r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4a5e9bc8b7891ac5f4552c29bcbaedb0
39735081eeb64eae477c61c1147daeb68fb37b22
c465efaf205ff2992af02c16187ca14a658cd5335b892903374f3adab32a8cd9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C465EFAF205FF2992AF02C16187CA14A658CD5335B892903374F3ADAB32A8CD9"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2218
Expires: Fri, 16 Dec 2022 02:15:28 GMT
Date: Fri, 16 Dec 2022 01:38:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 381442da2a14cb93770f4c8f6e19d35b
31c48467751e2450a63004c57eea0c7872023eaf
61b0985f47033bd7020ab3b8cdcbc6c17be6ab9b6feba69e006088b78e21c0f0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61B0985F47033BD7020AB3B8CDCBC6C17BE6AB9B6FEBA69E006088B78E21C0F0"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18322
Expires: Fri, 16 Dec 2022 06:43:52 GMT
Date: Fri, 16 Dec 2022 01:38:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5b38399fcc8246505e5e6b0f62803a5a
bb374f8d97b2bd798873d74c6bbab20ad6843e96
406ab3af8adf2b151c052a06c0379fd8d83d3362e90c17ac2e5481b6b9a7441f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "406AB3AF8ADF2B151C052A06C0379FD8D83D3362E90C17AC2E5481B6B9A7441F"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4003
Expires: Fri, 16 Dec 2022 02:45:13 GMT
Date: Fri, 16 Dec 2022 01:38:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 16 Dec 2022 01:33:58 GMT
content-type: application/json
age: 272
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zRRkVOnHK/FZU+wlGVXI69V9TRDmw4YE9ScrGqletznqjiNutw+13KQhPbxApao2UDa6MWTby5Q=
x-amz-request-id: FV9VMZXF3D0QER4Z
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 16 Dec 2022 00:51:08 GMT
age: 2842
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 16 Dec 2022 01:38:30 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 16 Dec 2022 01:33:21 GMT
age: 309
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b9f0adeb27a19629aeff6f34de67f3ad
3876d1b871d7da6d18de23c2edb301eb30728066
c5744a90c8f66629aa2331465a32afe0d430b36d16fd98bc821e370f1b24463c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6350
Cache-Control: max-age=119660
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:38:30 GMT
Etag: "639ae3b4-1d7"
Expires: Sat, 17 Dec 2022 10:52:50 GMT
Last-Modified: Thu, 15 Dec 2022 09:07:00 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.43.228.5101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.228.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1pF6WceNEHydMZTA0hlj4A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AAP074JypMG8AvccP0bpeepUA2c=
cellfonecellular.com/reeh/index.php?qbot.zip
69.64.71.154301 Moved Permanently 0 B URL HTTP/1.1 cellfonecellular.com/reeh/index.php?qbot.zip
IP 69.64.71.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /reeh/index.php?qbot.zip HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Date: Fri, 16 Dec 2022 01:38:30 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://cellfonecellular.com/reeh/?qbot.zip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5501
Expires: Fri, 16 Dec 2022 03:10:13 GMT
Date: Fri, 16 Dec 2022 01:38:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5501
Expires: Fri, 16 Dec 2022 03:10:13 GMT
Date: Fri, 16 Dec 2022 01:38:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 0e5a8cf5962c05bf28a3b45f5c8745e2
9c5d7e8aeab26f9fd2e753ab4dc65d6fa8ea955f
f614642045fcd0ee373ed6cabe67514f4bb54c7fb4f1181b52eaec12d7e0479e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F614642045FCD0EE373ED6CABE67514F4BB54C7FB4F1181B52EAEC12D7E0479E"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5501
Expires: Fri, 16 Dec 2022 03:10:13 GMT
Date: Fri, 16 Dec 2022 01:38:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44d28b3d-7927-4346-840a-8cfc2e3ea292.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44d28b3d-7927-4346-840a-8cfc2e3ea292.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30739a2896ba00103578a7cd3589767c
b8da5c239832fc19c22722c23412adac1ef200ec
b406a1135ac6a56d3b7e3ba1f9adeb1a69d56e7a070f30e1dd20fea4ebedf3a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44d28b3d-7927-4346-840a-8cfc2e3ea292.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5424
x-amzn-requestid: e579538e-8990-425d-a635-ede55d60ed50
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNSvBETaoAMFyKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b97f9-3560628d3673feb33f4b958e;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:56:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CjP6MuggD8GZZTJUICeoKXHsb5qopw53uqsKfb6drH5nHj4gL1CptQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 22:13:35 GMT
age: 12297
etag: "b8da5c239832fc19c22722c23412adac1ef200ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4be35fbc-e4f0-449f-a4a6-8630871dbbca.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4be35fbc-e4f0-449f-a4a6-8630871dbbca.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ffaf7e3899d2e846612269608ae1286
07e6d729ad09430b483f44c16146dd2707935314
0d101f77b5159818bdac6fd41d43df60d95a08cebea93b9c661d5694a2d92f54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4be35fbc-e4f0-449f-a4a6-8630871dbbca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11887
x-amzn-requestid: 4af02abe-5573-4788-9790-f76620857d86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNRX9FVdIAMFxfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b95cc-484ff6083d4e7b483cbfcd96;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:46:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8V4kSXlD1XwSR_1OFl7eFOsYwqUatih-UFve0BaTlp5XgXzTGZSWCg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 21:56:47 GMT
etag: "07e6d729ad09430b483f44c16146dd2707935314"
content-type: image/jpeg
age: 13305
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ae976ce-079c-4e5f-b8b9-c1ee2adaa868.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ae976ce-079c-4e5f-b8b9-c1ee2adaa868.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78c629538ec0e3052bbfc30143472461
