r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4c9ec202b798d350b6582220b7bb8457
d16ca24cd60b349231ad06fa5db32f54a3bc9e09
df036d315a613ac6396b77afb0a4ea5f793091786be0cbf3f3a0d043bc1d1d3c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF036D315A613AC6396B77AFB0A4EA5F793091786BE0CBF3F3A0D043BC1D1D3C"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2607
Expires: Thu, 27 Oct 2022 20:35:40 GMT
Date: Thu, 27 Oct 2022 19:52:13 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 221b3fe9a6458de64d8bbfcd4a8e2f36
988c93428ff15108d46a11865e1c7e2782fbae34
a5ff1b60b9ef85086d0c6617d9d39cf17ae45855bf7b0ee24ec49ad5a863c18e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6560
Cache-Control: max-age=142096
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:52:13 GMT
Etag: "635a4fdd-1d7"
Expires: Sat, 29 Oct 2022 11:20:29 GMT
Last-Modified: Thu, 27 Oct 2022 09:31:09 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22eebb819dc140cc288474d9891526b4
45c18772664e9e3efb6a44d7da93699c81f71827
ce6a96e470dbfb48ff42fdaf5eaa464a87dc60b495e3e2767086ec0b6564fdd7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE6A96E470DBFB48FF42FDAF5EAA464A87DC60B495E3E2767086EC0B6564FDD7"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11922
Expires: Thu, 27 Oct 2022 23:10:55 GMT
Date: Thu, 27 Oct 2022 19:52:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 38be39969611eb137b29488b446d1ef4
379b4d332444158157b510736f84e882ba60ea1a
b8a597eb19faaac4ec26b8e4bf00b942ec66f72f4d9f2a4bc50f477eee28f94e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8A597EB19FAAAC4EC26B8E4BF00B942EC66F72F4D9F2A4BC50F477EEE28F94E"
Last-Modified: Wed, 26 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21559
Expires: Fri, 28 Oct 2022 01:51:32 GMT
Date: Thu, 27 Oct 2022 19:52:13 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: G24D3rj3IKAdParAhzk103owUa7IBqL6pFy6M9dQhOaEjtHOF6z72Fn6qquNGpN2WgWg6RQl5Nw=
x-amz-request-id: M79RT36F1A1X52P3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 27 Oct 2022 19:39:45 GMT
age: 748
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:52:13 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d72d2f5d05f03753594e43fd34398221
ac6795c1c33f3fa2139e7f8dc601c3e6de6029a5
036c965156cf07faecc342cb2e30b7a20def68ad4a10423951ce871a7a3a6777
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5434
Cache-Control: max-age=135909
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:52:14 GMT
Etag: "635a3c19-1d7"
Expires: Sat, 29 Oct 2022 09:37:23 GMT
Last-Modified: Thu, 27 Oct 2022 08:06:49 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.213.92.18101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.213.92.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 79mmmgYHgWrNnvT666+tkA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dJYC0AQcqMCNVkco398k2TJwyeE=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5452
Expires: Thu, 27 Oct 2022 21:23:07 GMT
Date: Thu, 27 Oct 2022 19:52:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5452
Expires: Thu, 27 Oct 2022 21:23:07 GMT
Date: Thu, 27 Oct 2022 19:52:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5452
Expires: Thu, 27 Oct 2022 21:23:07 GMT
Date: Thu, 27 Oct 2022 19:52:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5452
Expires: Thu, 27 Oct 2022 21:23:07 GMT
Date: Thu, 27 Oct 2022 19:52:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91ee720c15dc69de45080d0c951353af
5292b31a99d90bcb7071f327b93d52034bdf9dcb
7fbe9f0f6db08fd539f2e8d4ac22e3b4d5ca14f7cde69f8424cce8b361d026e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4524
x-amzn-requestid: a493efe7-11c7-4032-b36b-7f838f8180bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aljicH_6IAMFqpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63587fa9-0f15eae7680ea7b15e5e47ec;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 00:30:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OV7g4Y4fcQGijljebzHQtnpKdcPKw6LTxqORxxBJL2lFPYQLLoyNuQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 00:44:24 GMT
age: 68871
etag: "5292b31a99d90bcb7071f327b93d52034bdf9dcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c92c49279a7704d715e50836676d1abb
3092b4dbd87f7e5a2eff65c463da9c5103ff748a
6941145d63e68abf0f20081517faa4082eed3c59f8b8a69066f70b29d90fd355
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4709
x-amzn-requestid: c2923a57-57c4-4d62-83bc-e4c8b61aa2bd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aocuiGeeIAMF9Dg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359a7f6-7e47cfe804e333cc540f162a;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:34:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: M72Vjcyc06ihmWcqr2_Xrk8dGcC5pCoDidg5rhtRkVddavcUFE6G6w==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:47:37 GMT
etag: "3092b4dbd87f7e5a2eff65c463da9c5103ff748a"
