4f0-449f-a4a6-8630871dbbca.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4be35fbc-e4f0-449f-a4a6-8630871dbbca.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ffaf7e3899d2e846612269608ae1286
07e6d729ad09430b483f44c16146dd2707935314
0d101f77b5159818bdac6fd41d43df60d95a08cebea93b9c661d5694a2d92f54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4be35fbc-e4f0-449f-a4a6-8630871dbbca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11887
x-amzn-requestid: 4af02abe-5573-4788-9790-f76620857d86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNRX9FVdIAMFxfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b95cc-484ff6083d4e7b483cbfcd96;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:46:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8V4kSXlD1XwSR_1OFl7eFOsYwqUatih-UFve0BaTlp5XgXzTGZSWCg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 21:56:47 GMT
etag: "07e6d729ad09430b483f44c16146dd2707935314"
content-type: image/jpeg
age: 12035
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ae976ce-079c-4e5f-b8b9-c1ee2adaa868.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ae976ce-079c-4e5f-b8b9-c1ee2adaa868.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78c629538ec0e3052bbfc30143472461
4730867561c6116e461a82d5448d7fb10d5df533
8987e66414a582c18eaf65e0c2139213817cdc524dcffe2abc4f4a7c7cb3342e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ae976ce-079c-4e5f-b8b9-c1ee2adaa868.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12785
x-amzn-requestid: 55fe73e5-e843-4f9b-88ee-fc3aa5365dc6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNQQLFqaoAMFQHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9400-0a135ed9618b37ea59813d56;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:39:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WKzermMXjxJ_I7wum86KjSEfxd-OvBXbsYdNCshK0n7mhnfb2fPHVw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 21:57:04 GMT
age: 12018
etag: "4730867561c6116e461a82d5448d7fb10d5df533"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff22fa4a3-ba63-491d-a915-4c7ea375f720.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff22fa4a3-ba63-491d-a915-4c7ea375f720.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1439b219bc14c22c96fdba089d03dc40
bfe8173cae5e2c8fa781f11661dc0893fc159eb3
a5aad1c8c3464232f0bb74c8115ea0cb0d2ac6f43c5418feb967803ea8286ff3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff22fa4a3-ba63-491d-a915-4c7ea375f720.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7896
x-amzn-requestid: cf094f2f-ce6b-4626-8168-36944d557cb7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dHbA4FexoAMFe-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63993ed2-60e1d5f53f3d2ad01060a8d4;Sampled=0
x-amzn-remapped-date: Wed, 14 Dec 2022 03:11:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zUZEYcY4OgIDoMd-y4mtxmJxD09IeYbmsvgWPauxLcZ4IGr8sDNcgw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 03:25:04 GMT
age: 78738
etag: "bfe8173cae5e2c8fa781f11661dc0893fc159eb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44d28b3d-7927-4346-840a-8cfc2e3ea292.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44d28b3d-7927-4346-840a-8cfc2e3ea292.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30739a2896ba00103578a7cd3589767c
b8da5c239832fc19c22722c23412adac1ef200ec
b406a1135ac6a56d3b7e3ba1f9adeb1a69d56e7a070f30e1dd20fea4ebedf3a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44d28b3d-7927-4346-840a-8cfc2e3ea292.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5424
x-amzn-requestid: e579538e-8990-425d-a635-ede55d60ed50
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNSvBETaoAMFyKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b97f9-3560628d3673feb33f4b958e;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:56:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CjP6MuggD8GZZTJUICeoKXHsb5qopw53uqsKfb6drH5nHj4gL1CptQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 22:13:35 GMT
age: 11027
etag: "b8da5c239832fc19c22722c23412adac1ef200ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7554f75e4959d216038e95962579e741
10f237248a234544391eb351e97515d385a372b3
cb2bc78887ed330dee49076c04ba87723fdc2a869a124dba2a475cac174480da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:17:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f8d21614a5f07dffe6f4fb52c6133ce1
aefac3c1cd05fd22634f71247cd4dd2e6fa1be88
b0f085491438d08c58906100ae4ddc2fea2e4b34b333c8f3a5a2258fdfd7a51e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:17:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f8d21614a5f07dffe6f4fb52c6133ce1
aefac3c1cd05fd22634f71247cd4dd2e6fa1be88
b0f085491438d08c58906100ae4ddc2fea2e4b34b333c8f3a5a2258fdfd7a51e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:17:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash abadd7d5a404a7814a3d13e7698d0821
6f3dbf5dfcc020dabad7ecfe832fe31d32a046c7
9d56ae6698401d555d5d99c088261a58a3287b8f3ef691e899f10f9e87c5a520
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:17:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
joblets.com.ng/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
66.29.141.206200 OK 12 kB URL HTTP/2 joblets.com.ng/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (47826)
Hash c4d7cc056b49b00e05cc29cc59aa3d5a
48c426bec60099d2a8628df430ed682c72aab42a
8009c12f2674a8d38401f4b5faad1fef2cfcd18a8c927ed2561ae9d7de9b57b5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 14:42:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11616
