Overview

URLtheturfman.com.au/tur/index.php?qbot.zip
IP 43.250.140.13 (Australia)
ASN#45638 SYNERGY WHOLESALE PTY LTD
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-17 21:28:11 UTC
StatusLoading report..
IDS alerts0
Blocklist alert20
urlquery alerts No alerts detected
Tags None

Domain Summary (8)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
r3.o.lencr.org (7) 344 No data No data 23.36.77.32
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-17 05:55:30 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-17 05:55:20 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.191.210.155
theturfman.com.au (7) 0 2020-05-28 14:21:53 UTC 2022-11-16 22:48:37 UTC 43.250.140.13 Unknown ranking

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-17 2 theturfman.com.au/tur/index.php?qbot.zip Malware
2022-11-17 2 theturfman.com.au/tur/?qbot.zip Malware
2022-11-17 2 theturfman.com.au/_autoindex/assets/js/tablesort.js Malware
2022-11-17 2 theturfman.com.au/_autoindex/assets/js/tablesort.number.js Malware
2022-11-17 2 theturfman.com.au/_autoindex/assets/icons/corner-left-up.svg Malware
2022-11-17 2 theturfman.com.au/_autoindex/assets/icons/file.svg Malware

mnemonic secure dns
Scan Date Severity Indicator Comment
2022-11-17 2 theturfman.com.au Sinkholed
2022-11-17 2 theturfman.com.au Sinkholed
2022-11-17 2 theturfman.com.au Sinkholed
2022-11-17 2 theturfman.com.au Sinkholed
2022-11-17 2 theturfman.com.au Sinkholed
2022-11-17 2 theturfman.com.au Sinkholed
2022-11-17 2 theturfman.com.au Sinkholed

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-17 2 theturfman.com.au Sinkholed
2022-11-17 2 theturfman.com.au Sinkholed
2022-11-17 2 theturfman.com.au Sinkholed
2022-11-17 2 theturfman.com.au Sinkholed
2022-11-17 2 theturfman.com.au Sinkholed
2022-11-17 2 theturfman.com.au Sinkholed
2022-11-17 2 theturfman.com.au Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 43.250.140.13
Date UQ / IDS / BL URL IP
2022-11-24 14:48:35 +0000 0 - 0 - 3 carryordrag.com.au/aaaa.zip 43.250.140.13
2022-11-18 23:33:03 +0000 0 - 0 - 3 carryordrag.com.au/ll/index.php?qbot.zip 43.250.140.13
2022-11-18 23:24:12 +0000 0 - 0 - 13 theturfman.com.au/so/index.php?qbot.zip 43.250.140.13
2022-11-18 23:00:44 +0000 0 - 0 - 13 theturfman.com.au/tur/index.php?qbot.zip 43.250.140.13
2022-11-17 21:28:11 +0000 0 - 0 - 20 theturfman.com.au/tur/index.php?qbot.zip 43.250.140.13


Last 5 reports on ASN: SYNERGY WHOLESALE PTY LTD
Date UQ / IDS / BL URL IP
2023-02-06 02:07:05 +0000 0 - 0 - 2 www.jlhuttelectrical.com.au/ 112.140.176.160
2023-02-05 04:25:14 +0000 0 - 3 - 1 vaughancivil.com.au/wp-content/uploads/syn06c (...) 43.250.142.50
2023-02-05 02:56:54 +0000 0 - 3 - 1 evolveretail.com.au/wp-content/uploads/typehu (...) 103.42.110.3
2023-02-05 00:38:06 +0000 0 - 2 - 1 evolveretail.com.au/wp-content/uploads/typehu (...) 103.42.110.3
2023-02-04 15:03:11 +0000 0 - 0 - 52 sportsstart.com.au/ 43.250.142.138


Last 5 reports on domain: theturfman.com.au
Date UQ / IDS / BL URL IP
2022-11-18 23:24:12 +0000 0 - 0 - 13 theturfman.com.au/so/index.php?qbot.zip 43.250.140.13
2022-11-18 23:00:44 +0000 0 - 0 - 13 theturfman.com.au/tur/index.php?qbot.zip 43.250.140.13
2022-11-17 21:28:11 +0000 0 - 0 - 20 theturfman.com.au/tur/index.php?qbot.zip 43.250.140.13
2022-11-17 20:48:54 +0000 0 - 0 - 20 theturfman.com.au/so/index.php?qbot.zip 43.250.140.13
2022-11-16 20:14:54 +0000 0 - 0 - 5 theturfman.com.au/tur/index.php?qbot.zip 43.250.140.13


