r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aabe410b4bbe4d8beb0e4561d3aa158e
e1788632902ddea62cdd9e7ad6009a75ffb69788
ad535e27b201e92670770b2b868c58f7c05633ec66490a41ef4592f062834c1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD535E27B201E92670770B2B868C58F7C05633EC66490A41EF4592F062834C1F"
Last-Modified: Wed, 09 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4711
Expires: Thu, 10 Nov 2022 18:34:52 GMT
Date: Thu, 10 Nov 2022 17:16:21 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a19a5555cc9ea92581b0cc504cb64345
01a86ce33d5eb33420ed76266360f32c62a96f31
9ebd48b4053bb4a7a27718670c44075b1f35d037be7fd16750fcbc3ffd68b18c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1937
Cache-Control: max-age=150423
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 17:16:21 GMT
Etag: "636cd2eb-1d7"
Expires: Sat, 12 Nov 2022 11:03:24 GMT
Last-Modified: Thu, 10 Nov 2022 10:31:07 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a19a5555cc9ea92581b0cc504cb64345
01a86ce33d5eb33420ed76266360f32c62a96f31
9ebd48b4053bb4a7a27718670c44075b1f35d037be7fd16750fcbc3ffd68b18c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1937
Cache-Control: max-age=150423
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 17:16:21 GMT
Etag: "636cd2eb-1d7"
Expires: Sat, 12 Nov 2022 11:03:24 GMT
Last-Modified: Thu, 10 Nov 2022 10:31:07 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dc90abd8b3ea8e75a68c144d74d75788
1ce29dca1ee9ca8931397de31ffb6cf7833baaf8
807000997bcf1b7a1fa35e43908cbfa54cd1704a5a0f53c09e1ae154638f10e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "807000997BCF1B7A1FA35E43908CBFA54CD1704A5A0F53C09E1AE154638F10E0"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5464
Expires: Thu, 10 Nov 2022 18:47:25 GMT
Date: Thu, 10 Nov 2022 17:16:21 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: hbP/b5cGAhnNkJ+wGsMC0CHLf48HiDZFKy/ha2A/h+exxrH1xAuw3cnuo6wC9BvvU6W9TS2LKfQ=
x-amz-request-id: YZ2YBRDTJW9P0DPW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 10 Nov 2022 16:49:28 GMT
age: 1614
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 17:16:22 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
assurancessdchemical.com/vlo/index.php?e=qbot.zip
185.185.85.130301 Moved Permanently 0 B URL HTTP/1.1 assurancessdchemical.com/vlo/index.php?e=qbot.zip
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /vlo/index.php?e=qbot.zip HTTP/1.1
Host: assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 10 Nov 2022 17:16:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
X-Powered-By: PHP/7.3.33
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Upgrade: h2,h2c
Location: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 081ea13ba4390a4baab25cf57c2672f3
30cc9c329228e3d7bc6041f1aa553f06f8136eed
5a48c189581edd8ae4a4e58e2d54359bb75ba769828436394e4c256fe861814e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4395
Cache-Control: max-age=147826
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 17:16:22 GMT
Etag: "636cbf2d-1d7"
Expires: Sat, 12 Nov 2022 10:20:08 GMT
Last-Modified: Thu, 10 Nov 2022 09:06:53 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.186.209.73101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.209.73:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zkAc/On1v2Icntmp4gxbag==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5HU9fE6CdbIrIhr7/IaWiumvVis=
www.assurancessdchemical.com/vlo/?e=qbot.zip
185.185.85.130404 Not Found 98 kB URL HTTP/1.1 www.assurancessdchemical.com/vlo/?e=qbot.zip
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (39996), with CRLF, LF line terminators
Hash 03f5349ce16cb7b7382307ae89e5d6bd
07b9a33441625d683509e285c3c6e5ebaf66d17d
2220d38fb755e2db8d119e757e0e6f17b5ab4672c09ff13b50b27d1c972f7159
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /vlo/?e=qbot.zip HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
X-Powered-By: PHP/7.3.33
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.assurancessdchemical.com/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
fonts.googleapis.com/css?family=Roboto%3A400%2C500%2C700%2C400%7CSource+Sans+Pro%3A400%2C500%2C600%2C700%2C700&subset=latin&display=fallback&ver=1.4
142.250.74.10200 OK 899 B URL HTTP/1.1 fonts.googleapis.com/css?family=Roboto%3A400%2C500%2C700%2C400%7CSource+Sans+Pro%3A400%2C500%2C600%2C700%2C700&subset=latin&display=fallback&ver=1.4
IP 142.250.74.10:0
Hash ad119129a29bb4a062c96b7f9f425c77
35bd2a4c1b83a20d2f30b776ef568b95d87fcf0d
b00ceeb6a04eb61eda7addbfa249970258cc2260b66ea2231e56d7c569503a28
GET /css?family=Roboto%3A400%2C500%2C700%2C400%7CSource+Sans+Pro%3A400%2C500%2C600%2C700%2C700&subset=latin&display=fallback&ver=1.4 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 10 Nov 2022 17:16:23 GMT
Date: Thu, 10 Nov 2022 17:16:23 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
www.assurancessdchemical.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1
185.185.85.130200 OK 19 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (15660)
Hash 32beb68a374e3aeac00abdf9e12b84ea
b5d18aa625e8696dd9d07cd0869337717b211ae0
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 18617
Upgrade: h2,h2c
Last-Modified: Mon, 06 Jun 2022 13:22:35 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-includes/css/classic-themes.min.css?ver=1
185.185.85.130200 OK 217 B URL HTTP/1.1 www.assurancessdchemical.com/wp-includes/css/classic-themes.min.css?ver=1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 217
Upgrade: h2,h2c
Last-Modified: Wed, 02 Nov 2022 05:35:43 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=7.2.1
185.185.85.130200 OK 4.9 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=7.2.1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (4933), with no line terminators
Hash e372df47bd19e1563b557d7bdb817188
4efdf4050a78bdbd88aa255955b7423105895dd0
4b7693154069c53a16468d09d89c9eba5da6c0dfc69cf4d7eb675e32ba663361
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=7.2.1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 4933
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 06:36:52 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=6.4.0