content-type: image/jpeg
age: 79478
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F577b3c1d-3b6e-4105-8d19-8557bacffa02.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F577b3c1d-3b6e-4105-8d19-8557bacffa02.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ded5eb41644bfe7ea87cff5ab0d79f0
9b13eca2d768277b92c05a8a82743018489783a6
3de7fcc3e9c8a107e4c5d6e59506ec71e68129a8351e47af63930873775ac3f9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F577b3c1d-3b6e-4105-8d19-8557bacffa02.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15768
x-amzn-requestid: ab678277-5d12-4ae2-9af7-f15fab294657
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aRoclEbBoAMFz9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63508783-344a14d17bfcd6b12ffe02b0;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 23:25:55 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: AgS3Yq-WCRRnFvCxMcwq13lQz8cGvvdwZ51C3H0szmB0iyZLb9mf-A==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:58:12 GMT
age: 78843
etag: "9b13eca2d768277b92c05a8a82743018489783a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fe841-b0a7-4f17-8713-d982fcedd316.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fe841-b0a7-4f17-8713-d982fcedd316.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27838ba1a0dc8484cc39e787b1e35c24
317f858e36816c2605e0ca91fd7ba60896bc082d
f5b148a13cdcdf31e83ba5db3da139f581778d8b843b8f59ab0c9f08990d0374
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fe841-b0a7-4f17-8713-d982fcedd316.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6306
x-amzn-requestid: c5a693a2-df65-4c7a-a755-133e0dbf14e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apW_tHDGoAMFp2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a0531-72afd432100cd0117ec18934;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 04:12:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NHW-9SOjQC6lVwPls0OvxKPmyyvXjVp-k6Ht5Jhn6MHbu4lAXbvo-Q==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 04:38:42 GMT
age: 54813
etag: "317f858e36816c2605e0ca91fd7ba60896bc082d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabc32527-e3a5-4250-9792-7b6bceea4bac.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabc32527-e3a5-4250-9792-7b6bceea4bac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e307787eef6193fe4988367feb5e07d9
f50d8270aeb43fb15457d961f925cf2b38060240
d69ba1c958614a831462b81a046bb6a59e353db0b63d23b060b84df124057452
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabc32527-e3a5-4250-9792-7b6bceea4bac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9256
x-amzn-requestid: 25249b1e-6ef4-432c-b370-a645259c0727
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aoeDVHAyIAMFo9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359aa15-73f252de0cc8d8246183f658;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:43:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V7UFjzwuVqIZJiJg_Q3BWuSd8B_aghBauo7NYg2EYT3MDme-jggsYA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 22:11:54 GMT
age: 78021
etag: "f50d8270aeb43fb15457d961f925cf2b38060240"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2193431d88baf9af6829421cd13743ff
a192ab139ad0dc5cf206986eb06028ddad224e46
c535e09fb4a53ca580f5f5926d1494c50b6ad6c7c9ec78df6b7015213852b737
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9720
x-amzn-requestid: 6b4749ca-bcb9-4274-a309-e6d463851a6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aV_n6FOSIAMFroA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63524632-56186f1f2a0bf68f6dba843b;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 07:11:46 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DjRLNrY4BFc3GwHGBW40LIyh-RYT3hshdKPxXok4KE97fGvatXN6yQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 11:05:53 GMT
age: 31582
etag: "a192ab139ad0dc5cf206986eb06028ddad224e46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f046e6113dd1e5e499c765516be08b17
c2253055e09b46209469853cad8720e64f84a1bf
18663a8f0b5d4d7581b771da6c2dc897bc2b82d51d7dac1a56d22f9bebab6fb3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:52:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4cdf16c5333628708fae7b304303fc48
23654b66838aa89e8b975a9e6c0251d2f8f18366
6f3935f102b0dcfee703eb07abcf04d9181fdfe13fae4d7566aed743a00beb9c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:52:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-158043906-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-158043906-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1588)
Hash 0dcb40b597f6258848a3b2c3c4fed002
1c919d2744a99d848a8db152ff14c573e9c26260
48295277adb8f1f1c5c5b9c796aa10cd390fe8948dae973b1c927f19b2aa7407
GET /gtag/js?id=UA-158043906-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 27 Oct 2022 19:52:17 GMT
expires: Thu, 27 Oct 2022 19:52:17 GMT