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?ver=6.1.1
216.58.211.4200 OK 550 B URL HTTP/2 www.google.com/recaptcha/api.js?ver=6.1.1
IP 216.58.211.4:0
File type ASCII text, with very long lines (850), with no line terminators
Hash 11c9486263c94b42961f4637ea6f5aa7
794311a15a4ee93e5aae80238e9e78669779c14b
60fc2ef436314dafe3ac532c1b2421764adfea6f5357ad329b816ffb5bb23a37
GET /recaptcha/api.js?ver=6.1.1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 16 Dec 2022 01:17:22 GMT
date: Fri, 16 Dec 2022 01:17:22 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 550
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 215b076267525eee2fadb8d889e5f351
28d0a048b68627916191262fee89a8db4b1614b2
44da07142c9aad7201a7ccb38b4bf03c82f1a66b730a953c0306fe09e3025ad5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:17:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
joblets.com.ng/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.5.2
66.29.141.206200 OK 22 kB URL HTTP/2 joblets.com.ng/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.5.2
IP 66.29.141.206:0
File type Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Hash 37fc35d94f231f49342455aa62a49a31
3237b3e70a77650948f40db344d3acee04801eac
dd0a6071e780a985f5af054517849d094449be56592bf136928954d47fe18af5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.5.2 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 21:30:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 22479
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.5.2
66.29.141.206200 OK 1.8 kB URL HTTP/2 joblets.com.ng/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.5.2
IP 66.29.141.206:0
File type ASCII text, with very long lines (10435), with no line terminators
Hash f7237084ac82ea6a4f5bf1448c3a2148
60457635a5e809ee1199c61090d8e33b91e8e1f2
18a1cb7f08c1ace52a79f46d73461ed03bf8cf5c9e8a3687eacc3e04f08e7a09
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.5.2 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 21:30:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1754
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-includes/css/classic-themes.min.css?ver=1
66.29.141.206200 OK 217 B URL HTTP/2 joblets.com.ng/wp-includes/css/classic-themes.min.css?ver=1
IP 66.29.141.206:0
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Wed, 02 Nov 2022 12:08:33 GMT
accept-ranges: bytes
content-length: 217
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
66.29.141.206200 OK 848 B URL HTTP/2 joblets.com.ng/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
IP 66.29.141.206:0
Hash c962ba8e7d42ff9da18392b41dad5151
7b89bc5e6ad161df2e6d7f7fb3ad894aa04b827f
322a4949c5bdd82eb80c13bbbd407ce30a7ad226685c54270d246cb6960e524e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 21:30:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 848
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/smoke.min.css?ver=6.1.1
66.29.141.206200 OK 839 B URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/smoke.min.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (3421), with no line terminators
Hash c24538fd1065e32e03272a12ab67a013
54d7faa00701c3bd44b5bc00fb1fbcc43d159e5f
1272f52259f4c4c87b5534a4295a9bc662d5ea30eab4fe6dc934a9303f024ab0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/smoke.min.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Wed, 25 Nov 2020 20:12:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 839
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/owl.carousel.min.css?ver=6.1.1
66.29.141.206200 OK 1.1 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/owl.carousel.min.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (4068), with CRLF line terminators
Hash 21ce046604f9f5b28b6f827a684e16bb
f3afcf7e7e34db174cdded938eb459b9507c5e4d
8dca57d1c899bb15189f9a3e222af3ae4c68de1510dd5d98f1740dd64b4637ae
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/owl.carousel.min.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Thu, 07 Oct 2021 18:49:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1121
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.0.1
66.29.141.206200 OK 8.4 kB URL HTTP/2 joblets.com.ng/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.0.1
IP 66.29.141.206:0
File type Unicode text, UTF-8 text, with very long lines (62781), with no line terminators
Hash 6688cf6da7f8e77fce4b23ecd4fa64d4
b787949222758071c1a6221f698cad9bf9b1db2e
1b0db771c94b550d2e2eb123523a8357529aa8ec8869be9e8aabb2595055f438
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.0.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 21:30:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8434
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/bootstrap.min.css?ver=6.1.1
66.29.141.206200 OK 20 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/bootstrap.min.css?ver=6.1.1
IP 66.29.141.206:0
File type Unicode text, UTF-8 text, with very long lines (65300)
Hash e1a652c1f35e4497c4935e90479c841e
ff6d3c3637646accddc9bb8121f7ad30d657650e
2342729782870c5b506788bc63fa5d8fb8f638ad52c9e315271616a1189337cb
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/bootstrap.min.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Tue, 08 Dec 2020 07:18:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 19930
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.0.1
66.29.141.206200 OK 2.3 kB URL HTTP/2 joblets.com.ng/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.0.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (17809), with no line terminators
Hash 09d93f4de720fc11a2944fea38fcafcd