185.185.85.130200 OK 63 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type Unicode text, UTF-8 text, with very long lines (62753), with no line terminators
Hash 979b8b56e801469d95453055366ef54c
cb8a0bb5f00fee130a289ea4dfafc00fa53e1c04
d3322ccb3912f7a9485eb1d75971fd5e1eb49c6575ff5ad985fb5496333e8c8b
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 62755
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 06:36:52 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/fonts/flaticon-finbuzz/flaticon.css?ver=1.4
185.185.85.130200 OK 2.0 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/fonts/flaticon-finbuzz/flaticon.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Hash e94a5418f3f7431e0adf92938b691f5e
efc037a16947901960f2a1910ddee82422177346
9aedea08f14dbb7122e107c7ae90e40a34e35e35f5d5ae864c71f53648a1a731
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/fonts/flaticon-finbuzz/flaticon.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 1992
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/magnific-popup.css?ver=1.4
185.185.85.130200 OK 7.0 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/magnific-popup.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Hash 30b593b71d7672658f89bfea0ab360c9
d6963db6faa9294387bb3175813a61bc3f859437
45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/css/magnific-popup.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 6951
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/font-awesome.min.css?ver=1.4
185.185.85.130200 OK 57 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/font-awesome.min.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (57150)
Hash e3b8b563e36cda2dda793d662396d56b
799e3b1aec0f18be7a1c695cc80f83341b85db42
f479c8026856fbe9aebc9234a1322f9eb81796a312b3c45944c4329f1fdbc52a
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/css/font-awesome.min.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 57336
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1
185.185.85.130200 OK 95 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (47826)
Hash 4cdcd4a2c77fccb74825eaf2d6733091
00d4ad404f681af9044bb4cc6ed5e2e9f641cc4a
187af6783dd59cd3b9dd90e77b3daa1509c1c3c18f5ce5d6fe2133f9bc3828df
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 94821
Upgrade: h2,h2c
Last-Modified: Wed, 02 Nov 2022 05:35:44 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=7.2.1
185.185.85.130200 OK 212 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=7.2.1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Size 212 kB (212343 bytes)
Hash 5dcf0b1b1a3d81ef28b5750cdc76c5f6
abfe501a8db645c8dbc11ac81d1d1cfbcf2919e7
a16126f4cfb8aa52abb2c0b12e588c84708da95e2426e16477dd8f42b61b96f4
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=7.2.1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 212343
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 06:36:52 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/elementor.css?ver=1.4
185.185.85.130200 OK 308 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/elementor.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Size 308 kB (308041 bytes)
Hash 438a0348621106c5a96dc7c29ae59dbf
2c6125af1c72b19741a84f2eb3504b526e83bc9a
8b0abdd6a5b68ffa8105cecd8e2a34eb90b01528981339a8201edb989c0df9e3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/css/elementor.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 308041
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/rt-animate.css?ver=1.4
185.185.85.130200 OK 2.7 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/rt-animate.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with CRLF line terminators
Hash cbeec5af233ff98a7904973f0ae7d1aa
4e5db649b501b95ac87a73c3b90a7c964c466fa0
9cf336b950eb6b2ba4e59f12236f67e057c1c0350036a2f552f7a923156385bf
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/css/rt-animate.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 2669
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/bootstrap.min.css?ver=1.4
185.185.85.130200 OK 164 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/bootstrap.min.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type Unicode text, UTF-8 text, with very long lines (65306)
Size 164 kB (163873 bytes)
Hash 94994c66fec8c3468b269dc0cc242151
ec16bd19bf4ae9bc2e2336ac409a503bbbdaacad
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/css/bootstrap.min.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 163873
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/animate.min.css?ver=1.4
185.185.85.130200 OK 61 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/animate.min.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with CRLF line terminators
Hash 91787bc3178407a13b40e02d552d077b
ecfe33beace5cce63725e2f04393381069894caf
c075c209092b70f5f8a28931c580726d1c4f5be8b55faeed3e1d5fcbd77be531
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/css/animate.min.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 60833
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/default.css?ver=1.4
185.185.85.130200 OK 14 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/default.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Hash 5e7c5dd2bd3b5ec1544edad1bf007225
d3be6650aa07d6f2230c12801d297415e78b0b21
1f3fbeeb21abdc1ac603c3ed09087df085746614d61f694ef2087539423e170e
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/css/default.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 14339
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
185.185.85.130200 OK 90 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (65447)
Hash 17738318d61d394f1de8890d589afaec
f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 89684
Upgrade: h2,h2c
Last-Modified: Wed, 02 Nov 2022 05:35:41 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/style.css?ver=1.4
185.185.85.130200 OK 204 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/style.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Size 204 kB (203926 bytes)
Hash fa9aaa5534db2876c4e422721153cfe0
dd52d4a0e0f7779b3ac2c7e73e46026c5baea896
b5e76b9c6ef7e64471dcefbf6ce666d9f83664af415d28a0b56057de674ad4b3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/css/style.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 203926