cache-control: private, max-age=900
last-modified: Thu, 27 Oct 2022 19:15:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43635
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash a63ea2903767bb46326d85331e42e34e
b113b248df6025ed117551b7baa1960316122415
4ba54e12a06237d2c396d93e1cf9513b066074df9993ee408ee2bfb365c5f3c6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:52:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ebf576a8883ec7320a5abfe95c1d2abb
11da08de468be30e4cf71bdfa66b0f6d32516476
6366a880d911a4445e2cd2d935836583f84ac79385961c3d9c747484ba373e1c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:52:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.nuancedigital.qa/wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/css/mainstyles.css?ver=3.14
119.18.49.15200 OK 1.1 kB URL HTTP/2 www.nuancedigital.qa/wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/css/mainstyles.css?ver=3.14
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 8847b200fc704c7988394ea77782bde2
551fab44123fc5f7961a5a84588966c783ce87e3
85b39cbc5a36fade0471524bf993cd6bfbbb4e6ca6a0d7a78dae5646f2c50119
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/css/mainstyles.css?ver=3.14 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 14 Oct 2022 11:13:02 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1128
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4cdf16c5333628708fae7b304303fc48
23654b66838aa89e8b975a9e6c0251d2f8f18366
6f3935f102b0dcfee703eb07abcf04d9181fdfe13fae4d7566aed743a00beb9c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:52:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.nuancedigital.qa/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
119.18.49.15409 Conflict 83 B URL HTTP/2 www.nuancedigital.qa/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?render=6LeKfV4hAAAAAH9LosYloXkfiIrLxuan9GacUhUW&ver=3.0
142.250.74.164200 OK 583 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LeKfV4hAAAAAH9LosYloXkfiIrLxuan9GacUhUW&ver=3.0
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 33186748a005610c7cabe7ccd6536904
7883cb01be294fdd83b8e98214bd804fc556dc96
72340b584d1ec747b324db26e20e66b678ac0403c88ce5abc0a8b9d25c6bf27d
GET /recaptcha/api.js?render=6LeKfV4hAAAAAH9LosYloXkfiIrLxuan9GacUhUW&ver=3.0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Thu, 27 Oct 2022 19:52:17 GMT
date: Thu, 27 Oct 2022 19:52:17 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 583
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/icofonts.css?ver=1.0
119.18.49.15200 OK 2.8 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/css/icofonts.css?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash ad600c029011eb73b9f831da130ecc2f
8fffc0b17e569eb9d3e36388575f21d22cc63955
ded108f92cd277eeb2a63b5f5b9da6b5e4f4b94979cfbe2c31fc7c3542f56c61
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/css/icofonts.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:16 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2759
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/xs_main.css?ver=1.0
119.18.49.15200 OK 9.5 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/css/xs_main.css?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type assembler source, Unicode text, UTF-8 text, with very long lines (684), with CRLF line terminators
Hash 179bdd070659c26e9152096b0fcd2820
bc5b29b80d3e1ed29040bb0f72ad5631c146a858
7552604a734c43252a556ca54af70c499189ade0ca9d3b236224f368bb7aa14c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/css/xs_main.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:14 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 9506
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-includes/css/dist/block-library/style.min.css?ver=5.9.5
119.18.49.15200 OK 11 kB URL HTTP/2 www.nuancedigital.qa/wp-includes/css/dist/block-library/style.min.css?ver=5.9.5
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (39791), with CRLF line terminators
Hash 2dd8a0297bf78fdbcff7f8eea01499e7
a658a36f395090c19e28a23d923aac41f6902ed8
4c37d1af1d16942416317e69e36ecc76f58d9613345438ad0b68750e992134e1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.9.5 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 25 Aug 2022 23:43:24 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 11102
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 26e60c83d7af169687cbd74f7ca924e0
00f7ceb935fe1cc423f95718a04076e4f5eca150
a041e2901d418b289c3129ce7c07a66e598f6d3ac076732635b0a9ac6fbabb89
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:52:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/blog-style.css?ver=1.0
119.18.49.15200 OK 5.6 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/css/blog-style.css?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type assembler source, ASCII text, with CRLF line terminators