e46cf6a8d3373c7fa5feba0b30cd9b9983f719b2
cf900721be13309b96cf6c6f56b1c0a40194e8aea1b0a0361739219c9c0f9998
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.0.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 21:30:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2329
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/pretty-checkbox.min.css?ver=6.1.1
66.29.141.206200 OK 2.5 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/pretty-checkbox.min.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (19017), with CRLF line terminators
Hash 9875201d7317241b4a5827b36843fbb2
9b2a11af1b62d47dacb527c9b842a006b72d8c95
6b0e8a73f4a45b019bde4a20d1c962e233e725842226c3d38bc94fcc6eadd733
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/pretty-checkbox.min.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Wed, 25 Nov 2020 20:12:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2489
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/toastr.min.css?ver=6.1.1
66.29.141.206200 OK 2.5 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/toastr.min.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (5420), with no line terminators
Hash 59e38ad7a708c07e2cd535a44f24f59c
581899f1f889a5a8563659dcfb27c34a0f536add
917f48225a498d4ef4e6c49bdabd02ed20c01ff8f2cf34ce0748622f82912088
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/toastr.min.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Wed, 25 Nov 2020 20:12:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2497
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/sbmenu.css?ver=6.1.1
66.29.141.206200 OK 8.1 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/sbmenu.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with CRLF line terminators
Hash d0a34f1fd80f073ed9dad2d4d7c9a6a7
214c0891de9403fe60567d19924cfb021cd0f34d
6433a63f01ee947bdfd02aed1b631072f4358da992e363449939c5081246424e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/sbmenu.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Fri, 25 Feb 2022 19:48:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8142
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/all.min.css?ver=6.1.1
66.29.141.206200 OK 12 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/all.min.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (59119)
Hash f286e5ab8fff36a43d406daa305ee5a8
e57a1d3ff6e89acadb6652566d2fbb7010c43003
86502649926ea8b98b10bf5e0b28846d0c5be7578858e861b960860f918bf892
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/all.min.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Thu, 05 Aug 2021 02:25:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12370
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/custom_style.css?ver=6.1.1
66.29.141.206200 OK 1.0 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/custom_style.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with CRLF line terminators
Hash 230dba103e393a870348598624f38306
4be76c90c249594c11cbfc91051f818c59839069
1ad480f257828ffc46b441b320576884b4e352c7e5968cba66a3e375ba5dee5d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/custom_style.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Tue, 24 May 2022 19:26:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1031
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/plugins/woocommerce/assets/css/select2.css?ver=7.0.1
66.29.141.206200 OK 1.7 kB URL HTTP/2 joblets.com.ng/wp-content/plugins/woocommerce/assets/css/select2.css?ver=7.0.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (14615), with no line terminators
Hash 6c806417d99922522c082e2223750bab
8797eb95862d7f1e48d437d95b3fc2bfe05d60b4
6e9c607f8013ac5e0ad31841452296256014ad282a2fe3e36208ac27f0a15edf
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/select2.css?ver=7.0.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 21:30:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1706
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
66.29.141.206200 OK 4.6 kB URL HTTP/2 joblets.com.ng/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (15660)
Hash 0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Thu, 06 Oct 2022 03:49:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4619
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
66.29.141.206200 OK 30 kB URL HTTP/2 joblets.com.ng/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (65447)
Hash 3a1740685bd5c0bbd5f2b812e1eb7fb4
488e07695da787fed18361c50292aef35abb5e81
4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 12:08:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30324
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/richtext.min.css?ver=6.1.1
66.29.141.206200 OK 1.6 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/richtext.min.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (5999), with CRLF line terminators
Hash 9e534982efac26eed0572489dff9409c
6cc585817d1c010320f86eed74ee5baed1801224
de8e06dd850405655ae1a5ce8472cf08d3ea0cf955d55fb77ef8e22a51841d88
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/richtext.min.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Wed, 25 Nov 2020 20:12:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1567
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/youtube-popup.css?ver=6.1.1
66.29.141.206200 OK 713 B URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/youtube-popup.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (1830), with CRLF line terminators
Hash e62242ad90471bdd2c20ff9caf0a4e65
1dfa4dca6ccb5863d5fbed780cf5f59c60382933