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.4.0
185.185.85.130200 OK 18 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (17809), with no line terminators
Hash 1ddf23fcfd1b2941c456ce01da8180a6
156ef5cc77061010e3f4123a47fa415c6391e5ff
dd18a408a35aa5d393458657eb24fb56ab754ece3f88bd78a038e5793d3f6991
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 17809
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 06:36:52 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.4.0
185.185.85.130200 OK 9.5 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (9139)
Hash 87c54edf7dad7dfdfde015f6eee45ff1
96ec1a06ea3093c47e1e2fc4444ada7f4456135d
ef22199864042b8ceeee3729f3254c140df7217364045737ca3aadf8434fb3da
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 9533
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 06:36:53 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.9.1
185.185.85.130200 OK 5.4 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.9.1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (5357), with no line terminators
Hash ea2c0997db10af141fd67e9a5689892f
885d02d0adfdc9b216fe1fcc3a194bff0c0d707c
ae0edaba39248f48071235ee4eb4bfe7f48177465d492f35608c3165d4de82f9
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.9.1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 5357
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 12:10:55 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.4.0
185.185.85.130200 OK 3.0 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type HTML document, ASCII text, with very long lines (3037), with no line terminators
Hash 8bc2109ef48cabf7a26b73d7c3536c5f
0e0dfee3a3975eafc3dd55f190d1deb3c6c55d3b
8634aa7a3ac0bc6d359b458c8922e9d3269f64c1355b329bfe215beb12773af8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 3037
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 06:36:53 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/plugins/finbuzz-core/assets/js/tween-max.js?ver=1.20.2
185.185.85.130200 OK 194 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/plugins/finbuzz-core/assets/js/tween-max.js?ver=1.20.2
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (2474)
Size 194 kB (193966 bytes)
Hash 2bd182a93f7eb2ac9e70063c5bb1142a
7fb67a825ef7eea348cca3341e3edd8ff1cfdfb7
28209c3ee7daade032898ba4241760f9a192ceeb5af5befac6f6fca15651b173
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/plugins/finbuzz-core/assets/js/tween-max.js?ver=1.20.2 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 193966
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:50 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.4.0
185.185.85.130200 OK 1.8 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (1668)
Hash d0a6d8547c66b0d7b0172466558d1208
ff93916519c7b9483251f609e4d29f38c30a66e3
3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 1834
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 06:36:53 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.4.0
185.185.85.130200 OK 2.1 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (2139), with no line terminators
Hash b72c1cbb1530a011a27bd9800f26765a
27b825c5d8255f33b8427a059d4545ebd65e1746
a256fccecac3b32ab73c91d79a18747519a1a18023be05465c933b03523a82e8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 2139
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 06:36:53 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.4.0
185.185.85.130200 OK 2.9 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (2938), with no line terminators
Hash 0fd625c3991a4015814cffdc88e2fc82
d7c2f53e058210ff3ea773297641008bab71a5f3
2d022db650d194d935faea46a40e5512235b43bc3f8b181e32ce6d3dd745f4e1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 2938
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 06:36:53 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/isotope.pkgd.min.js?ver=1.4
185.185.85.130200 OK 36 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/isotope.pkgd.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (32019), with CRLF line terminators
Hash 5fb7c19c9c51cfb99f5ff942629f0f21
14c7f59e73d2a99aa688c2443a9a9b24acbff43c
a931e5af561b1f0efaf6cdb96aeac4c035c30756dd6edd1091da1a68747d35bc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/js/isotope.pkgd.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 35456
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/bootstrap.min.js?ver=1.4
185.185.85.130200 OK 59 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/bootstrap.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (58940)
Hash 259e416ef6833be43801b8b68a93b008
19080c3b817985336aab5e1ce6925c99803f2efd
70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/js/bootstrap.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 59219
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/theia-sticky-sidebar.min.js?ver=1.4
185.185.85.130200 OK 5.4 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/theia-sticky-sidebar.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type HTML document, ASCII text, with very long lines (5370), with CRLF line terminators
Hash 9b7664fe260d1a57a13ca71507b43499
d07064a9d012bae3f256adfa7d021c40793c962c
fb242b5f299cd08ee579ad1b46e13cb235bb595dd10b03fab7dfadfc61103be6
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/js/theia-sticky-sidebar.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 5431
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash ba4ee8f7bbd17fbbbe027f116e7ae4c2
61874419369385a9fdc08adcd1fa4d96f9fecbc2
c62678713ddf222c19294000db05e42e347a644d58df05b3d3d058440d071c94
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1302
Cache-Control: max-age=167413
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 17:16:23 GMT
Etag: "636d17c6-117"
Expires: Sat, 12 Nov 2022 15:46:36 GMT
Last-Modified: Thu, 10 Nov 2022 15:24:54 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/jquery.magnific-popup.min.js?ver=1.4
185.185.85.130200 OK 20 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/jquery.magnific-popup.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (20087), with CRLF line terminators