Hash 8f549493473cb739b946f94bf3da6e98
82b717e07877d0df51be117bbf18d3fb90aff958
44b165e2a7dc38577885ac1d0bf31613599d88114ca64ac5056cc2ee4a32da35
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/css/blog-style.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:18 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 5603
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
119.18.49.15200 OK 6.9 kB URL HTTP/2 www.nuancedigital.qa/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (30837)
Hash 10bb8483b915813f543677f506467ff6
5b385098d3d633235f9a5c731985a43c9125df6d
970d86b37614a80420b44ba9fd03939bdab9bf323e543f2bcb0f55c4a3fae711
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 02 Oct 2022 23:48:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 6928
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/bootstrap.min.css?ver=1.0
119.18.49.15200 OK 19 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/css/bootstrap.min.css?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (65313), with CRLF line terminators
Hash 7ae6f6409229ffd0b8131ef18e24fa88
e5ea25c6167a22b2faad298cfe820c122508dc1c
ab8e9cda5fcbbc15b4def58e38a483f361fccd49fbcd6ec43795dd027202a21c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/css/bootstrap.min.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:18 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 19389
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/owltheme.css?ver=1.0
119.18.49.15200 OK 616 B URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/css/owltheme.css?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 233b2eaafce1b242f64f65e13d82a51e
65b86daacde29a575f024f908243ebc36e6cbd9f
50ea60ae45a8291bbe45914c6c18987cfcb6d3ce4d61ffaad11b2f631d8da279
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/css/owltheme.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:14 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 616
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/owlcarousel.min.css?ver=1.0
119.18.49.15200 OK 1.1 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/css/owlcarousel.min.css?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 64f3cfc95d56f68bfd4484c19cc9e353
dd7804a382cc04681a8dd04ef2698c047d1b665c
e5881c2d80b9ca505518c643b2eccfbc3bc2973e275b541d74cd7fb382815919
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/css/owlcarousel.min.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:16 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1099
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
119.18.49.15409 Conflict 83 B URL HTTP/2 www.nuancedigital.qa/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
119.18.49.15409 Conflict 83 B URL HTTP/2 www.nuancedigital.qa/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/plugins/creame-whatsapp-me/public/js/joinchat-lite.min.js?ver=4.5.11
119.18.49.15200 OK 1.2 kB URL HTTP/2 www.nuancedigital.qa/wp-content/plugins/creame-whatsapp-me/public/js/joinchat-lite.min.js?ver=4.5.11
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (2805), with no line terminators
Hash 3601d44f46e37447a4fc4ba44632303d
79799ef5fa9ec1c5caae68c1707ee43e9be30a33
174054f41cd0f24dffa8f946aab79778ac34c13bcc55eae47335136e606ae2f6
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/creame-whatsapp-me/public/js/joinchat-lite.min.js?ver=4.5.11 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 24 Oct 2022 20:39:13 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1235
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/responsive.css?ver=1.0
119.18.49.15200 OK 2.4 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/css/responsive.css?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 42e16ad716ebe0106f6118603aa4da60
223b36639cdbd4eb4a6c4fb22b99399e5d9441de
22b20d8734353f22bf729f34f9e1d7bcb362c773fc3a2f2e36d164e0d280e9b8
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/css/responsive.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:14 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2444
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.6.4
119.18.49.15409 Conflict 83 B URL HTTP/2 www.nuancedigital.qa/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.6.4
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.6.4 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/style.css?ver=1.0
119.18.49.15200 OK 15 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/css/style.css?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (317), with CRLF line terminators
Hash 1752631c85b2df9682b765d1dae4e02f
10b59327bd881d367fdee1603ae8904aa5f37986
9f53921f95d3fcb716f1e1a950988d2eaf211fd9e1d1c3de0cebf65fbdf19512
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/css/style.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:14 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 15361