4730867561c6116e461a82d5448d7fb10d5df533
8987e66414a582c18eaf65e0c2139213817cdc524dcffe2abc4f4a7c7cb3342e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ae976ce-079c-4e5f-b8b9-c1ee2adaa868.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12785
x-amzn-requestid: 55fe73e5-e843-4f9b-88ee-fc3aa5365dc6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNQQLFqaoAMFQHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9400-0a135ed9618b37ea59813d56;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:39:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WKzermMXjxJ_I7wum86KjSEfxd-OvBXbsYdNCshK0n7mhnfb2fPHVw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 21:57:04 GMT
age: 13288
etag: "4730867561c6116e461a82d5448d7fb10d5df533"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff22fa4a3-ba63-491d-a915-4c7ea375f720.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff22fa4a3-ba63-491d-a915-4c7ea375f720.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1439b219bc14c22c96fdba089d03dc40
bfe8173cae5e2c8fa781f11661dc0893fc159eb3
a5aad1c8c3464232f0bb74c8115ea0cb0d2ac6f43c5418feb967803ea8286ff3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff22fa4a3-ba63-491d-a915-4c7ea375f720.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7896
x-amzn-requestid: cf094f2f-ce6b-4626-8168-36944d557cb7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dHbA4FexoAMFe-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63993ed2-60e1d5f53f3d2ad01060a8d4;Sampled=0
x-amzn-remapped-date: Wed, 14 Dec 2022 03:11:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zUZEYcY4OgIDoMd-y4mtxmJxD09IeYbmsvgWPauxLcZ4IGr8sDNcgw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 03:25:04 GMT
age: 80008
etag: "bfe8173cae5e2c8fa781f11661dc0893fc159eb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61dd0e23-c172-4f68-b254-9fd26e2782f6.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61dd0e23-c172-4f68-b254-9fd26e2782f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d9d95001bfc942895a41fb4bbd50c56
67e1f40fbf45d7f32e4bd05f7c9e71f352483fa9
042c3809a802ef44ff6de8a270194cdf69cc3ba9d8f5192110dda7829d2d52d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61dd0e23-c172-4f68-b254-9fd26e2782f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5710
x-amzn-requestid: 9e587daa-7632-4765-a8c5-6cea13058bac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNQQJEp6IAMF1Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9400-63c04fa4691c32f914301a3d;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:39:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Qj7aKHjYDmSpAkdiFXcYQ5fL2bIwo2KEYkDvvKo-_YBToKJVM2GWng==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 22:12:29 GMT
age: 12363
etag: "67e1f40fbf45d7f32e4bd05f7c9e71f352483fa9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6873e310-18bc-4048-a538-a334095e2630.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6873e310-18bc-4048-a538-a334095e2630.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05e3e1b7b913ea0135618df17b15cf3d
af81d8f513ce5e57331b23e7293c24b788d14814
c18f41a6b4367ad833d41ff6686cc8987e5b34961db4ac689834b4c013946ad7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6873e310-18bc-4048-a538-a334095e2630.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3482
x-amzn-requestid: 01bd8674-7772-4df9-a9ab-f4769a77a856
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNQQKEMOoAMFZ-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9400-4fa03c782e961da07a7ea339;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:39:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lYZHdOdBQ9Kqvd1HG6uZY20FkoQqm0NeQvgTWCi6LHhIy3qqisF4BQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Dec 2022 21:56:47 GMT
age: 13305
etag: "af81d8f513ce5e57331b23e7293c24b788d14814"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7554f75e4959d216038e95962579e741
10f237248a234544391eb351e97515d385a372b3
cb2bc78887ed330dee49076c04ba87723fdc2a869a124dba2a475cac174480da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:38:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7554f75e4959d216038e95962579e741
10f237248a234544391eb351e97515d385a372b3
cb2bc78887ed330dee49076c04ba87723fdc2a869a124dba2a475cac174480da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:38:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cellfonecellular.com/wp-includes/css/classic-themes.min.css?ver=1
69.64.71.154200 OK 217 B URL HTTP/1.1 cellfonecellular.com/wp-includes/css/classic-themes.min.css?ver=1
IP 69.64.71.154:0
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:33 GMT
Server: Apache
Last-Modified: Tue, 25 Oct 2022 13:45:16 GMT
Accept-Ranges: bytes
Content-Length: 217
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/reeh/?qbot.zip
69.64.71.154404 Not Found 60 kB URL HTTP/1.1 cellfonecellular.com/reeh/?qbot.zip
IP 69.64.71.154:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (9493)
Hash cd554d90f8a7fbc00f91f44e8bca3c5c
7d9ea13e63437c866ebb0d3c43eb4e06ce9c94be
987bac9e08325a0045257e7403bd32089288ab975e8bf9d30ed319d31161c3ce
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /reeh/?qbot.zip HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Date: Fri, 16 Dec 2022 01:38:32 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://cellfonecellular.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
cellfonecellular.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
69.64.71.154200 OK 19 kB URL HTTP/1.1 cellfonecellular.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 69.64.71.154:0
File type ASCII text, with very long lines (15660)
Hash 32beb68a374e3aeac00abdf9e12b84ea
b5d18aa625e8696dd9d07cd0869337717b211ae0
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Tue, 12 Apr 2022 05:56:23 GMT
Accept-Ranges: bytes
Content-Length: 18617
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/uploads/elementor/css/post-6.css?ver=1669232261