Hash b37d7edf99565d3858eaa1ad80df3cff
786a4343711e9af5e5dfcc493e7d2331b48875bb
b0a45cd5aed66e27bd8ee861d0e3b782c8e79849bde32f90f078b9f2451a36f2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/js/jquery.magnific-popup.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 20219
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/wow.min.js?ver=1.4
185.185.85.130200 OK 6.3 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/wow.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (6273)
Hash b69c9aab55bd732fef07d5bf21b0a761
8f25d4efc8103c5aaf4c6f1aebf3453b4ad0b085
0e758efeef1e7112e28bb08bbecb891bfda1a89c9ff4da69a09259418dd7d7ec
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/js/wow.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 6303
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/appear.min.js?ver=1.4
185.185.85.130200 OK 964 B URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/appear.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (964), with no line terminators
Hash 51abc4b947baae5e46545f0f0ada7eb4
348f8638545bf38e9f319652939bb0c9280d4501
94a8d6d2593de2028174575095e9fdf58a65aecbb4257c021bf11bb882e0254e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/js/appear.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 964
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/rt-parallax.js?ver=1.4
185.185.85.130200 OK 1.9 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/rt-parallax.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Hash 24602a6d93cf57e1f1b64fb7123fee0a
38904f27b95d45daf4943fdf103cf11e05b5b23e
e0bf568dffb7867df64321aaa31d0a2d3800854b84976157852414accf394693
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/js/rt-parallax.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 1855
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
185.185.85.130200 OK 5.6 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (5477)
Hash 3a56752b736635bf69cb069b8818cbfd
42e0951fe74bb3f56a30f51291823bcd4a84d76e
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 5629
Upgrade: h2,h2c
Last-Modified: Sat, 13 Jun 2020 23:23:28 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-includes/js/masonry.min.js?ver=4.2.2
185.185.85.130200 OK 24 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-includes/js/masonry.min.js?ver=4.2.2
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (23966)
Hash 3b3fc826e58fc554108e4a651c9c7848
76778fd446e2ff2377588a7b4ac4d79f258427c9
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 24138
Upgrade: h2,h2c
Last-Modified: Sat, 13 Jun 2020 23:23:28 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/jquery.easypiechart.min.js?ver=1.4
185.185.85.130200 OK 4.0 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/jquery.easypiechart.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (3765), with CRLF line terminators
Hash 8d29ed543ea77682ebfaa80d0539977c
fe0ec96dd91247856768db69e172ea2b530b1205
6a2507b941afb2782b6e7c7dc2eb3022e58745d98bd9ccb69116819ffc4af0c6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/js/jquery.easypiechart.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 3998
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.assurancessdchemical.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15744
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 09 Nov 2022 20:16:46 GMT
Expires: Thu, 09 Nov 2023 20:16:46 GMT
Cache-Control: public, max-age=31536000
Age: 75577
Last-Modified: Wed, 11 May 2022 19:24:48 GMT
Content-Type: font/woff2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/main.js?ver=1.4
185.185.85.130200 OK 22 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/main.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with CRLF line terminators
Hash 0b19d6ce320d4856a75c1ceab11a92ab
0588263d0206cc6b723a1f51f1acc1a8ebc51d17
7f60f447e404345cf1c8b5deb25900f66d065c3ee5dbcecdfbee48eed6fe8e37
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/js/main.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 21629
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/element/shape36.png
185.185.85.130200 OK 1.3 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/element/shape36.png
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type PNG image data, 24 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash b568edcb8208c56318f263d31bbbfcb9
29d4326979f2b29610be0bc1ccd2d17f70da0551
aedb7808d8a57164dbc1bd8049cc0fae4be10f6132908a0dd4d13addc5e914b0
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/element/shape36.png HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: image/png
Content-Length: 1294
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=6.4.0
185.185.85.130200 OK 7.0 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (7043), with no line terminators
Hash 456663a286a204386735fd775542a59e
0a61620b88f4ae0fa7d71e2c7a014ea2c3ab5749
a7a83e60e7e3b8cadeed69327ba498b4cd68605db6e408729fa1b946758e7501
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: text/css
Content-Length: 7043
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 06:36:52 GMT
Accept-Ranges: bytes
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
216.58.207.195200 OK 13 kB URL HTTP/1.1 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 12924, version 1.0\012- data
Hash 4610010f425c140b99c88b6819ce1c02
a7e839aa0452ceeb6228de7c15062fe82cc6d1c3
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.assurancessdchemical.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 12924
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 09 Nov 2022 22:37:21 GMT
Expires: Thu, 09 Nov 2023 22:37:21 GMT
Cache-Control: public, max-age=31536000
Age: 67142
Last-Modified: Wed, 27 Apr 2022 16:02:31 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.assurancessdchemical.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15920
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 09 Nov 2022 21:43:03 GMT
Expires: Thu, 09 Nov 2023 21:43:03 GMT
Cache-Control: public, max-age=31536000
Age: 70400
Last-Modified: Wed, 11 May 2022 19:24:45 GMT
Content-Type: font/woff2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