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/uploads/2018/10/nuance-qatar_logo.png
119.18.49.15200 OK 7.5 kB URL HTTP/2 www.nuancedigital.qa/wp-content/uploads/2018/10/nuance-qatar_logo.png
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 168 x 87, 8-bit/color RGBA, non-interlaced\012- data
Hash ba262fa05931971a0ceb3a11a494213b
cb40c892e33c6cc38172ae66542b8d7e37388e91
88fe5b1baee8985545b765936581ebcdf1ac213dc4d898b7346bcad890356c7a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/nuance-qatar_logo.png HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 00:20:42 GMT
accept-ranges: bytes
content-length: 7461
cache-control: max-age=10368000, public
expires: Fri, 24 Feb 2023 19:52:18 GMT
vary: Accept-Encoding
content-type: image/png
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/uploads/2018/10/icon-3.png
119.18.49.15200 OK 797 B URL HTTP/2 www.nuancedigital.qa/wp-content/uploads/2018/10/icon-3.png
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced\012- data
Hash b6c780756cad2358567c8d8a3f168d22
72f37c6012a3f0fd6a11afa583dae5918019784c
24cb523547a02be0509e347ba103985674a69c05d59023993f5e2500bb64ac5d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/icon-3.png HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 00:21:00 GMT
accept-ranges: bytes
content-length: 797
cache-control: max-age=10368000, public
expires: Fri, 24 Feb 2023 19:52:18 GMT
vary: Accept-Encoding
content-type: image/png
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/img/whatsapp-logo-32x32.png
119.18.49.15200 OK 1.1 kB URL HTTP/2 www.nuancedigital.qa/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/img/whatsapp-logo-32x32.png
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash 247951a528f1c654c378b1cc02161528
e64a22682d119c5822b22202540bc515b6f7280d
e49970c0e24a6903f017792add41cc37f9a7b6b782c1bcca138351de51fffcf2
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/img/whatsapp-logo-32x32.png HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 14 Oct 2022 11:13:02 GMT
accept-ranges: bytes
content-length: 1148
cache-control: max-age=10368000, public
expires: Fri, 24 Feb 2023 19:52:18 GMT
vary: Accept-Encoding
content-type: image/png
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
119.18.49.15200 OK 2.4 kB URL HTTP/2 www.nuancedigital.qa/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (6494), with no line terminators
Hash ac8e3264bbf056252840769d80367138
f39423d928ac13e06b2f70a1c568ff53c55db038
10d1fb39911c03d5ea6da7330e723a4cde477907297dba5ea01d0c9a837950a8
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 25 Aug 2022 23:47:26 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2419
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/uploads/2018/10/logo2.png
119.18.49.15200 OK 4.8 kB URL HTTP/2 www.nuancedigital.qa/wp-content/uploads/2018/10/logo2.png
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 168 x 92, 8-bit/color RGBA, non-interlaced\012- data
Hash df284b466c6d87eee8f72433fca40d50
30096648e9023b490a75f0b239443fc43c601cf3
3fdb8b3a2d6b832564cdb97421448a8f65db9e3be03d6bac5bf274e9619b2412
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/10/logo2.png HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 00:21:00 GMT
accept-ranges: bytes
content-length: 4798
cache-control: max-age=10368000, public
expires: Fri, 24 Feb 2023 19:52:18 GMT
vary: Accept-Encoding
content-type: image/png
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/popper.min.js?ver=1.0
119.18.49.15200 OK 6.9 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/js/popper.min.js?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (19063), with CRLF line terminators
Hash 83e880ec744b6310580a06ce6cd62911
1bf6ac4e9f8f9f72891844361491c690b6322a39
4b1a69e52d1c97532b1a5df36ccaed1c279e17b5130a7e431d2494e80eae36c3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/js/popper.min.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:50 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 6934
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/images/404.png
119.18.49.15200 OK 13 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/images/404.png
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Hash 5ca787a3e8f3dcf9102736946d22414d
02c4bec7be7862712f4f3c602d69da39a7784eda
2c2b76caa8a99e0fe29c95d216514c6ba3117773d2a3f07b69e8dacd0e831c96
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/images/404.png HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:32 GMT
accept-ranges: bytes
content-length: 13040
cache-control: max-age=10368000, public
expires: Fri, 24 Feb 2023 19:52:18 GMT
vary: Accept-Encoding
content-type: image/png
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10