d83ab3c9068425525a2d1b9925598ac57196af6388fd963cc448bc232c793ae0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/youtube-popup.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Thu, 07 Oct 2021 18:53:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 713
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/protip.min.css?ver=6.1.1
66.29.141.206200 OK 4.2 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/protip.min.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9162aa4a703ab21e1a55868af9d6172e
18978a007c401dbeeba78af9b0295da8fa7a4439
3562a84e20fa7be5a17fe14a6424e3865790206bf690a85257f672a8f147cf2c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/protip.min.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Wed, 25 Nov 2020 20:12:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4247
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/flexslider.css?ver=6.1.1
66.29.141.206200 OK 1.2 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/flexslider.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (4397), with CRLF line terminators
Hash 5a08b5bd371da9e21dc1983eb06c852c
a44c8b267ac8072aa7f174f601a4dc3361c6ac8d
edf305d410bb06a29f25feecbdcbea7a952cdfbd67b73e0f32ec747dd3fcbe9a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/flexslider.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Thu, 07 Oct 2021 18:46:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1233
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/owl.carousel.min.js?ver=6.1.1
66.29.141.206200 OK 11 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/owl.carousel.min.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (31997), with CRLF line terminators
Hash 492cd7a29de6da8807928d7fe51a0d9e
87ce842a12404854b415ad53f2e54da8478a5ef3
2a8ebadce0a8f5b504bf8b2bc5d9b0ef8234b7dbcd4f536e685e96c685da849a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/owl.carousel.min.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Wed, 25 Nov 2020 20:12:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11143
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
66.29.141.206200 OK 2.8 kB URL HTTP/2 joblets.com.ng/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
IP 66.29.141.206:0
File type ASCII text, with very long lines (9937), with no line terminators
Hash 4317b1c024df372435f6482deadddeb3
5c8824a17e40a44ea8fc51568b98bdb1e2e7fab5
3798fb16289ba55459fb6d3b2efa915e3c019c5942759abb7bd19a0ef622b85d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 21:30:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2817
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
66.29.141.206200 OK 4.0 kB URL HTTP/2 joblets.com.ng/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 66.29.141.206:0
File type ASCII text, with very long lines (11126)
Hash 7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 14:06:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3995
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.0.1
66.29.141.206200 OK 3.2 kB URL HTTP/2 joblets.com.ng/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.0.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (9115)
Hash 66c388e07cfb57895688b3347ab7290b
f23bd7a31995b3b19924575f2afa297a29257856
3971f3ab5179d1f4f91d2c102f27c2bf1dac2c04e2f62ff3eae3ebfa8c28494e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.0.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 21:30:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3245
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.0.1
66.29.141.206200 OK 899 B URL HTTP/2 joblets.com.ng/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.0.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (1668)
Hash 22d65ba38528349e705d912ce26bf8ac
c89ba006009043d93b88ff155b4fec8797330550
6253bcb85e4267ad3ba843145534e729ee2c1d7e85e5b4ab5b2e074ae636bca3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.0.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 21:30:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 899
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/sbmenu.js?ver=6.1.1
66.29.141.206200 OK 1.6 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/sbmenu.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (6666), with no line terminators
Hash 6caf7e49500c393dffcbeb59b84ce2c4
d34180eecf8bbecf7f2baca3c081c9ff17508c13
854c4a5c11567f0e0d45868d3f6a60535a7b8f454bd4aa1503c00b7f8d1c57c5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/sbmenu.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Wed, 25 Nov 2020 20:12:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1575
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-includes/js/imagesloaded.min.js?ver=4.1.4
66.29.141.206200 OK 1.7 kB URL HTTP/2 joblets.com.ng/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP 66.29.141.206:0
File type ASCII text, with very long lines (5477)
Hash fa921f07ecc438baf227765de450e215
1fdd49d8bb681cb118ea8d67d4fc61b0ad46cc95
b2cc68637048b04952a2f33163f64571145dbe0817a14c68fe6f1661bd81091f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Sat, 13 Jun 2020 22:53:28 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1733
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.0.1
66.29.141.206200 OK 934 B URL HTTP/2 joblets.com.ng/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.0.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (2938), with no line terminators
Hash cf25dd071a208312bdc07f34d2cee027
76119563119eaae392ecc8903c989d98d0b93002
8635ba2cad8f887e72779bd526f8738ff6343c74cba715caf2eddea383ba7ce6