216.58.207.195200 OK 13 kB URL HTTP/1.1 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.assurancessdchemical.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 13036
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 09 Nov 2022 22:05:26 GMT
Expires: Thu, 09 Nov 2023 22:05:26 GMT
Cache-Control: public, max-age=31536000
Age: 69057
Last-Modified: Wed, 27 Apr 2022 16:04:42 GMT
Content-Type: font/woff2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7ce68d9f05ceda5e89a0f9ef60f1b146
ae65ea9709298cd658b1152cd42c24011c047e09
bf46e035a8a06f09abfae16ae97baef7958ee18e41c8d9c05fad456e1d8baa4e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF46E035A8A06F09ABFAE16AE97BAEF7958EE18E41C8D9C05FAD456E1D8BAA4E"
Last-Modified: Tue, 08 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21566
Expires: Thu, 10 Nov 2022 23:15:49 GMT
Date: Thu, 10 Nov 2022 17:16:23 GMT
Connection: keep-alive
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/swiper.min.js?ver=1.4
185.185.85.130200 OK 249 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/swiper.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (829)
Size 249 kB (248715 bytes)
Hash 87a8e092e51d03d54fd6508d91b94e3c
9a4d4421cbe9fdd82715479d51ab0cef85f0aaa6
d6ac7a8621ec0f9ee23eef4561d57e7dd3b5ce20525a042efd8ad8aefaf233b2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/js/swiper.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: application/javascript
Content-Length: 248715
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/webfonts/fa-regular-400.woff2
185.185.85.130200 OK 14 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/webfonts/fa-regular-400.woff2
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type Web Open Font Format (Version 2), TrueType, length 13588, version 331.524\012- data
Hash fce8f91f337fd3c887d9279183939246
6e96a5152305607cd7ef195809da4e2a24d353df
021f51aca02ae25bb5e5c28b95ddc2a8149042820c843ded9099ff9e45b68c5c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/font-awesome.min.css?ver=1.4
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: font/woff2
Content-Length: 13588
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
216.58.207.195200 OK 13 kB URL HTTP/1.1 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 13052, version 1.0\012- data
Hash 7cf79fbd1df848510d7352274efc2401
5540b5a26cc7dfe25294c4eabe011e2c6cd60143
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.assurancessdchemical.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 13052
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 10 Nov 2022 02:59:12 GMT
Expires: Fri, 10 Nov 2023 02:59:12 GMT
Cache-Control: public, max-age=31536000
Age: 51431
Last-Modified: Wed, 27 Apr 2022 16:09:03 GMT
Content-Type: font/woff2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/webfonts/fa-brands-400.woff2
185.185.85.130200 OK 77 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/webfonts/fa-brands-400.woff2
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type Web Open Font Format (Version 2), TrueType, length 76576, version 331.524\012- data
Hash 925d825507f5236f25e8bd3b12cf4a8e
c6fd442e10f86c775e287ba2f9bf0c468640d866
cb3c124e6b9a35586f2eb1b20be4074dbca4d821bf52f7ad69e87981ef99a8fd
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/font-awesome.min.css?ver=1.4
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: font/woff2
Content-Length: 76576
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/element/figure79.png
185.185.85.130200 OK 1.1 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/element/figure79.png
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type PNG image data, 223 x 109, 8-bit colormap, non-interlaced\012- data
Hash f1a97f95b6bf19a961901214e787b9f1
b3574916d69ce4e46c78a5c413f6132dece99772
629c12c98f0833be2234e9bb5185240a8305eb0749d960fa676ed045deb6be12
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/element/figure79.png HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: image/png
Content-Length: 1077
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/webfonts/fa-solid-900.woff2
185.185.85.130200 OK 80 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/webfonts/fa-solid-900.woff2
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type Web Open Font Format (Version 2), TrueType, length 79464, version 331.524\012- data
Hash b3e460fdd8d304a121b44183473d7522
7ad1ee10d7762fa348e20725cf5e669a36a4360c
15809710190c5c2edbf07f0db683ade85fb801f8ff08a2dbb93eea9d0d4e6df2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/font-awesome.min.css?ver=1.4
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:23 GMT
Content-Type: font/woff2
Content-Length: 79464
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/img/footer-3-bg.jpg
185.185.85.130200 OK 196 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/img/footer-3-bg.jpg
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x590, components 3\012- data
Size 196 kB (196408 bytes)
Hash 63823ba01366591a8d0d4a4576ff8f77
a65bfad9f50ca5ad596aac414c5c36309e500948
493469e243dd0dbe5ac5909f8d28398f5e68eccb2ac176262a79f7a830d3ac8c
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/img/footer-3-bg.jpg HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:24 GMT
Content-Type: image/jpeg
Content-Length: 196408
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/img/preloader.gif
185.185.85.130200 OK 18 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/img/preloader.gif
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type GIF image data, version 89a, 90 x 90\012- data
Hash 102039caf835290a60ca6ca241a686f1
27bafbfc667cae7bcc6173a3da8b1d017dbde9b5
b0d4f32e52a0dbcaec99800999a5a134dc4cd20b6394245a6d088ca97ca2bcbf
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/img/preloader.gif HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:24 GMT
Content-Type: image/gif
Content-Length: 17956
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/uploads/2021/10/gallery-widget5-150x150.jpg
185.185.85.130200 OK 5.7 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/uploads/2021/10/gallery-widget5-150x150.jpg
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x150, components 3\012- data