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-11-18 23:00:44 +0000 0 - 0 - 13 theturfman.com.au/tur/index.php?qbot.zip 43.250.140.13
2022-11-16 20:20:12 +0000 0 - 0 - 5 piermontgroup.com.au/oa/index.php?qbot.zip 43.250.140.43
2022-11-16 20:14:54 +0000 0 - 0 - 5 theturfman.com.au/tur/index.php?qbot.zip 43.250.140.13
2022-11-18 23:24:12 +0000 0 - 0 - 13 theturfman.com.au/so/index.php?qbot.zip 43.250.140.13
2022-11-17 20:48:54 +0000 0 - 0 - 20 theturfman.com.au/so/index.php?qbot.zip 43.250.140.13

JavaScript

Executed Scripts (3)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (27)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6BCFA518476658128C1FB4EA2435C4E58531454CF97138DCE7ECE9DEF589AEAD"
Last-Modified: Wed, 16 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9574
Expires: Fri, 18 Nov 2022 00:07:34 GMT
Date: Thu, 17 Nov 2022 21:28:00 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1145
Cache-Control: 'max-age=158059'
Date: Thu, 17 Nov 2022 21:28:00 GMT
Etag: "63760d7b-1d7"
Last-Modified: Thu, 17 Nov 2022 21:08:55 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8B4040A645CEC1841A00A22765EB3A74978559DAF15C54BD4B41B6B48AAB7F95"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11000
Expires: Fri, 18 Nov 2022 00:31:20 GMT
Date: Thu, 17 Nov 2022 21:28:00 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: hA2INTUpyhzJfXCQRmUHqAA83Hx3GI7Dx4QpmNzb2HhMmBZCAPUgupw7rEOXslLFN9ap9CKVu9Y=
x-amz-request-id: S78TNAT6F93ZP5DM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 17 Nov 2022 21:15:18 GMT
age: 763
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 17 Nov 2022 20:44:57 GMT
cache-control: public,max-age=3600
age: 2584
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 17 Nov 2022 21:28:01 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 17 Nov 2022 21:25:01 GMT
cache-control: public,max-age=3600
age: 180
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1973
Cache-Control: max-age=130307
Date: Thu, 17 Nov 2022 21:28:01 GMT
Etag: "6375f9af-1d7"
Expires: Sat, 19 Nov 2022 09:39:48 GMT
Last-Modified: Thu, 17 Nov 2022 09:06:55 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xQUqnicVI9eQelYwpPkJ5Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.191.210.155
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ta3jXsRWMmxN1gD6fZTP/i/ZAq8=

                                        
                                            GET /tur/index.php?qbot.zip HTTP/1.1 
Host: theturfman.com.au
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         43.250.140.13
HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
                                        