69.64.71.154200 OK 28 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/elementor/css/post-6.css?ver=1669232261
IP 69.64.71.154:0
File type ASCII text, with very long lines (14439)
Hash 0ff3887d99d09e0da2ef14e0b479adb9
014041fa68593de7e022e77d3a62c9a213365b12
0d23f5ab40c7cdee6055840a836b831ba1e09edf66d69d4bf5f919c0c6375ead
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-6.css?ver=1669232261 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 19:37:41 GMT
Accept-Ranges: bytes
Content-Length: 27804
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/uploads/elementor/css/global.css?ver=1669232274
69.64.71.154200 OK 4.7 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/elementor/css/global.css?ver=1669232274
IP 69.64.71.154:0
File type ASCII text, with very long lines (4749), with no line terminators
Hash 53af61c0b03700292f1177db356d20a4
7ad77fca042b1c2fd6f3d2acd1cfa27a53bd69d4
f7c77868555d54639923b2592eb2b6e7ab710fcc80161df4769f2b18dd5783d2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/global.css?ver=1669232274 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 19:37:54 GMT
Accept-Ranges: bytes
Content-Length: 4749
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
69.64.71.154200 OK 19 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
IP 69.64.71.154:0
File type ASCII text, with very long lines (19233)
Hash d183c598fd582fe997f6782afed84f9b
7799820e0e849e8484543c3360a8d8cc62baa32f
83059e4c1a5c210e5585d96779fe655170817193d43e247c78dffaae7b7ba3a9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 19279
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
69.64.71.154200 OK 95 kB URL HTTP/1.1 cellfonecellular.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 69.64.71.154:0
File type ASCII text, with very long lines (47826)
Hash 71d925864153f0edf91037f3d31048e8
cc16a0524ac63b5ce29f703a66412224f0dd771a
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:33 GMT
Server: Apache
Last-Modified: Fri, 11 Nov 2022 14:56:45 GMT
Accept-Ranges: bytes
Content-Length: 94889
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/uploads/elementor/css/post-3982.css?ver=1669644288
69.64.71.154200 OK 15 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/elementor/css/post-3982.css?ver=1669644288
IP 69.64.71.154:0
File type ASCII text, with very long lines (14752), with no line terminators
Hash 940506b52f26f5801e9b4bb414cc7f9d
5933d0a7cb4022bdcbd74f60286d90e0ad18d0ef
7e316b2d3ad40546bb5029e4c817f20228914f97bfaa2738744161d80f9bb956
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-3982.css?ver=1669644288 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Mon, 28 Nov 2022 14:04:48 GMT
Accept-Ranges: bytes
Content-Length: 14752
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/uploads/elementor/css/post-6132.css?ver=1669311563
69.64.71.154200 OK 3.8 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/elementor/css/post-6132.css?ver=1669311563
IP 69.64.71.154:0
File type ASCII text, with very long lines (3810), with no line terminators
Hash bde3101fdc0ac82734c3ff2fe55f549a
8a71420bee5bdf1588d1e09f5a73d1e0ddb133e4
39d1bce10a307ed35d1a1b4a2bdaa340c0dc662b44b092fbe6ec91fb0c68fe4f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-6132.css?ver=1669311563 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Thu, 24 Nov 2022 17:39:23 GMT
Accept-Ranges: bytes
Content-Length: 3810
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/themes/dt-the7/lib/custom-scrollbar/custom-scrollbar.min.css?ver=11.1.2
69.64.71.154200 OK 11 kB URL HTTP/1.1 cellfonecellular.com/wp-content/themes/dt-the7/lib/custom-scrollbar/custom-scrollbar.min.css?ver=11.1.2
IP 69.64.71.154:0
File type ASCII text, with very long lines (10755), with no line terminators
Hash 26421f9c878acb1fd676d5053a2928ae
28bc1fa7e3e1a0901c56e854004d8047629e4b03
e3615fe430b11a0bbd580c5076d0e5edf562597d8a3e851b1aa61280f8ea3897
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/dt-the7/lib/custom-scrollbar/custom-scrollbar.min.css?ver=11.1.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 17:04:31 GMT
Accept-Ranges: bytes
Content-Length: 10755
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/uploads/elementor/css/custom-frontend.min.css?ver=1669232274
69.64.71.154200 OK 162 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/elementor/css/custom-frontend.min.css?ver=1669232274
IP 69.64.71.154:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 162 kB (161468 bytes)
Hash 025fbf60d16c8cb53214a556d78f5882
0924385fb24c2ade2a9fb83cf262f32cec5fd9bc
07aa88b248702e074910d2e58c79bf8813402d032b8a4a0805c07e8625b867c9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/custom-frontend.min.css?ver=1669232274 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 19:37:54 GMT
Accept-Ranges: bytes
Content-Length: 161468
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/plugins/dt-the7-core/assets/css/post-type.min.css?ver=2.7.1
69.64.71.154200 OK 43 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/dt-the7-core/assets/css/post-type.min.css?ver=2.7.1
IP 69.64.71.154:0
File type ASCII text, with very long lines (42763)
Hash b56acc93d0aa6ec25dd35d634e78a71d
5052c13c5396c069534411f82750c2b29b144b15
9349f4165642ed216bcb4982eccb977b86f95b2813ffe172afdf6aab317925a2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/dt-the7-core/assets/css/post-type.min.css?ver=2.7.1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 42851
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/uploads/the7-css/css-vars.css?ver=d71c4ab93db1
69.64.71.154200 OK 32 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/the7-css/css-vars.css?ver=d71c4ab93db1
IP 69.64.71.154:0
Hash 54e4f837d2d5a79ff2f296b9cf9389bd
166c04ffefd5c20df0c50c9d447921ee9e828a58
b87ea124f2b619784e73603e57ae621b054ac404352c206166b540bca379fdee
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/the7-css/css-vars.css?ver=d71c4ab93db1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 16:47:29 GMT