Hash 903c70d33e561e02169ac0228c04caac
341f59188f3161a7c52e67310ea8905fc2d8765c
f119c971487dbfc957671f8c43d4d666faf12860a85d7dbe25ebc13a42715d3f
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/uploads/2021/10/gallery-widget5-150x150.jpg HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 17:16:24 GMT
content-type: image/jpeg
content-length: 5701
last-modified: Fri, 15 Apr 2022 07:21:15 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/uploads/2021/10/blog4-150x150.jpg
185.185.85.130200 OK 5.6 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/uploads/2021/10/blog4-150x150.jpg
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x150, components 3\012- data
Hash 80a15717984f1ec5ab60621afac63b77
d6a49df630b0da2c4baaa6a7b8e3f982ff844940
4d72160776de7ec2bb0fee1eb03db41828e466d27af1e18f43df667dbb38b9b5
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/uploads/2021/10/blog4-150x150.jpg HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 17:16:24 GMT
content-type: image/jpeg
content-length: 5615
last-modified: Fri, 15 Apr 2022 07:21:32 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/img/404.png
185.185.85.130200 OK 9.7 kB URL HTTP/1.1 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/img/404.png
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type PNG image data, 684 x 327, 8-bit colormap, non-interlaced\012- data
Hash 7a336f9b3e3089503b5f91a899eab659
33b72695a86c3ae87778e95acc103b1f719fd564
14edb787a4be083c9be5a4fbc3033c1cddef5f6622c741b66b1b928b1b30f6b6
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/themes/finbuzz/assets/img/404.png HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:24 GMT
Content-Type: image/png
Content-Length: 9733
Upgrade: h2,h2c
Last-Modified: Fri, 15 Apr 2022 07:13:01 GMT
Accept-Ranges: bytes
www.assurancessdchemical.com/wp-content/uploads/2021/11/service10-150x150.jpg
185.185.85.130200 OK 8.2 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/uploads/2021/11/service10-150x150.jpg
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x150, components 3\012- data
Hash 72ac275dcb765dc1ad45bd5afce1ba67
0c5312d216ad6dbb7a4a2a5ea9d9b39f5fcca69b
e49f73b698905b6fecf197f7a10f877469f4912c755d2ea694d986bea5b2474f
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/uploads/2021/11/service10-150x150.jpg HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 17:16:24 GMT
content-type: image/jpeg
content-length: 8226
last-modified: Fri, 15 Apr 2022 07:30:19 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/uploads/2021/11/service4-150x150.jpg
185.185.85.130200 OK 9.4 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/uploads/2021/11/service4-150x150.jpg
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x150, components 3\012- data
Hash da5ce839942a44b9ad455bf10cf4d97d
d670b79187013ff7f8b9bff899589291b851bbe1
d31298fa4ed00d8c32c93ac6f466f6447e81269bead0919467598b1bbee6be97
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/uploads/2021/11/service4-150x150.jpg HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 17:16:24 GMT
content-type: image/jpeg
content-length: 9407
last-modified: Fri, 15 Apr 2022 07:26:43 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18199
Expires: Thu, 10 Nov 2022 22:19:43 GMT
Date: Thu, 10 Nov 2022 17:16:24 GMT
Connection: keep-alive
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 10 kB URL HTTP/1.1 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x150, components 3\012- data
Hash d0412287e5bd75cd31f646345fef16bc
4a08bba3eb362e8aacd6d1a18d96905c0452178f
441a455c6d76da00778c7545f24661421da10f68adbb7d61bf7665fabdcd5fd3
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.assurancessdchemical.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15860
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 09 Nov 2022 20:16:46 GMT
Expires: Thu, 09 Nov 2023 20:16:46 GMT
Cache-Control: public, max-age=31536000
Age: 75577
Last-Modified: Wed, 11 May 2022 19:24:42 GMT
Content-Type: font/woff2
www.assurancessdchemical.com/wp-content/uploads/2021/10/portfolio9-150x150.jpg
185.185.85.130200 OK 7.3 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/uploads/2021/10/portfolio9-150x150.jpg
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x150, components 3\012- data
Hash f6867051bab0b6f33ee7e6a367a2900d
f60f0f5b1feb22d4d21f111623adea5592fbebfd
9f21459714de917f084bce319a8a5d5cffc4a05b30f092e5b51efec4b8193264
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/uploads/2021/10/portfolio9-150x150.jpg HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 17:16:24 GMT
content-type: image/jpeg
content-length: 7309
last-modified: Fri, 15 Apr 2022 07:23:28 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18199
Expires: Thu, 10 Nov 2022 22:19:43 GMT
Date: Thu, 10 Nov 2022 17:16:24 GMT
Connection: keep-alive
www.assurancessdchemical.com/wp-content/uploads/2022/04/K-3.png
185.185.85.130200 OK 5.1 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/uploads/2022/04/K-3.png
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type PNG image data, 152 x 45, 8-bit colormap, non-interlaced\012- data
Hash 2d8c74de6b59b3149f459f6ff9de1807
77d50fbb24410b95e7a6bcd69dd2dedd6707350d
e86fd71cd0723268572c2807090a1d638e56e7b9097eed2d173d7b26b1293b62
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/uploads/2022/04/K-3.png HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 17:16:24 GMT
content-type: image/png
content-length: 5054
last-modified: Fri, 15 Apr 2022 13:14:30 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18199
Expires: Thu, 10 Nov 2022 22:19:43 GMT
Date: Thu, 10 Nov 2022 17:16:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f570a6d-7e0c-4dc3-9a3f-7af7ccbae623.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f570a6d-7e0c-4dc3-9a3f-7af7ccbae623.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash feb275cc5fa7b13e70522cb76f001bbc
80ca9cf6cbbc73a884c3a839ace9a7aa191a8504
a5680637b55669355967b87fd4be4881a3e4dea746b7c420acf4dcb46b8a28de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f570a6d-7e0c-4dc3-9a3f-7af7ccbae623.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8242