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.0.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 21:30:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 934
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.0.1
66.29.141.206200 OK 677 B URL HTTP/2 joblets.com.ng/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.0.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (2139), with no line terminators
Hash a43fc0dde8fdd69656ad0957e62849c7
4b07cf702ac8a770c8cbffc22b9a788b6e5389ba
1ce3d0493424870c81deec0ec41de0592d2af9f91cd8081cd40a1d7ea89b614f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.0.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 21:30:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 677
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/isotope.js?ver=6.1.1
66.29.141.206200 OK 9.6 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/isotope.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (32019), with CRLF line terminators
Hash 6a142c770dec3938ee87d8d159eaed5c
4b8c7f70fa66e04b8aef9b87feeeb3697143329d
83e18ab939e05421d889d71a61924ab032ed1acc6c0d66b3d50e3f040f76e59f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/isotope.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Wed, 25 Nov 2020 20:12:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 9603
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.0.1
66.29.141.206200 OK 974 B URL HTTP/2 joblets.com.ng/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.0.1
IP 66.29.141.206:0
File type HTML document, ASCII text, with very long lines (3037), with no line terminators
Hash fd8b126d3265cc6afc5b672273f78531
5058e579885cccf36c44bdeb5b7318bd75952af9
72da6709db061566cb5f67322f674a77f68acb69ac6181d37f9ca4a1bb7287b7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.0.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 21:30:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 974
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
66.29.141.206200 OK 3.7 kB URL HTTP/2 joblets.com.ng/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
IP 66.29.141.206:0
File type HTML document, ASCII text, with very long lines (12310), with no line terminators
Hash dc6411bfa6891b75944f0074c945752d
03c1a8b686c287068c61ab90f58d905496d65085
96abeabc9cc7b4c2b7d46579f2827c67ccd02fbaef0343ae052f71accd381b0d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Tue, 01 Nov 2022 21:30:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3706
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/toastr.min.js?ver=6.1.1
66.29.141.206200 OK 1.3 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/toastr.min.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (3695), with no line terminators
Hash 5b6e00c92518b78aac6ef8123e5bea60
b2e7a100def3b43cb398a94b8ae8705b6984546c
3b33cfbf761de8ed1a6806fa0678555aa510ab93aaad4f76c7ab95694b6402f4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/toastr.min.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Wed, 25 Nov 2020 20:12:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1344
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/smoke.min.js?ver=6.1.1
66.29.141.206200 OK 5.4 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/smoke.min.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (17970), with no line terminators
Hash b457bf2ccf5c9f727d4955f1332d2041
4cf405cb22be82e3aa6d566995ea636ecd35a014
1a617ba96e58fbb36a86b4db92a51773b85ece1ce0ca3be0ee0452c5caa43da8
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/smoke.min.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Thu, 07 Oct 2021 19:34:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5363
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-includes/js/masonry.min.js?ver=4.2.2
66.29.141.206200 OK 7.1 kB URL HTTP/2 joblets.com.ng/wp-includes/js/masonry.min.js?ver=4.2.2
IP 66.29.141.206:0
File type ASCII text, with very long lines (23966)
Hash acbcd70975a7cfaf92dc02b2ede1fd24
7a50461999972abb541d4baf1ccf23d8e435aad6
c1250ec4943afb181633078eb9d67c5944fc64b2bb219c98406c286e9449189e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:23 GMT
content-type: application/javascript
last-modified: Sat, 13 Jun 2020 22:53:28 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7117
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
66.29.141.206200 OK 6.8 kB URL HTTP/2 joblets.com.ng/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
IP 66.29.141.206:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 3d0ff0f6731d9cef860af9a5a0e3ce62
13aed444304d782039e261475c8b4450b83e743e
e8d05db77732c71843ced6f386ea82eb32243ac36e7ca3e071cb7f53e2ffbce5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:23 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 12:08:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6800
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/ta/?qbot.zip
66.29.141.206404 Not Found 23 kB URL HTTP/2 joblets.com.ng/ta/?qbot.zip
IP 66.29.141.206:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (22838), with CRLF, LF line terminators
Hash 4f6a79c2bce07eee4f78ad26caf04ed3
d80aa3e8fbc306455d978755a9eb7c059c065563
f5f4485358a18822c426f5ba6b866568b0d91fcdd824cf30ec9cf9bda45489e4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /ta/?qbot.zip HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
x-powered-by: PHP/7.4.33
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <https://joblets.com.ng/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2
66.29.141.206200 OK 1.0 kB URL HTTP/2 joblets.com.ng/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2