Accept-Ranges: bytes
Content-Length: 32008
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/uploads/the7-css/media.css?ver=d71c4ab93db1
69.64.71.154200 OK 77 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/the7-css/media.css?ver=d71c4ab93db1
IP 69.64.71.154:0
Hash 6d97ee06da2cf0df913f3a5509282e2f
25cb9557fbbfe9b78f5e0fd01615167d997e02c2
05d0a3344b9fa3a3145556b3d4538e5b729fe9c512ff9201eb9cf232614354ad
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/the7-css/media.css?ver=d71c4ab93db1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 16:47:30 GMT
Accept-Ranges: bytes
Content-Length: 77226
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/themes/dt-the7/css/main.min.css?ver=11.1.2
69.64.71.154200 OK 247 kB URL HTTP/1.1 cellfonecellular.com/wp-content/themes/dt-the7/css/main.min.css?ver=11.1.2
IP 69.64.71.154:0
File type Unicode text, UTF-8 text, with very long lines (37346)
Size 247 kB (247222 bytes)
Hash 5a86cb43f06955604adfd8fd72570b42
3e3727ffa45f4b8a5cbdeadec17916759068113d
6fb1a69e38a12f128229ce3e2cb88f0b075b10c2afb2b82b9c36e3def5339789
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/dt-the7/css/main.min.css?ver=11.1.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 17:04:30 GMT
Accept-Ranges: bytes
Content-Length: 247222
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/uploads/the7-css/the7-elements-albums-portfolio.css?ver=d71c4ab93db1
69.64.71.154200 OK 23 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/the7-css/the7-elements-albums-portfolio.css?ver=d71c4ab93db1
IP 69.64.71.154:0
Hash 85bbfa6ab7cb8efff8b466913ac9df13
9be20d6309d59f108abee76ae7148c99bf8b0739
5cf9186c30d241993ff0233aed0f0bdb71d0dc6592dd461715281775d949a26a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/the7-css/the7-elements-albums-portfolio.css?ver=d71c4ab93db1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 16:47:30 GMT
Accept-Ranges: bytes
Content-Length: 23284
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/uploads/the7-css/custom.css?ver=d71c4ab93db1
69.64.71.154200 OK 269 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/the7-css/custom.css?ver=d71c4ab93db1
IP 69.64.71.154:0
Size 269 kB (268855 bytes)
Hash 7fb3d2ce89727c525f0771deca6a7e9b
98293303a365b0d276d8c6f563f5852d45cfed4b
a7efe099aa2eaac3fe7a85d7873b438652c5c66de6116765324190ca4befaee1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/the7-css/custom.css?ver=d71c4ab93db1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 16:47:30 GMT
Accept-Ranges: bytes
Content-Length: 268855
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/uploads/the7-css/post-type-dynamic.css?ver=d71c4ab93db1
69.64.71.154200 OK 10 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/the7-css/post-type-dynamic.css?ver=d71c4ab93db1
IP 69.64.71.154:0
Hash f49679e69babe2863f3eed6e9fa4e7c4
0b6f952af45f20f8353fade8bedd58da340bc848
7cff8bb381c394cef0f42d608816d7d2c90adc86bcc0c991b2e13c676c514e99
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/the7-css/post-type-dynamic.css?ver=d71c4ab93db1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 16:47:30 GMT
Accept-Ranges: bytes
Content-Length: 10169
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/themes/dt-the7/style.css?ver=11.1.2
69.64.71.154200 OK 1.4 kB URL HTTP/1.1 cellfonecellular.com/wp-content/themes/dt-the7/style.css?ver=11.1.2
IP 69.64.71.154:0
File type ASCII text, with very long lines (523)
Hash 44c0a2c17666d2750f4cd38adec4daa7
7d63b323eaab50d8c58161eb74c90779c89f1196
71be3e1ad75a310324a250619e43fbbc884fb9d7e172c24cd660afeb47cab1e5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/dt-the7/style.css?ver=11.1.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 17:04:31 GMT
Accept-Ranges: bytes
Content-Length: 1424
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/themes/dt-the7/css/compatibility/elementor/elementor-global.min.css?ver=11.1.2
69.64.71.154200 OK 36 kB URL HTTP/1.1 cellfonecellular.com/wp-content/themes/dt-the7/css/compatibility/elementor/elementor-global.min.css?ver=11.1.2
IP 69.64.71.154:0
File type ASCII text, with very long lines (36157), with no line terminators
Hash 563bb897df9945581b34d3a8fd9872ea
599bc3eca5cef6efd822657fe9aa4e8374dd50da
858ac0564fa50e8ac42ae4a810a73809beef688dc296fb8fd711be24e52951f3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/dt-the7/css/compatibility/elementor/elementor-global.min.css?ver=11.1.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 17:04:30 GMT
Accept-Ranges: bytes
Content-Length: 36157
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/uploads/elementor/custom-icons/the7-feather/style.css?ver=1.0.0
69.64.71.154200 OK 14 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/elementor/custom-icons/the7-feather/style.css?ver=1.0.0
IP 69.64.71.154:0
File type ASCII text, with very long lines (13549), with no line terminators
Hash 146b2b3d553296b9931d54134ebcf595
1bfab053c16efc05a10d8b6fc93a26dbdd30b326
38cc2d3b499611ef3b4241f05f2488760e1beb6876c8f0171b81c4a155252f3f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/custom-icons/the7-feather/style.css?ver=1.0.0 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:09 GMT
Accept-Ranges: bytes
Content-Length: 13549
Content-Disposition: attachment
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
69.64.71.154200 OK 58 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
IP 69.64.71.154:0
File type ASCII text, with very long lines (57726)
Hash eeb705d0bdccfd645d3bbd46dd1fbab3
066def290f42ed8c00860e573cc880bd46e9ced4
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 57912
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
69.64.71.154200 OK 669 B URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
IP 69.64.71.154:0
File type ASCII text, with very long lines (483)
Hash 9eb2d3c87feb6bb2ffa63b70532b1477
38f226335a05ab0e30497bc7419eb5e243a9e26c
37bab6cd583982e8eff58501a99d7c5c4d63664c1ca34f9e3b7cf526c5b73ae2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 669