119.18.49.15200 OK 2.6 kB URL HTTP/2 www.nuancedigital.qa/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (6210), with no line terminators
Hash dfcc74301f163fabd32e3256b91ba54e
3e861de3c9a7d5638eb7da2274f50274cde6cc0c
0611e07de6e96239da5373ee60ec187406e535614413b431c823fa3c21ecf8d7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 11:45:12 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2559
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/waypoints.min.js?ver=1.0
119.18.49.15200 OK 2.8 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/js/waypoints.min.js?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Unicode text, UTF-8 text, with very long lines (8863), with CRLF, CR line terminators
Hash 1ebf7b707b98230c03e4836a7509891b
85d65472bad2ec4c4a6312786a1de063aaf708bb
e10e4bd73626f4bdfa72da15e2f911d7b48dd7cc99b73dd7acd355a34de51375
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/js/waypoints.min.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:48 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2758
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1
119.18.49.15200 OK 3.2 kB URL HTTP/2 www.nuancedigital.qa/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (1577)
Hash 44fccb0d9f8f584ed10c013605467d64
898b00892bf7d05701de0a85f40ebf97be2ec195
c363b81fb2b98243ca5f0f43b885c46e5d15b8402355045678fbbc5aea2e290b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 24 Oct 2022 20:39:00 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3243
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
119.18.49.15200 OK 4.2 kB URL HTTP/2 www.nuancedigital.qa/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (11126), with CRLF line terminators
Hash 7ae57a61a2e13e8cbd699c3ca7dc104c
28db5d970b82f96ebd180501a227cfc897db1c15
0454c42f651f80d5cf0beed15346df03f7c0c5214bc24f7be350926cf72dab1f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 25 Aug 2022 23:47:50 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4170
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
nuancedigital.qa/omr/tuich
119.18.49.15301 Moved Permanently 15 kB URL HTTP/2 nuancedigital.qa/omr/tuich
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, CR, LF line terminators
Hash 4352e8bab8df84fdc6b3741ea01287b9
8f23870b193c90eef73e4beb8270faad19d63f89
594e10d4e2d559b12bbf79f09b7bf115bba5f6634c585ab29d8c0b996b75ee54
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /omr/tuich HTTP/1.1
Host: nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
date: Thu, 27 Oct 2022 19:52:14 GMT
server: Apache
content-type: text/html; charset=UTF-8
pragma: no-cache
expires: Thu, 27 Oct 2022 20:52:16 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
content-encoding: gzip
vary: Accept-Encoding
location: https://www.nuancedigital.qa/omr/tuich
x-server-cache: true
x-proxy-cache: MISS
set-cookie: PHPSESSID=ac187f10b9fb53130e1f8522df6c7dfb; path=/; secure; HttpOnly
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/easy-pie-chart.js?ver=1.0
119.18.49.15200 OK 3.2 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/js/easy-pie-chart.js?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 310e1132d5a4c131de8498348a17b119
ca44877f372459cefa119458a311dacda36be5cb
18d108493cb0df4a97d6c250cd94cccbfb71721e40aa6c1b479d1c470291dd05
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/js/easy-pie-chart.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3151
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/jquery.counterup.min.js?ver=1.0
119.18.49.15200 OK 578 B URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/js/jquery.counterup.min.js?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (917), with CRLF line terminators
Hash 306ea69c876201ec32a9562f18b9d673
96c0dfa4df03cd823476b46668ab47463c9169f3
2dadb57bba327dc006803a8ec08cf1d0e96f298b5cafaf2c3c9db12e3af96c4f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/js/jquery.counterup.min.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:54 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 578
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/jquery.magnific.popup.js?ver=1.0
119.18.49.15200 OK 12 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/js/jquery.magnific.popup.js?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash fbffb19d2a000fad9cdd98cbaa67862c
5f425721e4451fdf8d651c9a02c41237414d4924
8f8f3cce4e896a11485fbaa865e83069b05deafc363bd12212bb94d6f49c4f11
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/js/jquery.magnific.popup.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 12534
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/main.js?ver=1.0
119.18.49.15200 OK 1.8 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/js/main.js?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 680edaa6fe8c547d6bf8144b98d8e8e8
6faee2d6b4ecf77bb8209b13694d5d37e8ffe303