IP 66.29.141.206:0
File type ASCII text, with very long lines (3224)
Hash 8e5968255afb7b8150cfa6580a07f9fa
17d3ef1fc3886a503f677a777da4d69d3a081c13
d87df7901b51c7aa9309e2b0b87400f14a3bd0c4239386541cbacfe7d8157319
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:23 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 12:08:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1001
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/rating.js?ver=6.1.1
66.29.141.206200 OK 789 B URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/rating.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (2688), with no line terminators
Hash 7b6139da6a59c57f17e41dc5b39ee70b
ffea35b9a34db88ec98fa0dcef8134106dc16c20
376793f5e96ed6c414473fe9490c7d9e4af08e988c73d9ddd0995946e187ad41
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/rating.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:23 GMT
content-type: application/javascript
last-modified: Thu, 07 Oct 2021 19:33:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 789
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins:500&display=swap&ver=1667343075
142.250.74.106200 OK 6.9 kB URL HTTP/2 fonts.googleapis.com/css?family=Poppins:500&display=swap&ver=1667343075
IP 142.250.74.106:0
Hash 3dbd69e50a1bcf20987f2618548a056e
27df764d5eb221778f5a02a1653d49be556667c4
7ddaeb6c235ee1a931ff913bb021a458b4a9a0f4c4e4b18d5847724b1fb041a3
GET /css?family=Poppins:500&display=swap&ver=1667343075 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 16 Dec 2022 01:17:22 GMT
date: Fri, 16 Dec 2022 01:17:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/youtube-popup-jquery.js?ver=6.1.1
66.29.141.206200 OK 697 B URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/youtube-popup-jquery.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (1231), with CRLF line terminators
Hash eef2331a60490be0eebd11b19ac26d53
8a65eac6d51d60de547d86aac84d4a6f693cbb92
23502e7ae12dfd2aef2c976fff021979262c6ca9bf57cffc0ac13cd7c84fb328
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/youtube-popup-jquery.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:23 GMT
content-type: application/javascript
last-modified: Thu, 07 Oct 2021 19:36:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 697
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/counter.js?ver=6.1.1
66.29.141.206200 OK 1.2 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/counter.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (3079), with no line terminators
Hash f8c2044ec187ff6729510b7d57426e78
d4f51d07d2a878ddb3caa1fb6ad794ae9483bed3
7779cc60bee2fd4369e03c167d5996a1b10138f89d5999be47af3127b07a59a4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/counter.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:23 GMT
content-type: application/javascript
last-modified: Tue, 08 Jan 2019 21:55:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1171
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins:400,500,600&subset=latin,latin-ext
142.250.74.106200 OK 9.7 kB URL HTTP/2 fonts.googleapis.com/css?family=Poppins:400,500,600&subset=latin,latin-ext
IP 142.250.74.106:0
Hash 59ec6ce21d89ac3e47a3be0bbf29fc98
77937adbd4a7325e48c55a973ba8cecec44c4c04
a954260615d6e4c8ccd42e6992d3c34a201d8e86a5933bbee049f9fb75e83d23
GET /css?family=Poppins:400,500,600&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 16 Dec 2022 01:17:22 GMT
date: Fri, 16 Dec 2022 01:17:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/custom-script.js?ver=6.1.1
66.29.141.206200 OK 8.0 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/custom-script.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with CRLF line terminators
Hash 467c7cb25fbdcb2e69dc7c2d53c899d7
3319d3d148e4e17dfee3f8656fb4e5cae976117c
0e4c64482c2cedbff380ce6fda3948b7fc42a74ce9629e53ee5071f0a8ab4f72
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/custom-script.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:23 GMT
content-type: application/javascript
last-modified: Mon, 18 Jul 2022 22:41:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7997
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/jquery.waypoints.min.js?ver=6.1.1
66.29.141.206200 OK 2.6 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/jquery.waypoints.min.js?ver=6.1.1
IP 66.29.141.206:0
File type Unicode text, UTF-8 text, with very long lines (8863)
Hash 9ac7d06d536f08f1b22abc2e4d53f85a
2f7809be662e8b60690e9c93bc57e46ae06e906c
ac26b8d1e1df8be26af42c290e9ecc4bd0afc655f88e6bec2f73e87bf6ca6474
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/jquery.waypoints.min.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:23 GMT
content-type: application/javascript
last-modified: Sun, 04 Sep 2016 04:22:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2592
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/jquery.flexslider.js?ver=6.1.1
66.29.141.206200 OK 6.4 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/jquery.flexslider.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (22958), with CRLF line terminators
Hash 1ee45938f511006b8f0bcd55079f67c6
dbf03fc7ab26d2e115b8eac181cc91f5dc44a3b2
b3b9f6a91caffc635e4863273158c270b3ce3264ef49bb0c15fa765ed5cd4e0b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/jquery.flexslider.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:23 GMT
content-type: application/javascript
last-modified: Thu, 07 Oct 2021 19:31:54 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6370
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/stats.js?ver=6.1.1
66.29.141.206200 OK 375 B URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/stats.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (711), with no line terminators
Hash 8455d0b9dda46d8fb5a7b0b0d860660a
f4e922657e7c69fff75d4f56b25ac33d1384b3b5
0dcfcf2a2a3cf03b95426406b2a814b70ba21a2df592edfd174c4cdd93b538a1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/stats.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:23 GMT
content-type: application/javascript
last-modified: Thu, 07 Oct 2021 19:35:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 375
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/bootstrap.bundle.min.js?ver=6.1.1
66.29.141.206200 OK 21 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/bootstrap.bundle.min.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (65293)
Hash c2c9bea4d0a5accef46e4fa2c0894abf
331fcc19246b345c3d5cb8d968aafb1a38433edb
9f8d6459ed7e252ed7d6184d31f6effa389c4d18ccd30f6ea0e28c113ba0a61f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/bootstrap.bundle.min.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Tue, 08 Dec 2020 07:18:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 21203
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/select2.full.min.js?ver=6.1.1
66.29.141.206200 OK 18 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/select2.full.min.js?ver=6.1.1
IP 66.29.141.206:0
File type Unicode text, UTF-8 text, with very long lines (33289), with CRLF line terminators
Hash cb7fe8b6e6245341096f822647793f4c
3c4f82d1ca76e07baf55c407b037603085df355c
f6d27f5456741658d83166b8b76e5c958b82c429ee2a158205c97877dc5c0e1d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/select2.full.min.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: application/javascript
last-modified: Thu, 04 Nov 2021 23:11:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18537
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/images/404.png
66.29.141.206200 OK 48 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/images/404.png
IP 66.29.141.206:0
File type PNG image data, 570 x 239, 8-bit/color RGBA, non-interlaced\012- data
Hash 89498b7501f685bdf3f7a45e7dc13875
5baa2730b300747754decba0ceac7cb90f15f265
88f9d656d3c96de50e77907a6edc35876236847591f13262e5bed6d728457abf
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/images/404.png HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: image/png
last-modified: Thu, 04 Feb 2021 06:08:38 GMT
accept-ranges: bytes
content-length: 48425
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/js/chart.min.js?ver=6.1.1
66.29.141.206200 OK 51 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/js/chart.min.js?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (65414)
Hash 2f604416417eb9bfa67ca8506fb75638
414bcb9536ecb5f045e5856fcafa24816af23920
57a01f92494c13efeb05d3be16fc53101779385cc932cf5be2f1d67a752ae4e2
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/js/chart.min.js?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:23 GMT
content-type: application/javascript
last-modified: Wed, 29 Jul 2020 20:44:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 51164
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/uploads/2021/02/joblets-logo.png
66.29.141.206200 OK 79 kB URL HTTP/2 joblets.com.ng/wp-content/uploads/2021/02/joblets-logo.png
IP 66.29.141.206:0
File type PNG image data, 1025 x 241, 8-bit/color RGBA, non-interlaced\012- data
Hash 981e5c12ad693574a9d3c97e8b2e3f50
705e324db0de0755a55f1a477baa97eb2641aa40
7c56a9ebb5b0c49cceecbc61f8c05e40d9181f94d6aec2178985bcc8b135c433
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2021/02/joblets-logo.png HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: image/png
last-modified: Mon, 24 Oct 2022 03:13:54 GMT
accept-ranges: bytes
content-length: 79426
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/css/theme.css?ver=6.1.1
66.29.141.206200 OK 74 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/css/theme.css?ver=6.1.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (6073), with CRLF line terminators
Hash 4603748da026b26967cd10d7a1dd962d
3ec9b41ece926082de3f854ad82e1d279229064a
3b2abca2862d517363a5aa57d29e7410e35c077c3eafa3462395685aa5ba41e6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/css/theme.css?ver=6.1.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:22 GMT
content-type: text/css
last-modified: Tue, 19 Jul 2022 17:52:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 74021
date: Fri, 16 Dec 2022 01:17:22 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e709a04ea80113c435ca4f9d37e93e7
053f34d74eded192d698bb20956897ec3e3ad23b
2535554bd9d9004c7888cde496278d847002218fb1d35a3d4bacdd98c8a92ff9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:17:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e709a04ea80113c435ca4f9d37e93e7
053f34d74eded192d698bb20956897ec3e3ad23b
2535554bd9d9004c7888cde496278d847002218fb1d35a3d4bacdd98c8a92ff9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:17:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
216.58.207.227200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://joblets.com.ng
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 13:33:11 GMT
expires: Sat, 09 Dec 2023 13:33:11 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
age: 560653
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
216.58.207.227200 OK 7.7 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Hash a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://joblets.com.ng