x-amzn-requestid: 1ab9c180-7e6b-4eae-a6cf-6a45c96fdc4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlrkE_2oAMFk2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1cb0-0089846803d11bb649874507;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kZPJ95WwFXhxoBwZIeTN2iRl3-XFPmooKSeFtLu3wIm4b8nabFY2mA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:46:29 GMT
etag: "80ca9cf6cbbc73a884c3a839ace9a7aa191a8504"
content-type: image/jpeg
age: 70195
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb45d42fc-185c-4bf0-906b-55b0275ee2d4.jpeg
34.120.237.76200 OK 3.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb45d42fc-185c-4bf0-906b-55b0275ee2d4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aeb648ba8ff2bcbb363004559ced5b87
25c8230dc14cfc31d8660b8ea8a72f3ac881ea7e
3eb0d98cc52b574f7496061ab00d6276c7a83ca1be7b7974a932a7827a9dd4b3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb45d42fc-185c-4bf0-906b-55b0275ee2d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3319
x-amzn-requestid: 4720d817-e198-4cae-b14c-b78972e7dd05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlrkGdMIAMF8_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1cb0-6c3edabf3f07e37951156122;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:36 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: WTHCOj9RuWRZz5CyXFFKfjGFuZyQY69EvrTlTHqs9WAImuFCLp4ZzQ==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:46:28 GMT
etag: "25c8230dc14cfc31d8660b8ea8a72f3ac881ea7e"
content-type: image/jpeg
age: 70196
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F790db4df-e6d4-48ab-92fb-179a770f76b7.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F790db4df-e6d4-48ab-92fb-179a770f76b7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c2db9097ad95b726c65a3130483daf7
2b6dbe326a49e03a0f8d1a5d15930fd7870f6f79
1da5e63e7a3e837c758bb365e5e99e6dfb6c54e9b2fe038c3eb1334a86dc4d74
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F790db4df-e6d4-48ab-92fb-179a770f76b7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7723
x-amzn-requestid: 1e07419e-8cd6-43d6-b0bb-61183502ee40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlpGHFKIAMFUUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1ca0-751c8b152ea5c28f5a78bf46;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: BXdwO74rhbF9575IFRz-DNbcEFNiX7JiCtsvghmUE8zOju0eyuFjow==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:45:34 GMT
age: 70250
etag: "2b6dbe326a49e03a0f8d1a5d15930fd7870f6f79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1301540a-8618-4725-97e7-ac03773f7ed0.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1301540a-8618-4725-97e7-ac03773f7ed0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a929256680885031f55121c35d626bcc
9caf2466f70995d5763b970f916c4944b364a4ff
9366db1c171fe9dae5946198415c9a02005a432fccd359896f94bce874c91027
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1301540a-8618-4725-97e7-ac03773f7ed0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9283
x-amzn-requestid: c800cccd-80cc-4cd6-8856-66cfd07141c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWmC2HnpIAMF3kA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1d45-686eac2b6c65b8dd41dfb44a;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: y9jHtcAFR3KyG8gWBDJ13rjekqGz6dUoqn0d_yHYW9beFkeCGSxbsA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:51:10 GMT
etag: "9caf2466f70995d5763b970f916c4944b364a4ff"
content-type: image/jpeg
age: 69914
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe468f92f-2486-4c80-ab37-4225f9f983cc.webp
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe468f92f-2486-4c80-ab37-4225f9f983cc.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fc04eddc597d6b10db5d59c53f20aec
dddc0da13526d24aaea990cc1d68d9212612da43
a7e2d1fd141c4383de3411be95b8875c9d969d5f001020793a2b4d939aaa780b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe468f92f-2486-4c80-ab37-4225f9f983cc.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12268
x-amzn-requestid: cd9ea4f7-9a75-47b4-a0ad-817c821a592e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlpZHbBIAMFfUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1ca2-69a98f453929cc817bead2c7;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Xq1vIovXXR0pPaaHjKWeLcZszoEkISrYvqKvshtQ9dFTf6CUwxmIWA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:45:34 GMT
age: 70250
etag: "dddc0da13526d24aaea990cc1d68d9212612da43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F407f630c-7642-40eb-8db3-288b03315712.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F407f630c-7642-40eb-8db3-288b03315712.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 178b1b5efcd0c5997d0e5b820193abe2
460630852800c0304295c78df268bfec64416f98
9822d2ef4199dcc01f81a8e6d3a91d9545466c17abfca4eb30e0a49ca8301da6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F407f630c-7642-40eb-8db3-288b03315712.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3445
x-amzn-requestid: 92b5ba7a-e45a-495c-89ae-9738fd5644bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWloyHMpoAMF-Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1c9e-5508b96c349a34537809ef0e;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3-XU3AO60wbMDZcPshBPHvxEFAQHVs7-dlg52BfbxkSlDAEx9kaeeg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:58:41 GMT
age: 69463
etag: "460630852800c0304295c78df268bfec64416f98"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
embed.tawk.to/62602cfeb0d10b6f3e6e822a/default
172.67.38.66200 OK 928 B URL HTTP/2 embed.tawk.to/62602cfeb0d10b6f3e6e822a/default
IP 172.67.38.66:0
Hash af948b1c25b4bc09fe92327fcf923895
0526cf2754fb2d49383430a84d152f5609211fc7
de972820bdf77683aa013001f3fe852a3483c448cae36b7f2d2f423e40099c9e
GET /62602cfeb0d10b6f3e6e822a/default HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.assurancessdchemical.com
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 17:16:24 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, s-maxage=3600
etag: W/"stable-v4-635a92a45e8"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 76806f893ec2b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.assurancessdchemical.com/?wc-ajax=get_refreshed_fragments
185.185.85.130200 OK 210 B URL HTTP/1.1 www.assurancessdchemical.com/?wc-ajax=get_refreshed_fragments
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type JSON data\012- , ASCII text, with no line terminators
Hash 0c97a46508dc677362be2a79fd34feea
bce89aaf991907a16c951cc6a9a8121045374e22
3e799d21e1116a135fcd10c071506f34b99cf79d93b5548199e1376f88b62434
Analyzer Verdict Alert mnemonic_dns Sinkholed
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: http://www.assurancessdchemical.com
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/vlo/?e=qbot.zip
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 10 Nov 2022 17:16:25 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
X-Powered-By: PHP/7.3.33
Access-Control-Allow-Origin: http://www.assurancessdchemical.com
Access-Control-Allow-Credentials: true
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Upgrade: h2,h2c
embed.tawk.to/626167667b967b11798bd448/1g167nqud
172.67.38.66200 OK 11 kB URL HTTP/2 embed.tawk.to/626167667b967b11798bd448/1g167nqud
IP 172.67.38.66:0
Hash 91af868265e4904ecedd5bfec97efec3
845a1b4281fa3facd43bb81ee407932e25162527
049d8879a769648d529e33e08657c9042c57587ac33fe5eaa31a88a5766ff536
GET /626167667b967b11798bd448/1g167nqud HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.assurancessdchemical.com
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 17:16:24 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, s-maxage=3600
etag: W/"stable-v4-635a92a45e8"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 76806f8a8873b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/uploads/2021/09/cropped-logo_1-300x300.png
185.185.85.130200 OK 18 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/uploads/2021/09/cropped-logo_1-300x300.png
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 3f686d38acdfbc86373bd3124fe5cfc5
4c09c18f76d0b344f453db15560909afdc73dbdc
6e2da0e5ce7701c610fcabd7149c7282e8144dedb4d92f7862d6c7f6aa42b803
Analyzer Verdict Alert mnemonic_dns Sinkholed
GET /wp-content/uploads/2021/09/cropped-logo_1-300x300.png HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 17:16:25 GMT
content-type: image/png
content-length: 17748
last-modified: Fri, 15 Apr 2022 07:30:32 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js
151.101.85.229200 OK 62 kB URL HTTP/2 cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js
IP 151.101.85.229:0
Hash ca95d11a23cce17172370114ad693a20
17d1885ccbc99389555c868bb7eafa953e1122d1
f086d2998f2dcfe636b77f05a9169ac7ecf7c2c45d9d8fabc332a5e830bf0769
GET /emojione/2.2.7/lib/js/emojione.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"49dda-cp9vjKV4fYl0Ow7X6yf9dkBr+YU"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 17:16:26 GMT
age: 20246942
x-served-by: cache-fra19156-FRA, cache-bma1622-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 53889
X-Firefox-Spdy: h2
vsb16.tawk.to/s/?k=636d31e93f52a35ac5c0c51f&cver=0&pop=false&asver=4&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI2MjYxNjc2NjdiOTY3YjExNzk4YmQ0NDgiLCJ2aWQiOiI2MjYxNjc2NjdiOTY3YjExNzk4YmQ0NDgtbkYwcVFWeHZmVzZnczRid0xsRENCIiwic2lkIjoiNjM2ZDMxZTkzZjUyYTM1YWM1YzBjNTFmIiwiaWF0IjoxNjY4MTAwNTg1LCJleHAiOjE2NjgxMDIzODUsImp0aSI6IklJakNDTG1LY0EzZVFIN1FNQVcxWiJ9.U_pg5418OwyXCVGZeIv45RpJyDbNHfpw9Vg7mjmGG6NAxaFnSH5vSOOmC5b8urdneqzG6PgScahYLOQ5PgVoKA&EIO=3&transport=websocket&__t=OHYYkh3
172.67.38.66101 Switching Protocols 3.0 kB URL HTTP/1.1 vsb16.tawk.to/s/?k=636d31e93f52a35ac5c0c51f&cver=0&pop=false&asver=4&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI2MjYxNjc2NjdiOTY3YjExNzk4YmQ0NDgiLCJ2aWQiOiI2MjYxNjc2NjdiOTY3YjExNzk4YmQ0NDgtbkYwcVFWeHZmVzZnczRid0xsRENCIiwic2lkIjoiNjM2ZDMxZTkzZjUyYTM1YWM1YzBjNTFmIiwiaWF0IjoxNjY4MTAwNTg1LCJleHAiOjE2NjgxMDIzODUsImp0aSI6IklJakNDTG1LY0EzZVFIN1FNQVcxWiJ9.U_pg5418OwyXCVGZeIv45RpJyDbNHfpw9Vg7mjmGG6NAxaFnSH5vSOOmC5b8urdneqzG6PgScahYLOQ5PgVoKA&EIO=3&transport=websocket&__t=OHYYkh3
IP 172.67.38.66:0
Hash 09961c54fe57cf648a459390160b4657
7b0d3d36f64f4b0cfbb572bde593552ab2086a07
227ee28fd96ff2cbf5413d06a376b62337a8bf08938199331cfa27f61f645e62
GET /s/?k=636d31e93f52a35ac5c0c51f&cver=0&pop=false&asver=4&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI2MjYxNjc2NjdiOTY3YjExNzk4YmQ0NDgiLCJ2aWQiOiI2MjYxNjc2NjdiOTY3YjExNzk4YmQ0NDgtbkYwcVFWeHZmVzZnczRid0xsRENCIiwic2lkIjoiNjM2ZDMxZTkzZjUyYTM1YWM1YzBjNTFmIiwiaWF0IjoxNjY4MTAwNTg1LCJleHAiOjE2NjgxMDIzODUsImp0aSI6IklJakNDTG1LY0EzZVFIN1FNQVcxWiJ9.U_pg5418OwyXCVGZeIv45RpJyDbNHfpw9Vg7mjmGG6NAxaFnSH5vSOOmC5b8urdneqzG6PgScahYLOQ5PgVoKA&EIO=3&transport=websocket&__t=OHYYkh3 HTTP/1.1
Host: vsb16.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://www.assurancessdchemical.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sjTCFQ7TpCuVSElNcXUHNw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Thu, 10 Nov 2022 17:16:26 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: INjz6uVemjpf0s6jwmZ+uVFnzuc=
sec-websocket-extensions: permessage-deflate
strict-transport-security: max-age=0; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 76806f96ece51c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-chunk-vendors.js
172.67.38.66200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-chunk-vendors.js
IP 172.67.38.66:0
GET /_s/v4/app/635a92a45e8/js/twk-chunk-vendors.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.assurancessdchemical.com
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 17:16:25 GMT
content-type: application/javascript
last-modified: Thu, 27 Oct 2022 14:17:55 GMT
etag: W/"70dac54eca3bb2143032bc4db3237623"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 76806f8e3d3fb4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-vendor.js
172.67.38.66200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-vendor.js
IP 172.67.38.66:0
GET /_s/v4/app/635a92a45e8/js/twk-vendor.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.assurancessdchemical.com
Connection: keep-alive
Referer: http://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 17:16:24 GMT
content-type: application/javascript
last-modified: Thu, 27 Oct 2022 14:17:55 GMT
etag: W/"7dcb496e4882926f93f2e73fa87062c0"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 76806f8e3d36b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2