87a401dac6a685cee42e32df084a8e18640592bb942e89cb424f057848e841d4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/js/main.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1815
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/bootstrap.min.js?ver=1.0
119.18.49.15200 OK 13 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/js/bootstrap.min.js?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (48664), with CRLF line terminators
Hash 73f2203bd353fd59966ceebed2652736
94ac0edd49cb400696c0a4382a84cf90c3f2c359
ac6fae8fe4e03cd6f2e412e77a8f933e9265bf8e8bf66aa254b2baf89cd9fb50
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/js/bootstrap.min.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 13053
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
119.18.49.15200 OK 7.0 kB URL HTTP/2 www.nuancedigital.qa/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Unicode text, UTF-8 text, with very long lines (19111), with CRLF line terminators
Hash 513d386f3ea04b4d90da8141fa23486d
8b6cca81735851650d01b191f077db828253b4f6
acf50f3a373d61fbf20db09e2ff78cbc44d3d93b1b4e27cf6afb4e6b964286e3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 25 Aug 2022 23:47:18 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 6995
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/owl.carousel.min.js?ver=1.0
119.18.49.15200 OK 12 kB URL HTTP/2 www.nuancedigital.qa/wp-content/themes/geobin/assets/js/owl.carousel.min.js?ver=1.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (2290), with CRLF line terminators
Hash ac7e1ceda06035a69c9a41e3731495cd
06b417e59286f7a7c4327cc80cf6011836cbe597
c166b0cab723e401b86b68f5b2d156093a19f9d3ded93c25031ad54245b21f2e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/geobin/assets/js/owl.carousel.min.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 11753
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.nuancedigital.qa/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
119.18.49.15200 OK 31 kB URL HTTP/2 www.nuancedigital.qa/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 119.18.49.15:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (65446), with CRLF line terminators
Hash 4273e0f3804379368199587af3d87eb6
8ae8a3c9ae43e44e71e858d8c48378f5b321264f
f9f127c9c85ab75b0125438cb9266fef325828162833841c4e0c8ba47dd06e30
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/tuich
Cookie: PHPSESSID=174212c890dcf5e189913ecc46eaa099
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 25 Aug 2022 23:47:46 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:52:18 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 30835
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:52:18 GMT
server: Apache
X-Firefox-Spdy: h2
away.cdnbestplatform.com/go.php?id=3245467-34-56736-11
91.211.91.104200 OK 404 B URL HTTP/2 away.cdnbestplatform.com/go.php?id=3245467-34-56736-11
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5b2c5324b0e501838391089ab4f9352b
0503793e9e2c7531ba79fdab7fd62ca86c0b745e
0e55fdce5774c28d5a7800614ea15c83ea0f73b2fdb6bf092ae634570a036a45
GET /go.php?id=3245467-34-56736-11 HTTP/1.1
Host: away.cdnbestplatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:52:20 GMT
content-type: text/html; charset=UTF-8
content-length: 404
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b81df664e71e3e9cb51c96b0640b2be
3429c9b05dccb34d7c3ff7a2f23d590913972840
9f7e1718c97909b3644baaad4bc9831ba486999646b855ddb5512712c3bfc92d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9F7E1718C97909B3644BAAAD4BC9831BA486999646B855DDB5512712C3BFC92D"
Last-Modified: Wed, 26 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4518
Expires: Thu, 27 Oct 2022 21:07:38 GMT
Date: Thu, 27 Oct 2022 19:52:20 GMT
Connection: keep-alive
groundflares.net/b91698fd2.js
185.177.94.152200 OK 56 B URL HTTP/2 groundflares.net/b91698fd2.js
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 01fedb484c76c86eb5bafcc15b97bddc
aa3d7fba2de0e16f69798d6dc6e77d2765a90455
93f23f64c6e14a7778241254ad90d49a38dfe406afdd5e0e223064613572d40f
Analyzer Verdict Alert fortinet Phishing
GET /b91698fd2.js HTTP/1.1
Host: groundflares.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=934fa9f5-e80e-47a3-ab46-5dc9050217e4
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:52:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 56
last-modified: Thu, 13 Oct 2022 01:01:02 GMT
etag: "6347634e-38"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
groundflares.net/favicon.ico
185.177.94.152204 No Content 0 B URL HTTP/2 groundflares.net/favicon.ico
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: groundflares.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groundflares.net/go/mu4genjugq5dcmjrhe3a?sub2=speedm2
Cookie: uuid=934fa9f5-e80e-47a3-ab46-5dc9050217e4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 27 Oct 2022 19:52:20 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
new.weatherplllatform.com/pick.js?v=7.77.3
91.211.91.114200 OK 1.5 kB URL HTTP/2 new.weatherplllatform.com/pick.js?v=7.77.3
IP 91.211.91.114:0
ASN #206638 PE Brezhnev Daniil
Hash af659d17089447ab4a23a6e1a3c488c9
87d19204c16a423b4e2c5de85ec0e3a14d84470c
630ff1d924bb6b2a9bfa91cb0da0fca0cfd9430cbbf76e0e0f995781ab502c37
GET /pick.js?v=7.77.3 HTTP/1.1
Host: new.weatherplllatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:52:19 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 27 Oct 2022 17:28:29 GMT
vary: Accept-Encoding
etag: W/"635abfbd-921"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2
0.groundflares.net/b91698fd2.js
185.177.94.152200 OK 56 B URL HTTP/2 0.groundflares.net/b91698fd2.js
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 01fedb484c76c86eb5bafcc15b97bddc
aa3d7fba2de0e16f69798d6dc6e77d2765a90455
93f23f64c6e14a7778241254ad90d49a38dfe406afdd5e0e223064613572d40f
Analyzer Verdict Alert fortinet Phishing
GET /b91698fd2.js HTTP/1.1
Host: 0.groundflares.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=934fa9f5-e80e-47a3-ab46-5dc9050217e4; uuid=934fa9f5-e80e-47a3-ab46-5dc9050217e4
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:52:21 GMT
content-type: application/javascript; charset=utf-8
content-length: 56
last-modified: Thu, 13 Oct 2022 01:01:02 GMT
etag: "6347634e-38"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
0.groundflares.net/favicon.ico
185.177.94.152204 No Content 0 B URL HTTP/2 0.groundflares.net/favicon.ico
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 0.groundflares.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.groundflares.net/index.php?p=mu4genjugq5dcmjrhe3a&sub2=speedm2
Cookie: uuid=934fa9f5-e80e-47a3-ab46-5dc9050217e4; uuid=934fa9f5-e80e-47a3-ab46-5dc9050217e4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 27 Oct 2022 19:52:21 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7d52cbb39ffdcc116fd4a21985a15dff
325c401dfe5becd4a3fe5e4ba5c13fe4449d89aa
fd0bbf09506c6d5f1e5fd7917d09027b992bc2929f3d73fb32cba5e2c5c83eff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD0BBF09506C6D5F1E5FD7917D09027B992BC2929F3D73FB32CBA5E2C5C83EFF"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3793
Expires: Thu, 27 Oct 2022 20:55:34 GMT
Date: Thu, 27 Oct 2022 19:52:21 GMT
Connection: keep-alive
groundflares.net/go/mu4genjugq5dcmjrhe3a?sub2=speedm2
185.177.94.152200 OK 12 kB URL HTTP/2 groundflares.net/go/mu4genjugq5dcmjrhe3a?sub2=speedm2
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7724)
Hash 1238d6c10c3590a27a42f675f13da664
8b5a9dbf9478ac984546295270eac24027a7a706
bbbc629a1ca6473e5d381b65e4639529480398299e220ab3546a4e3b87c55414
Analyzer Verdict Alert fortinet Phishing
GET /go/mu4genjugq5dcmjrhe3a?sub2=speedm2 HTTP/1.1
Host: groundflares.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.cdnbestplatform.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:52:20 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=934fa9f5-e80e-47a3-ab46-5dc9050217e4; expires=Sat, 26-Nov-2022 19:52:20 GMT; Max-Age=2592000; path=/; domain=groundflares.net
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
broworker4s.com/sw/bro.js
212.129.18.219200 OK 0 B URL HTTP/2 broworker4s.com/sw/bro.js
IP 212.129.18.219:0
GET /sw/bro.js HTTP/1.1
Host: broworker4s.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.groundflares.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:52:21 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Fri, 27 Oct 2023 19:52:21 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Nunito%3A%2C800%7CAsap%3Aitalic%2C500italic
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Nunito%3A%2C800%7CAsap%3Aitalic%2C500italic
IP 142.250.74.10:0
GET /css?family=Nunito%3A%2C800%7CAsap%3Aitalic%2C500italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 27 Oct 2022 19:52:17 GMT
date: Thu, 27 Oct 2022 19:52:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
di4.biz/?auf=g5rggyzrgm5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrwgy4tambtgqyq&p=b&sub1=&sub2=speedm2&sub3=&sub4=&cpc=0&cpm=0
185.177.92.179200 OK 0 B URL HTTP/2 di4.biz/?auf=g5rggyzrgm5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrwgy4tambtgqyq&p=b&sub1=&sub2=speedm2&sub3=&sub4=&cpc=0&cpm=0
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /?auf=g5rggyzrgm5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrwgy4tambtgqyq&p=b&sub1=&sub2=speedm2&sub3=&sub4=&cpc=0&cpm=0 HTTP/1.1
Host: di4.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.groundflares.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:52:21 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=f251615c-0a1c-4d45-acd0-c1782eb31c1c; expires=Sat, 26-Nov-2022 19:52:21 GMT; Max-Age=2592000; path=/
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2