x-powered-by: PHP/7.4.33
set-cookie: PHPSESSID=329ad3cd3581aab8323e94f8a108499e; path=/; secure
pragma: no-cache
expires: Thu, 17 Nov 2022 22:28:02 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
location: https://theturfman.com.au/tur/?qbot.zip
content-length: 0
date: Thu, 17 Nov 2022 21:28:02 GMT
server: LiteSpeed
vary: User-Agent
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2233
Expires: Thu, 17 Nov 2022 22:05:16 GMT
Date: Thu, 17 Nov 2022 21:28:03 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2233
Expires: Thu, 17 Nov 2022 22:05:16 GMT
Date: Thu, 17 Nov 2022 21:28:03 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2233
Expires: Thu, 17 Nov 2022 22:05:16 GMT
Date: Thu, 17 Nov 2022 21:28:03 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2233
Expires: Thu, 17 Nov 2022 22:05:16 GMT
Date: Thu, 17 Nov 2022 21:28:03 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2233
Expires: Thu, 17 Nov 2022 22:05:16 GMT
Date: Thu, 17 Nov 2022 21:28:03 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c125d22-7470-46da-85af-7621027dbe03.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8027
x-amzn-requestid: 9c8f833a-bc10-4899-aafb-b6068751f15d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bn08wGsOoAMFaSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637301eb-75b862d5320dfa553466860c;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 03:05:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uCpQ4_KnzebJIjDy2pgU-dAxiQwklQcai8HPgqdguUsOPJx1KaTUmA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 03:12:56 GMT
age: 65707
etag: "e63af885fa20dbd2a49ee44397d8f8c595b1cbcf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8027
Md5:    785c079072174860502c277b03f7743d
Sha1:   e63af885fa20dbd2a49ee44397d8f8c595b1cbcf
Sha256: f4d748e2e7b16f41af16e3f2450a4823af56dacaacaa7f1a9537f41186c64148
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: uCIDqd8Nb4t4d3VN-UZ8OufrweFvW-RQFc7ZZkkYy9KIZJOh7eQIDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:33:58 GMT
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
age: 86045
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6344
Md5:    a9d32fa3866dd741de610a61a93ad893
Sha1:   4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
Sha256: 4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b2f2035-e536-45fc-90d6-5a76f2b7a8f9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12337
x-amzn-requestid: e5851f2c-9353-4db3-be88-71858f396096
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bq3aYFwNoAMFiZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6374390f-2b174db41b890a7b37d44ace;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 01:12:47 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: TKWEtKtzjYSs-JejM2B-dc1x4nMKr0nnpsZ5c9ySCfnp5ul786zjZQ==
via: 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 12:00:45 GMT
age: 34038
etag: "fc4b5a6f389cf683c16e6c229e72b5bfdf9f00ed"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12337
Md5:    2bd274d60bc239b0328fe30a442ef2d9
Sha1:   fc4b5a6f389cf683c16e6c229e72b5bfdf9f00ed
Sha256: f32dab0bb88b93fe3fe49c0b0974cb14e6bdca88d2eaab2d8b9fc42d36ee0dc0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0be1985-4e6e-4cc3-9b6e-2fc0d94bc02b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5749
x-amzn-requestid: c67c9352-e777-417e-afe1-003d7a072e86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bkItcGfcoAMFzkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637187ef-670b63160b7d0cdf4a5b609e;Sampled=0
x-amzn-remapped-date: Mon, 14 Nov 2022 00:12:31 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: vFDS3_SNf5hbW8NAtNERJbS1jj29nWO0_GSIypgwlv7kymKieO8qNA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 08:44:38 GMT
age: 45805
etag: "0e18a8c51596c8a4d84a142a57ffe376294833cc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5749
Md5:    96b4478c098865b0d19738098db61d64
Sha1:   0e18a8c51596c8a4d84a142a57ffe376294833cc
Sha256: 9c9e433cf8f2167e4cfc3cff247eee85ebb9977e338e6e144acaea830db17c2c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11667
x-amzn-requestid: 4778d1bd-28c3-4665-89da-046e356087f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjyD1HE-oAMF0QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637163b1-53c7330c5fd36d3c4d9e6aed;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:37:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5zDWKjYmvVLCemXw5Swm2qkhw1mQtD5c07Fl7Krydo_XR5FFyHDu4Q==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 07:15:37 GMT
age: 51146
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11667
Md5:    032386e5c9dffff1ba1ee5e8a322d438
Sha1:   dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
Sha256: 0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5e6ba2a-6046-47f6-8da2-f2c9ea6dd2b8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9362
x-amzn-requestid: 859ecb2a-831d-48df-a769-4bd9e21941fa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brWuSF8hoAMFtVA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63746b28-737fcd2d0c4d85eb71bfc452;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 04:46:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: Vo_6vm8fGw7IFpQIB-rScZ4XQQah_5NtDelbOQFpXqLT2yevul9MnA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 17 Nov 2022 03:10:45 GMT
age: 65838
etag: "ae4692dccf90fa1a30119c95a1539ed8163e574f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9362
Md5:    7e2a2d21ac149d7cf783628b5e815702
Sha1:   ae4692dccf90fa1a30119c95a1539ed8163e574f
Sha256: 5e1ebb536daa764e1c906c60a7a36c0f67aa476e12bf9fe1fda07bf87bc1f299
                                        