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 19:28:50 GMT
expires: Thu, 14 Dec 2023 19:28:50 GMT
cache-control: public, max-age=31536000
age: 107314
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e709a04ea80113c435ca4f9d37e93e7
053f34d74eded192d698bb20956897ec3e3ad23b
2535554bd9d9004c7888cde496278d847002218fb1d35a3d4bacdd98c8a92ff9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:17:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
joblets.com.ng/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=7.0.1
66.29.141.206200 OK 1.1 kB URL HTTP/2 joblets.com.ng/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=7.0.1
IP 66.29.141.206:0
File type ASCII text, with very long lines (7043), with no line terminators
Hash 398489038b789364a5c83f044e11974d
d5caf5f64c45693de65b5c0a801bfbf83a325485
32365dde0c909abbb02d8b6a8d9938056ba47f325d51e75082e3d265ce5f76d5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=7.0.1 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:24 GMT
content-type: text/css
last-modified: Tue, 01 Nov 2022 21:30:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1058
date: Fri, 16 Dec 2022 01:17:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/themes/exertio/webfonts/fa-brands-400.woff2
66.29.141.206200 OK 76 kB URL HTTP/2 joblets.com.ng/wp-content/themes/exertio/webfonts/fa-brands-400.woff2
IP 66.29.141.206:0
File type Web Open Font Format (Version 2), TrueType, length 76008, version 330.-16253\012- data
Hash c4af52f53368b81cc3ea577f37f9a916
c3f74ba2dc7b1a65db133419f99aed7de1645342
ec2e22fd918a8ffef0f54f466fb7edd2c586f39dad794cd25a0a97ce36c404d2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/exertio/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://joblets.com.ng/wp-content/themes/exertio/css/all.min.css?ver=6.1.1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:24 GMT
content-type: font/woff2
last-modified: Wed, 25 Nov 2020 20:12:04 GMT
accept-ranges: bytes
content-length: 76008
date: Fri, 16 Dec 2022 01:17:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/uploads/2020/12/sz.png
66.29.141.206200 OK 624 kB URL HTTP/2 joblets.com.ng/wp-content/uploads/2020/12/sz.png
IP 66.29.141.206:0
File type PNG image data, 1920 x 200, 8-bit/color RGB, non-interlaced\012- data
Size 624 kB (624318 bytes)
Hash c665c4672031f46d2e63de38cdba2e72
58a8aa086a7ef83189d8c51ee3a9d027dae4567f
e2748fc514f144ef113c076e5f33cb18516e273f4d75556e20c66e83c286eafd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2020/12/sz.png HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:24 GMT
content-type: image/png
last-modified: Thu, 06 Oct 2022 04:22:26 GMT
accept-ranges: bytes
content-length: 624318
date: Fri, 16 Dec 2022 01:17:24 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
joblets.com.ng/?wc-ajax=get_refreshed_fragments
66.29.141.206200 OK 210 B URL HTTP/2 joblets.com.ng/?wc-ajax=get_refreshed_fragments
IP 66.29.141.206:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 0c97a46508dc677362be2a79fd34feea
bce89aaf991907a16c951cc6a9a8121045374e22
3e799d21e1116a135fcd10c071506f34b99cf79d93b5548199e1376f88b62434
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: https://joblets.com.ng
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
access-control-allow-origin: https://joblets.com.ng
access-control-allow-credentials: true
x-content-type-options: nosniff
x-robots-tag: noindex
content-type: application/json; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-length: 210
date: Fri, 16 Dec 2022 01:17:25 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 11cfeda2802547afadbbd10fd45ea039
d7118ea09cce13c5ae5192d24e0b71d380153db0
e9db2ce30643914af2d2572e96bae9c74a4824f4bd0c5ff22086465f2b77cef7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:17:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/recaptcha__en.js
142.250.74.3200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/recaptcha__en.js
IP 142.250.74.3:0
File type ASCII text, with very long lines (649)
Size 163 kB (163396 bytes)
Hash aa75370bb1ce2d5b05b0d02f6feecba4
f110915b53288da7b267c51210cfc239dc0b5591
cfb8dadaba93a5e0a08739ce589b55cc61fb93d0c616da564394ce925bef6197
GET /recaptcha/releases/pn3ro1xnhf4yB8qmnrhh9iD2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://joblets.com.ng
Connection: keep-alive
Referer: https://joblets.com.ng/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163396
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 16:24:11 GMT
expires: Thu, 14 Dec 2023 16:24:11 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 08 Dec 2022 01:21:32 GMT
content-type: text/javascript
age: 118394
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
joblets.com.ng/wp-content/uploads/2021/02/fav-joblets.png
66.29.141.206200 OK 37 kB URL HTTP/2 joblets.com.ng/wp-content/uploads/2021/02/fav-joblets.png
IP 66.29.141.206:0
File type PNG image data, 92 x 77, 8-bit/color RGBA, non-interlaced\012- data
Hash 4eeb1f071961012790d66615d71c234f
e04256b301d7bd592b9586e8dabee781ea21105c
3a9d86433ff5cd482d7b18f568d0b437fe73d3e783d885fa0fdecfeb87ae299d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2021/02/fav-joblets.png HTTP/1.1
Host: joblets.com.ng
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joblets.com.ng/ta/?qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 23 Dec 2022 01:17:25 GMT
content-type: image/png
last-modified: Mon, 24 Oct 2022 03:36:46 GMT
accept-ranges: bytes
content-length: 37236
date: Fri, 16 Dec 2022 01:17:25 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2