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
69.64.71.154200 OK 90 kB URL HTTP/1.1 cellfonecellular.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 69.64.71.154:0
File type ASCII text, with very long lines (65447)
Hash 17738318d61d394f1de8890d589afaec
f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Mon, 19 Sep 2022 14:16:24 GMT
Accept-Ranges: bytes
Content-Length: 89684
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
69.64.71.154200 OK 11 kB URL HTTP/1.1 cellfonecellular.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 69.64.71.154:0
File type ASCII text, with very long lines (11126)
Hash 79b4956b7ec478ec10244b5e2d33ac7d
a46025b9d05e3df30d610a8aef14f392c7058dc9
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 09:06:06 GMT
Accept-Ranges: bytes
Content-Length: 11224
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/themes/dt-the7/js/above-the-fold.min.js?ver=11.1.2
69.64.71.154200 OK 13 kB URL HTTP/1.1 cellfonecellular.com/wp-content/themes/dt-the7/js/above-the-fold.min.js?ver=11.1.2
IP 69.64.71.154:0
File type Unicode text, UTF-8 text, with very long lines (2772)
Hash c651c9d189aec3025648ab5a4a143702
29cb8cfbc901402ac6b0d2f45d3683bc358e08f3
fb7fbfb50310397a5df8716772c7938bc765eaf1bd8108c5225f78b14581eb22
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/dt-the7/js/above-the-fold.min.js?ver=11.1.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 17:04:31 GMT
Accept-Ranges: bytes
Content-Length: 12713
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/themes/dt-the7/css/compatibility/elementor/the7-vertical-menu-widget.min.css?ver=11.1.2
69.64.71.154200 OK 8.9 kB URL HTTP/1.1 cellfonecellular.com/wp-content/themes/dt-the7/css/compatibility/elementor/the7-vertical-menu-widget.min.css?ver=11.1.2
IP 69.64.71.154:0
File type ASCII text, with very long lines (8901), with no line terminators
Hash 1747c634087669180cf6a79e0b501dd7
fed14828527fa13b6f6808e19f9f0b449bd209aa
a8b8ebb3a0bad27fc7a19d2c5ca0cb5c7f60b7e47ecefbb1cad695827ac8ba6e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/dt-the7/css/compatibility/elementor/the7-vertical-menu-widget.min.css?ver=11.1.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 17:04:30 GMT
Accept-Ranges: bytes
Content-Length: 8901
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.5
69.64.71.154200 OK 58 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.5
IP 69.64.71.154:0
File type Unicode text, UTF-8 text, with very long lines (12602)
Hash 094ecbb344f63a3ae1bf64fe29d87c7d
4811fbb7511a15d5802978079d8ff4f911484a5e
95f59f9a4a19697496edc01bb55011ea4056f90625cc816a7f18256f056a6258
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.5 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 58260
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.8.1
69.64.71.154200 OK 18 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.8.1
IP 69.64.71.154:0
File type ASCII text, with very long lines (10019)
Hash 4601ba55044413706c2022cb6c1c3d05
5103ec2fbb389568ebf5cfe4fd721f3df2ff7aec
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.8.1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 18468
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
cellfonecellular.com/wp-content/themes/dt-the7/lib/jquery-mousewheel/jquery-mousewheel.min.js?ver=11.1.2
69.64.71.154200 OK 2.7 kB URL HTTP/1.1 cellfonecellular.com/wp-content/themes/dt-the7/lib/jquery-mousewheel/jquery-mousewheel.min.js?ver=11.1.2
IP 69.64.71.154:0
File type ASCII text, with very long lines (2615)
Hash ca4fc18d3aa41a0e4ca31c875b1f93c6
57f848a86bdfddffe192f1049f1a3400d55c0e28
9c7f5f11ea09af1edcc1a9033075fc3de8d28a1675503169f857b2211c8d8545
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/dt-the7/lib/jquery-mousewheel/jquery-mousewheel.min.js?ver=11.1.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 17:04:31 GMT
Accept-Ranges: bytes
Content-Length: 2705
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/themes/dt-the7/js/main.min.js?ver=11.1.2
69.64.71.154200 OK 338 kB URL HTTP/1.1 cellfonecellular.com/wp-content/themes/dt-the7/js/main.min.js?ver=11.1.2
IP 69.64.71.154:0
File type ASCII text, with very long lines (47989)
Size 338 kB (338217 bytes)
Hash 9e23e5e74c3d27f3d6fb27d66feb927f
877b723f3ec175f3018bd543a48c3e587cc82207
a72b9bfecce798c49d2bb8679d16b8db2a3d84c47e4c2bbacfcf73dc23413fdf
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/dt-the7/js/main.min.js?ver=11.1.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 17:04:31 GMT
Accept-Ranges: bytes
Content-Length: 338217
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/themes/dt-the7/lib/custom-scrollbar/custom-scrollbar.min.js?ver=11.1.2
69.64.71.154200 OK 40 kB URL HTTP/1.1 cellfonecellular.com/wp-content/themes/dt-the7/lib/custom-scrollbar/custom-scrollbar.min.js?ver=11.1.2
IP 69.64.71.154:0
File type ASCII text, with very long lines (40085), with no line terminators
Hash 0201925438ef5e8d808c5a4aae483af2
7fac1f6d9d64a46203fd652cfa429be67b518198
5e8a1efa7ed75ccecd7b1daa15fbdb97fe1a730dddcd36e65a714d4811b31238
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/dt-the7/lib/custom-scrollbar/custom-scrollbar.min.js?ver=11.1.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 17:04:31 GMT
Accept-Ranges: bytes
Content-Length: 40085
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.5
69.64.71.154200 OK 165 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.5
IP 69.64.71.154:0
File type ASCII text, with very long lines (45047)
Size 165 kB (165339 bytes)
Hash 0a7176e860c4303f557950b75fb8a898
c292eb1b902ed06fccd65a684d6b311e1290caa9
c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.5 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 165339
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.5
69.64.71.154200 OK 407 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.5
IP 69.64.71.154:0
File type ASCII text, with very long lines (64288)
Size 407 kB (407331 bytes)
Hash b0ac07a6918661e5116d67cb7d7a1c2b
94e6f307e5605d36dda6db9abfbb7b740cfadaa6
7b7d5a7040c734484063484276d1643c07c1d8a88c2e4c54818bb6d5fedfd18d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.5 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 407331
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.1
69.64.71.154200 OK 5.0 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.1
IP 69.64.71.154:0
File type ASCII text, with very long lines (4918)
Hash 562ad59077018eb139d1f46afd69a050
d33c188f7d0f306b8a0ede1e3b67a0edb7be8966
f6eb858ead7f15dcd18541c5433714e0c0966d81b8d009a2d49e5a181e548fbb
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 4957
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/plugins/pro-elements/assets/js/webpack-pro.runtime.min.js?ver=3.8.0
69.64.71.154200 OK 5.2 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/pro-elements/assets/js/webpack-pro.runtime.min.js?ver=3.8.0
IP 69.64.71.154:0
File type ASCII text, with very long lines (5191)
Hash 8c57bbe43bae29ddf6c36964720bc2f0
0381471e2558b50fddfe622a5f2ea8d8d19c5570
02c666016310320843f18a22ed9638af0d5d05f11344110ceeb8a56c544a8655
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/pro-elements/assets/js/webpack-pro.runtime.min.js?ver=3.8.0 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 5233
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/themes/dt-the7/js/compatibility/elementor/the7-vertical-menu.min.js?ver=11.1.2
69.64.71.154200 OK 3.2 kB URL HTTP/1.1 cellfonecellular.com/wp-content/themes/dt-the7/js/compatibility/elementor/the7-vertical-menu.min.js?ver=11.1.2
IP 69.64.71.154:0
File type ASCII text, with very long lines (3159), with no line terminators
Hash 0db0720b9e690747325cfdb15973b34d
945681f0ab8068c12ae7a959d28ab62c6d99c865
79d4f5719a7469bd3216f56f31f5b9332a941f05049c61de5101c82ca4a846bd
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/dt-the7/js/compatibility/elementor/the7-vertical-menu.min.js?ver=11.1.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 17:04:31 GMT
Accept-Ranges: bytes
Content-Length: 3159
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/plugins/dt-the7-core/assets/js/post-type.min.js?ver=2.7.1
69.64.71.154200 OK 27 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/dt-the7-core/assets/js/post-type.min.js?ver=2.7.1
IP 69.64.71.154:0
File type ASCII text, with very long lines (26727), with no line terminators
Hash 35e029aa8b7a8ce2fe14ea989b928b09
428ee3cd68821fbf8761d2eed9fcd5ac82fbbc9e
34fbe01a406b8f5ac1f9a8ea25aedb6820e1eefd502c1cc56433e3963efbbaad
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/dt-the7-core/assets/js/post-type.min.js?ver=2.7.1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:35 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 26727
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.8.1
69.64.71.154200 OK 33 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.8.1
IP 69.64.71.154:0
File type Unicode text, UTF-8 text, with very long lines (32907)
Hash 48b7a16ab38005edf9c9964313ce1cd7
8b8569d937aac61fd792b6c68fca974e3cdd94ab
5d80f13fd7524318f81eb1301170d4d0fbee242c12403c01f3a06c9f681192c7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.8.1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:36 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 32947
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
69.64.71.154200 OK 4.9 kB URL HTTP/1.1 cellfonecellular.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
IP 69.64.71.154:0
File type ASCII text, with very long lines (4875)
Hash b33ab4d5dcf02436276a717e9d1b7c18
f47b9a9c41b3b11c9dffabca22945727c3ec6566
9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:36 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 12:04:30 GMT
Accept-Ranges: bytes
Content-Length: 4910
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
69.64.71.154200 OK 10 kB URL HTTP/1.1 cellfonecellular.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
IP 69.64.71.154:0
Hash 8cd696505481e74ffee89b4995f37379
ee9aad199ef2bc60a3460f4c52f37d22907b2ec9
01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:36 GMT
Server: Apache
Last-Modified: Fri, 23 Sep 2022 19:55:30 GMT
Accept-Ranges: bytes
Content-Length: 10230
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
69.64.71.154200 OK 18 kB URL HTTP/1.1 cellfonecellular.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP 69.64.71.154:0
File type Unicode text, UTF-8 text, with very long lines (17819), with no line terminators
Hash e495a4709e3eae31c67f8263f25d2d39
d43ba6a092e4823a71f3bff75d5ed279a481636b
1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:36 GMT
Server: Apache
Last-Modified: Tue, 20 Sep 2022 15:43:29 GMT
Accept-Ranges: bytes
Content-Length: 17823
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
69.64.71.154200 OK 6.5 kB URL HTTP/1.1 cellfonecellular.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP 69.64.71.154:0
File type ASCII text, with very long lines (6475), with no line terminators
Hash 61449413a42d2daaa79dbe7298b40e21
d86c474164c603084397bdc50fb0e469d28b5772
f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:36 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 12:04:30 GMT
Accept-Ranges: bytes
Content-Length: 6475
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/plugins/pro-elements/assets/js/frontend.min.js?ver=3.8.0
69.64.71.154200 OK 22 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/pro-elements/assets/js/frontend.min.js?ver=3.8.0
IP 69.64.71.154:0
File type ASCII text, with very long lines (21624)
Hash 453af4946d83f4e8d02d574a5e0037df
a52233f3e3a957e3851c80bf7a28e712c2928973
586b3577333da1fb1a4c4a32022c3fd3e5c28758770dbae1c2a1ecc2bf4dc2f1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/pro-elements/assets/js/frontend.min.js?ver=3.8.0 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:36 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 21666
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
69.64.71.154200 OK 12 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
IP 69.64.71.154:0
File type ASCII text, with very long lines (12198), with no line terminators
Hash 3819c3569da71daec283a75483735f7e
ecd40a5cc6f0b76200c454ca880210dc301cfab8
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:36 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 12198
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
fonts.googleapis.com/css?family=Manrope%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CComfortaa%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap&ver=6.1.1
142.250.74.106200 OK 26 kB URL HTTP/2 fonts.googleapis.com/css?family=Manrope%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CComfortaa%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap&ver=6.1.1
IP 142.250.74.106:0
Hash e8e141dc2017605bde4d80c4b48f8e55
2856a8563e90b2b372489a5431c54e395d37432c
1477ddba82cd289b15ea2752d893b219deb744d18139d869f14ba1220fa814d2
GET /css?family=Manrope%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CComfortaa%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap&ver=6.1.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 16 Dec 2022 01:38:33 GMT
date: Fri, 16 Dec 2022 01:38:33 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cellfonecellular.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
69.64.71.154200 OK 21 kB URL HTTP/1.1 cellfonecellular.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
IP 69.64.71.154:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 034bd11ecaf6fb9240d905245e42e202
ff136c394ed95badfc0107fb98a890dcff642828
ca7154cdda62b535ceaba9ad2a2b2217ff49de94c069a2c4e89733f3f06b3651
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:36 GMT
Server: Apache
Last-Modified: Fri, 23 Sep 2022 19:55:30 GMT
Accept-Ranges: bytes
Content-Length: 21440
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.1
69.64.71.154200 OK 40 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.1
IP 69.64.71.154:0
File type ASCII text, with very long lines (40474)
Hash 2331d602370faa61829c8aa628996c7d
e097dda010d924637e9c9f906be7653ae2d29343
5ceb0c2088d29cecbe3ee571dc3cf6fec764bbb7c73f0e22c73007149a2ce68d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:36 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 40513
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-includes/js/wp-util.min.js?ver=6.1.1
69.64.71.154200 OK 1.4 kB URL HTTP/1.1 cellfonecellular.com/wp-includes/js/wp-util.min.js?ver=6.1.1
IP 69.64.71.154:0
File type ASCII text, with very long lines (1391)
Hash 19d386c9004e54941c1cc61d357efa5d
0a77594006c8d86fdcc0adbc2b9aecaef3869586
3bc6467a95cec8fa516c6f5f69e1301e37e16f9bb1046fe7756729249f901b95
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-util.min.js?ver=6.1.1 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:36 GMT
Server: Apache
Last-Modified: Tue, 20 Sep 2022 03:52:10 GMT
Accept-Ranges: bytes
Content-Length: 1426
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-includes/js/underscore.min.js?ver=1.13.4
69.64.71.154200 OK 19 kB URL HTTP/1.1 cellfonecellular.com/wp-includes/js/underscore.min.js?ver=1.13.4
IP 69.64.71.154:0
File type ASCII text, with very long lines (18798)
Hash f88d5720bb454ed5d204cbdb56901f6b
f1952292fde4b15936e9aac16b2b9896684db95b
726b820e44f6ab90ad991d30a4bf26d3a5d71493cbcd1fb1efd0d14e89b9df2a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/underscore.min.js?ver=1.13.4 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:36 GMT
Server: Apache
Last-Modified: Tue, 27 Sep 2022 15:18:25 GMT
Accept-Ranges: bytes
Content-Length: 18833
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/plugins/wpforms/assets/js/integrations/elementor/frontend.min.js?ver=1.7.7.2
69.64.71.154200 OK 754 B URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/wpforms/assets/js/integrations/elementor/frontend.min.js?ver=1.7.7.2
IP 69.64.71.154:0
File type ASCII text, with very long lines (754), with no line terminators
Hash afb55c29bdbcfc262d9fa56743572cad
d4b6cb9df2b1b5477cd968fb05cf5faa1d13d6bf
c30dab20b677f2b13f42a4a04385a3c6d380fa023a4a1c32f45f2996e152bfba
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpforms/assets/js/integrations/elementor/frontend.min.js?ver=1.7.7.2 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:36 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 18:52:50 GMT
Accept-Ranges: bytes
Content-Length: 754
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/uploads/elementor/css/custom-pro-frontend.min.css?ver=1669232274
69.64.71.154200 OK 494 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/elementor/css/custom-pro-frontend.min.css?ver=1669232274
IP 69.64.71.154:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 494 kB (494489 bytes)
Hash 4950bbe9b8ab543070602fb91341b7dc
49b5b81085e848e20c6b86d78520da3239612b33
d7a0db15c4e9c64fad1bd98289c4d3a89878857602297ecb9c9eee29f39eef62
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/custom-pro-frontend.min.css?ver=1669232274 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:34 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 19:37:54 GMT
Accept-Ranges: bytes
Content-Length: 494489
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e709a04ea80113c435ca4f9d37e93e7
053f34d74eded192d698bb20956897ec3e3ad23b
2535554bd9d9004c7888cde496278d847002218fb1d35a3d4bacdd98c8a92ff9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:38:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e709a04ea80113c435ca4f9d37e93e7
053f34d74eded192d698bb20956897ec3e3ad23b
2535554bd9d9004c7888cde496278d847002218fb1d35a3d4bacdd98c8a92ff9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:38:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e709a04ea80113c435ca4f9d37e93e7
053f34d74eded192d698bb20956897ec3e3ad23b
2535554bd9d9004c7888cde496278d847002218fb1d35a3d4bacdd98c8a92ff9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:38:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2e709a04ea80113c435ca4f9d37e93e7
053f34d74eded192d698bb20956897ec3e3ad23b
2535554bd9d9004c7888cde496278d847002218fb1d35a3d4bacdd98c8a92ff9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:38:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/manrope/v13/xn7gYHE41ni1AdIRggexSg.woff2
216.58.207.227200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/manrope/v13/xn7gYHE41ni1AdIRggexSg.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 24328, version 1.0\012- data
Hash e85a0263f681aafb7837205b6b0baaa8
d2c7aa9f963a65ad0ce6f969018ca569c3a81cc3
a3c9bb0126992129d561e6615234943f04520c69bdba33205c935ca70414c2ef
GET /s/manrope/v13/xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cellfonecellular.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24328
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Dec 2022 22:38:19 GMT
expires: Sun, 10 Dec 2023 22:38:19 GMT
cache-control: public, max-age=31536000
age: 442818
last-modified: Mon, 11 Jul 2022 19:14:32 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/comfortaa/v40/1Ptsg8LJRfWJmhDAuUs4TYFq.woff2
216.58.207.227200 OK 29 kB URL HTTP/2 fonts.gstatic.com/s/comfortaa/v40/1Ptsg8LJRfWJmhDAuUs4TYFq.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 28712, version 1.0\012- data
Hash 1520051846f9dcefc38cdb90fc8b3456
057acb7bd46dfcf39244fb3582d560d98425e444
d3295fbcef086eb975b0fdcc4b929f0c59d4daf848dba6982a6aa915eb3011e0
GET /s/comfortaa/v40/1Ptsg8LJRfWJmhDAuUs4TYFq.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cellfonecellular.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28712
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Dec 2022 18:45:07 GMT
expires: Wed, 13 Dec 2023 18:45:07 GMT
cache-control: public, max-age=31536000
age: 197610
last-modified: Fri, 24 Jun 2022 19:20:35 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6eab05ad76b8e184bcfc74c40f7e3278
ea5548fe4b2d46ecc6659c0bb6197119d67442a1
124bf9140ccdb6cfdcde9939aea5c60ee478ad64e5e3fde620257860df22bb8b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Dec 2022 01:38:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cellfonecellular.com/wp-content/uploads/2022/11/logo-wide-1.png
69.64.71.154200 OK 25 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/2022/11/logo-wide-1.png
IP 69.64.71.154:0
File type PNG image data, 831 x 187, 8-bit/color RGBA, non-interlaced\012- data
Hash cc6b174cb37b96eda99b5d4501940480
444a3801474bca158df044e347a0bc353450dcd1
60eb04dfb917aee41c8662f9b1575d26add3aa8caa587e57643ed2255d59464c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/11/logo-wide-1.png HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:37 GMT
Server: Apache
Last-Modified: Wed, 23 Nov 2022 16:52:45 GMT
Accept-Ranges: bytes
Content-Length: 24566
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/png
cellfonecellular.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
69.64.71.154200 OK 11 kB URL HTTP/1.1 cellfonecellular.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
IP 69.64.71.154:0
File type ASCII text, with very long lines (10544)
Hash 4eee50ac6f4f364ba3a284d0753ddae3
a8e7e824e6824ae0b370ff36e2c07ca07276fae0
b936db5880aa9b6b2f26a8d32fc2b689fb75f69d971b94194f16dba801221ffe
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0 HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:38 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:04 GMT
Accept-Ranges: bytes
Content-Length: 10682
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
cellfonecellular.com/wp-content/uploads/elementor/custom-icons/the7-feather/fonts/the7-feather.ttf?n6tk6x
69.64.71.154200 OK 75 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/elementor/custom-icons/the7-feather/fonts/the7-feather.ttf?n6tk6x
IP 69.64.71.154:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, the7-feather\012- data
Hash 000709b520406cfc0ff51a1b24c72dc0
3a2aacf8e6d6c14718238821cfe811e416cc5b31
c2962438c8ec7a7c2ed1da1463b9b6d197b6dc2542bd9167aaf36793c14eeb11
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/custom-icons/the7-feather/fonts/the7-feather.ttf?n6tk6x HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/wp-content/uploads/elementor/custom-icons/the7-feather/style.css?ver=1.0.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:37 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:47:09 GMT
Accept-Ranges: bytes
Content-Length: 75092
Content-Disposition: attachment
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/ttf
cellfonecellular.com/wp-content/uploads/2022/11/webicon-150x150.png
69.64.71.154200 OK 14 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/2022/11/webicon-150x150.png
IP 69.64.71.154:0
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 9ad393abe166be4f97d2d37b965673a5
ff93a3388a881bf67c14d3fbdf7e1cf5e1b16fc6
02ba04c6362fcfd325e961c177883e2d9f4df1fc38d2c51e447071f1e84b2107
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/11/webicon-150x150.png HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:38 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:56:33 GMT
Accept-Ranges: bytes
Content-Length: 13645
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/png
cellfonecellular.com/wp-content/uploads/2022/11/webicon-300x300.png
69.64.71.154200 OK 43 kB URL HTTP/1.1 cellfonecellular.com/wp-content/uploads/2022/11/webicon-300x300.png
IP 69.64.71.154:0
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 33c7d0943039e6c6edb752a007b8e434
f7ca2035e6af55ee189710e69f5b70414e4b355a
867a22eb15a0d42e0e9995eaade548018d5ac711a655937ad24ebc0dfe26ad63
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/11/webicon-300x300.png HTTP/1.1
Host: cellfonecellular.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cellfonecellular.com/reeh/?qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 16 Dec 2022 01:38:38 GMT
Server: Apache
Last-Modified: Sun, 20 Nov 2022 16:56:33 GMT
Accept-Ranges: bytes
Content-Length: 43229
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png