                                            GET /tur/?qbot.zip HTTP/1.1 
Host: theturfman.com.au
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=329ad3cd3581aab8323e94f8a108499e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

search
                                         43.250.140.13
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
x-powered-by: PHP/7.2.34
content-length: 556
content-encoding: br
vary: Accept-Encoding
date: Thu, 17 Nov 2022 21:28:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (400)
Size:   556
Md5:    d536fc261facfa2b3cb3f6dfa4b2f81e
Sha1:   3fa422ddb3019d330aec9e64f4ab26106c4ea453
Sha256: 8148dca83f2ce6cb296de2071180a73cd7827b30d4ed5bf8f77ae47e27206117

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /_autoindex/assets/css/autoindex.css HTTP/1.1 
Host: theturfman.com.au
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theturfman.com.au/tur/?qbot.zip
Cookie: PHPSESSID=329ad3cd3581aab8323e94f8a108499e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         43.250.140.13
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Thu, 24 Nov 2022 21:28:03 GMT
last-modified: Tue, 15 Nov 2022 01:46:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1170
date: Thu, 17 Nov 2022 21:28:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1170
Md5:    fc2f7689496dd9f53adfc8947de492ae
Sha1:   7f7ef59700bedbb295acd0b8e50539bff030d00a
Sha256: 566282f53593ebd16cf016484c1f38f95ff6565574d46c8d87caa3b0ecb8c34d

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /_autoindex/assets/js/tablesort.js HTTP/1.1 
Host: theturfman.com.au
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theturfman.com.au/tur/?qbot.zip
Cookie: PHPSESSID=329ad3cd3581aab8323e94f8a108499e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         43.250.140.13
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Thu, 24 Nov 2022 21:28:03 GMT
last-modified: Tue, 15 Nov 2022 01:46:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2137
date: Thu, 17 Nov 2022 21:28:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2137
Md5:    4061751aab621fbf66bd8c9975b54b65
Sha1:   b31fe95ae110b753a6be4013ca839d3eebab203e
Sha256: 847c58748da4b464d0aefd9a64c96db346099634b808ce8c5eaa6d5f955cb36a

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /_autoindex/assets/js/tablesort.number.js HTTP/1.1 
Host: theturfman.com.au
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theturfman.com.au/tur/?qbot.zip
Cookie: PHPSESSID=329ad3cd3581aab8323e94f8a108499e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         43.250.140.13
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Thu, 24 Nov 2022 21:28:03 GMT
last-modified: Tue, 15 Nov 2022 01:46:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 322
date: Thu, 17 Nov 2022 21:28:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   322
Md5:    4247e6bb391c17a14c3760e0e161740f
Sha1:   db1b96b5f82c76287a0a5fb85e9bbfcbf104f3d0
Sha256: ec51501323424275368f90f8184547b8452c35724b32a374733e14e31c936f6f

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /_autoindex/assets/icons/corner-left-up.svg HTTP/1.1 
Host: theturfman.com.au
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theturfman.com.au/tur/?qbot.zip
Cookie: PHPSESSID=329ad3cd3581aab8323e94f8a108499e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         43.250.140.13
HTTP/2 200 OK
content-type: image/svg+xml
                                        
cache-control: public, max-age=604800
expires: Thu, 24 Nov 2022 21:28:03 GMT
last-modified: Tue, 15 Nov 2022 01:46:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 328
date: Thu, 17 Nov 2022 21:28:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   328
Md5:    ebde4f2d4e3ae55713c02284305cf3ed
Sha1:   c05f1442ce0a09037faf8c848e252d2cdb2b1d54
Sha256: 740595a25236c5cbc00bb7cecf1ae0eebe394c25ed75e7ec98b9e9a1e11a5ead

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /_autoindex/assets/icons/file.svg HTTP/1.1 
Host: theturfman.com.au
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://theturfman.com.au/tur/?qbot.zip
Cookie: PHPSESSID=329ad3cd3581aab8323e94f8a108499e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         43.250.140.13
HTTP/2 200 OK
content-type: image/svg+xml
                                        
cache-control: public, max-age=604800
expires: Thu, 24 Nov 2022 21:28:03 GMT
last-modified: Tue, 15 Nov 2022 01:46:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 354
date: Thu, 17 Nov 2022 21:28:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   354
Md5:    32e702b854daf4865cabf344db7132d9
Sha1:   779ecb4ef3ea30ceb032a78401752efdefdeae41
Sha256: 12395e68b9b1ec1b298db1ce6e6596a25d64c863373670e5dcfb6c6878e0e85a

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed