r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 30c30d01178fc74ac5266ee64c3ee85b
c0c2af8a864c00aa85a8775d55f85ab107150a3b
c15644f69fbfeb99074c7e9711dfc9452ee164fa78eb981b6bae4fb7e3585f2a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2237
Expires: Sat, 19 Nov 2022 01:29:59 GMT
Date: Sat, 19 Nov 2022 00:52:42 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67f53a639d57dd6237b5be86fe4f6c1b
287f09532dc331228d09c20b75f4160e91e9800a
41913a8af366685c42af59e9d8e02fccedbe68a3313d2d9fe353deb0c1019075
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5360
Cache-Control: max-age=126465
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 00:52:42 GMT
Etag: "63775eeb-1d7"
Expires: Sun, 20 Nov 2022 12:00:27 GMT
Last-Modified: Fri, 18 Nov 2022 10:31:07 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4e84f361a3c81abc5d665a5f441452a8
7aa4b9cb0a7ba1daa514dbb48fe8e74fdf09b60d
04d64920cc8e6b096841938b0c1140889f5d7a04eabd440934a31f1c7ab90352
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04D64920CC8E6B096841938B0C1140889F5D7A04EABD440934A31F1C7AB90352"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4595
Expires: Sat, 19 Nov 2022 02:09:17 GMT
Date: Sat, 19 Nov 2022 00:52:42 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 19 Nov 2022 00:45:04 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 458
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DrWI9591zi6vYKEESHjn4Qnuwr+KToe9k7dk8fgWgessFCqG3/AaXV6Tp7dsl6AVTw+7aqn3hP8=
x-amz-request-id: FCX744S5BWYWN5ME
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 19 Nov 2022 00:15:48 GMT
age: 2214
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 19 Nov 2022 00:52:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash d0f9a92f0e49f46e778ceb3e2a379ae3
c4d8be7651489aa56b2d8d8cc14d4e301d195f15
4eb1c17bb79f59460093697f5a8f8fd936dbe82b30728cfa9273d3f1dba40727
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 19 Nov 2022 00:52:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 17 Nov 2022 01:18:00 GMT
Expires: Thu, 24 Nov 2022 01:17:59 GMT
Etag: "c4d8be7651489aa56b2d8d8cc14d4e301d195f15"
Cache-Control: max-age=432915,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76c4f6f89bd0b4e8-OSL
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 19 Nov 2022 00:44:49 GMT
cache-control: public,max-age=3600
age: 474
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fe40cc6ea871d80382b6082111393fbe
281f75d0a35dc8ef908bb0500e57abd86bd5388e
6d15422cdf7a6d72d06497188f27af893682314e82ac8a189a0ee2d798cb62d7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3524
Cache-Control: max-age=119577
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 00:52:43 GMT
Etag: "63774b30-1d7"
Expires: Sun, 20 Nov 2022 10:05:40 GMT
Last-Modified: Fri, 18 Nov 2022 09:06:56 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.38.146.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.146.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YPIrgZBxJyecV9k4lJXIZQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1M7PQl9fKzn2sGHaMhPKqoQaWtc=
afribookmarket.com/oesi/index.php?qbot.zip
63.250.38.5301 Moved Permanently 0 B URL HTTP/2 afribookmarket.com/oesi/index.php?qbot.zip
IP 63.250.38.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /oesi/index.php?qbot.zip HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
x-powered-by: PHP/7.4.33
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
x-redirect-by: WordPress
location: https://afribookmarket.com/oesi/?qbot.zip
x-litespeed-cache: miss
content-length: 0
date: Sat, 19 Nov 2022 00:52:43 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4456
Expires: Sat, 19 Nov 2022 02:07:00 GMT
Date: Sat, 19 Nov 2022 00:52:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4456
Expires: Sat, 19 Nov 2022 02:07:00 GMT
Date: Sat, 19 Nov 2022 00:52:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 17af07b019100dc8adb529ce85f827bd
602adaa722e9a3ee89600ebe40cea7033c435483
aec801578f867078e0a82d90e78290f0a3ef4f1f4936eb763801b869e0fae747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AEC801578F867078E0A82D90E78290F0A3EF4F1F4936EB763801B869E0FAE747"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4456
Expires: Sat, 19 Nov 2022 02:07:00 GMT
Date: Sat, 19 Nov 2022 00:52:44 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 481c033b9ffd030ff0de6e35cf788b47
85d3baad9217af2b5d75c019d2ef95dbb919a788
02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11249
x-amzn-requestid: 65a3db77-b2e6-40b9-a776-021c2e9b56d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bubSsHbZoAMFZNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375a5aa-1286b97968cc2e4c7fe8ab29;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 03:08:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Dl79nhvE2ms6WR92t9I2_w19T3CRh6V7ZGj3UVureNERNmxywD3k8A==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 03:36:29 GMT
age: 76575
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8e1d1acd-0ae6-485d-9dd4-2c0c8271a9d3.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8e1d1acd-0ae6-485d-9dd4-2c0c8271a9d3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11bb9d337001b4d155c63b05a0dd9945
14de1c48a2fe80b5947945c9ffa9630f03c5447a
8ee6d3a2f6dec36c49361ef855edeb170e92fbeff29d2ed77c7fd0cf44cfecf5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8e1d1acd-0ae6-485d-9dd4-2c0c8271a9d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9146
x-amzn-requestid: e42f040e-a2f9-4538-bbaf-f1e64719f424
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brsmpGr5oAMFsmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748e2a-15b03190049271db549b1770;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:15:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: OjQm2RW65ZJDsUNay0untDwlufnFhXHwbpfAnCwEK3seEDiPIKrnfQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 09:25:03 GMT
age: 55661
etag: "14de1c48a2fe80b5947945c9ffa9630f03c5447a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ca9564d-7ca4-4217-8162-042e0f55563e.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ca9564d-7ca4-4217-8162-042e0f55563e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 84839dd7a1d5d50d40a848e92d3ae6ca
150c83236b3518afce551ef94e2c3dddc275ce3f
fb9fffd5dafa855d3f16aefcdf31f656ea5219547a91b336ab41a998ead28050
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ca9564d-7ca4-4217-8162-042e0f55563e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6103
x-amzn-requestid: 4f0d1ea8-611c-48cf-be66-dd26b6d56a93
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bubTBFxDoAMFfYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375a5ac-4222e7656cb7a56b557d5b13;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 03:08:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YM0BFDOdbIGTHNyKQWEyo2iBlYCd7FqHVuMp9zeFC-4tiGYKTI4qIg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 03:41:36 GMT
age: 76268
etag: "150c83236b3518afce551ef94e2c3dddc275ce3f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141ee43e-4742-4784-a9a2-359cfa7ac9a3.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141ee43e-4742-4784-a9a2-359cfa7ac9a3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 859348e84041e7934b7f959f087a3679
583310946175391015cb46fcfa476cca96ebb9a9
7fba6813b2d8f06a6098b2c628580190b094c79e300744506344a3febc5f06de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141ee43e-4742-4784-a9a2-359cfa7ac9a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9681
x-amzn-requestid: c786a64b-40d2-4de1-adee-3a6ee4d791ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brlnQGuWoAMF_Wg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637482fb-02471a5a3d5f299d33f7b026;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 06:28:11 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Vaw_JJDie7z-IE1-40wBV8wW2dlZi8TKXbf3I0ZWw4NrtWZkHT2yCg==
via: 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 16:42:12 GMT
age: 29432
etag: "583310946175391015cb46fcfa476cca96ebb9a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f739db7-4732-4b66-9c50-59fa4416df43.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f739db7-4732-4b66-9c50-59fa4416df43.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd028e5379061f8bf0d569506979a05a
7896c55cb0bf1997f1e9ab31028b04c332bd6f10
f8a32af3451f196bd2ded7065923a3ad5392c0dd3a82c53cf03a948d183cbf9f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f739db7-4732-4b66-9c50-59fa4416df43.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8059
x-amzn-requestid: c1d671d3-b2fd-4783-88d4-9214e79110c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bubp2F_poAMFXEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375a63e-4be65dc658902d1246ef61de;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 03:10:54 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: faNrkVWTpgsV8lGKV-6ol3UYu0747uJcA9fzMiXlSonLf39x5ziOWg==
via: 1.1 518e9e955219df783352433cc5e90672.cloudfront.net (CloudFront), 1.1 1570d93226c1bbca2ebaad510cff3e0c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 03:36:26 GMT
age: 76578
etag: "7896c55cb0bf1997f1e9ab31028b04c332bd6f10"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47c537d4-e03f-4ec6-8922-6dce72c72ab9.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47c537d4-e03f-4ec6-8922-6dce72c72ab9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 459df915ce91b32b2dcc4850516d68a0
d7a5473d367e7965a4af55acbf4675ed7088fab2
a03e26ebee79ad9b9dda1bf680e0d2467ae6d5e582589ada9fe6ddfa437c483c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47c537d4-e03f-4ec6-8922-6dce72c72ab9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4851
x-amzn-requestid: 8c868655-d0eb-428d-9fc0-a7449f770bd4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brtDFF9HoAMFV9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748ee0-4f7daf8f7451dc5e0840f620;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:18:56 GMT
x-amz-cf-pop: SFO5-C3, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xirMw5z5GPbmx9Sii_I4iNeh1GS5k9lGmaaJvUGAPWoVyP0Tldhf1w==
via: 1.1 e9ba0a9a729ff2960a04323bf1833df8.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 03:30:57 GMT
age: 76907
etag: "d7a5473d367e7965a4af55acbf4675ed7088fab2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 00:52:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afribookmarket.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1
63.250.38.5200 OK 982 B URL HTTP/2 afribookmarket.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1
IP 63.250.38.5:0
File type ASCII text, with very long lines (4186), with no line terminators
Hash 24f4d7f425e792ab35adaab50816e54a
9e25bf79b674ddb7ba09ad7f118c50ec473c02c8
1c78bfb4d523785a4ebd37bb1f79f214f9bdb16673f7cc50805f7f1a26ad7f83
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 08 Jun 2019 06:15:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 982
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
63.250.38.5200 OK 2.4 kB URL HTTP/2 afribookmarket.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
IP 63.250.38.5:0
File type ASCII text, with very long lines (11256), with no line terminators
Hash ce94f62588d05264ac0148712111cb11
518bcd922f54169aeb199c0ccbc5877165ac218e
84ab658a69c39f424be0b27f61d612447d01606fce33beb962cbea53627d8c81
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Wed, 30 Sep 2020 01:23:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2394
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-includes/css/classic-themes.min.css?ver=1
63.250.38.5200 OK 217 B URL HTTP/2 afribookmarket.com/wp-includes/css/classic-themes.min.css?ver=1
IP 63.250.38.5:0
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 23:15:16 GMT
accept-ranges: bytes
content-length: 217
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5
63.250.38.5200 OK 1.8 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5
IP 63.250.38.5:0
File type ASCII text, with very long lines (10435), with no line terminators
Hash f7237084ac82ea6a4f5bf1448c3a2148
60457635a5e809ee1199c61090d8e33b91e8e1f2
18a1cb7f08c1ace52a79f46d73461ed03bf8cf5c9e8a3687eacc3e04f08e7a09
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Thu, 25 Aug 2022 00:12:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1754
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 00:52:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afribookmarket.com/oesi/?qbot.zip
63.250.38.5404 Not Found 29 kB URL HTTP/2 afribookmarket.com/oesi/?qbot.zip
IP 63.250.38.5:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (10124), with CRLF, LF line terminators
Hash 950b6adeeee211422ae93c735db1e497
f7255992da78fc4e32194a0f6914122278498349
9d3cd132703a51902baef232bdac029af476193b8df81efbde1d16b75e5fe9d4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /oesi/?qbot.zip HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
x-powered-by: PHP/7.4.33
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <https://afribookmarket.com/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache-control: public,max-age=3600
x-litespeed-tag: 1cb_HTTP.404,1cb_404,1cb_URL.9d89442c7600b27c37bd4e25b36d7aaf,1cb_
x-litespeed-cache: miss
content-encoding: br
vary: Accept-Encoding
date: Sat, 19 Nov 2022 00:52:44 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/mas-woocommerce-brands/assets/css/style.css?ver=1.0.6
63.250.38.5200 OK 525 B URL HTTP/2 afribookmarket.com/wp-content/plugins/mas-woocommerce-brands/assets/css/style.css?ver=1.0.6
IP 63.250.38.5:0
File type ASCII text, with very long lines (2792), with no line terminators
Hash 45c7c5ff0f26fc7367aa7f5819d69f33
4540a85d152b0e821f743c6926393844eb2e9a66
45a12f5059b18fc20889ef06005c2f01a55e38b3f68ff06f7d2b1f6c5f2bd596
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/mas-woocommerce-brands/assets/css/style.css?ver=1.0.6 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Mon, 23 Mar 2020 08:49:54 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 525
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/yith-woocommerce-compare/assets/css/colorbox.css?ver=1.4.21
63.250.38.5200 OK 1.1 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/yith-woocommerce-compare/assets/css/colorbox.css?ver=1.4.21
IP 63.250.38.5:0
Hash 263b70217f905feda4c01edde0b2737a
5ee9d3538967433d441e6aa357bf166724200523
1c82d8152cb3112b7df9b40a89ac28db20e51562266c13d392e8530fc06cd5ce
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/yith-woocommerce-compare/assets/css/colorbox.css?ver=1.4.21 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Tue, 28 Apr 2020 20:38:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1060
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.235
63.250.38.5200 OK 3.2 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.235
IP 63.250.38.5:0
File type ASCII text, with very long lines (14979), with no line terminators
Hash 0062beea511654369ca51739fe76be5b
d6f7b3d277f3f4ed4c91d95ff8538482cb9ce75c
690b373a81288b5c6d40ce5b038c0b859244f2ca078ca96e7c571cbb51656d69
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.235 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2022 13:07:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3174
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
63.250.38.5200 OK 12 kB URL HTTP/2 afribookmarket.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 63.250.38.5:0
File type ASCII text, with very long lines (47826)
Hash c4d7cc056b49b00e05cc29cc59aa3d5a
48c426bec60099d2a8628df430ed682c72aab42a
8009c12f2674a8d38401f4b5faad1fef2cfcd18a8c927ed2561ae9d7de9b57b5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Thu, 17 Nov 2022 22:01:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11616
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5
63.250.38.5200 OK 23 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5
IP 63.250.38.5:0
File type Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Hash 0c6730c96c60030ddaf42fcf5daf3b17
feb4c0071f27718582e58d365022a1b559de5765
d996bec53b493bc579754f29f7d6d0b5332f3354c860a3787e2365a79c44f995
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Thu, 03 Nov 2022 20:38:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 22871
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/flaticon/font/flaticon.css?ver=1.0.7
63.250.38.5200 OK 671 B URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/flaticon/font/flaticon.css?ver=1.0.7
IP 63.250.38.5:0
Hash c1b561a813e68026dc24c67395934abc
3ef12e98a3b6389f806eb31e748e8242c30781b3
1ae121c0403d4190ffccba98ac64a76dead2b6e1fb2b3ae09d377c49afd675b9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/flaticon/font/flaticon.css?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 671
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/animate.css/animate.css?ver=1.0.7
63.250.38.5200 OK 4.4 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/animate.css/animate.css?ver=1.0.7
IP 63.250.38.5:0
Hash 9838d06672d8dabb6cfba516c9034aeb
bb9ea78d9f292462c90e7cd579fd5f9085a110a5
44c724fb3304db7244a7397fb73231a3840e48c26cdf103ead3c49b887326167
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/animate.css/animate.css?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4442
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/bootstrap-select/dist/css/bootstrap-select.min.css?ver=1.0.7
63.250.38.5200 OK 1.8 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/bootstrap-select/dist/css/bootstrap-select.min.css?ver=1.0.7
IP 63.250.38.5:0
File type ASCII text, with very long lines (9568)
Hash 5e3cf4d2224eaa28aab5362e9851e406
b5b6612840cbab2231a5b31f470579e269d8872a
1824653c3ff3909e886a149b41c9765eb7528c70fbf88ee65784c091d8d46caa
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/bootstrap-select/dist/css/bootstrap-select.min.css?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1766
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/slick-carousel/slick/slick.css?ver=1.0.7
63.250.38.5200 OK 483 B URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/slick-carousel/slick/slick.css?ver=1.0.7
IP 63.250.38.5:0
Hash 1e4f6b1a5456c5cefdd025118bf4e6b5
5713171df86af73933ccb408bd352ae4267fd196
80a0639fa558bbfef356bcdbf900c4586b7b51834efcec690384317ec52c7676
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/slick-carousel/slick/slick.css?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 483
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/fancybox/jquery.fancybox.css?ver=1.0.7
63.250.38.5200 OK 3.6 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/fancybox/jquery.fancybox.css?ver=1.0.7
IP 63.250.38.5:0
File type Unicode text, UTF-8 text, with very long lines (344)
Hash 11df774af7a20a8dfb2e802668ef0e82
a3fc2ffdcceae60ae9cd826dcada9881251f605d
1ff56a211384bc68f474a7feda16d82ee8dd4adaa8ea196033879cdaec491bd3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/fancybox/jquery.fancybox.css?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3592
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/malihu-custom-scrollbar-plugin/jquery.mCustomScrollbar.css?ver=1.0.7
63.250.38.5200 OK 5.3 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/malihu-custom-scrollbar-plugin/jquery.mCustomScrollbar.css?ver=1.0.7
IP 63.250.38.5:0
Hash 8daf0c095e45fb483ce411415edc5441
93e00ecf1ce4f7985fe9c44a57b11f41e48b4923
5a8c1ab360c73ebc303f2ab45fb9963e4f96907685a979984f61f678f4b41f23
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/malihu-custom-scrollbar-plugin/jquery.mCustomScrollbar.css?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5310
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/css/bookworm-icons.css?ver=1.0.7
63.250.38.5200 OK 1.8 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/css/bookworm-icons.css?ver=1.0.7
IP 63.250.38.5:0
Hash 5a1e92f983ded166523c29a2ed221464
9e687dba833914f15961c6bd856e88c2edc9bce6
22afd456a0cc87330b6802b44bda06ffde22e4700f4ccf70fc0e94e9d083b32a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/css/bookworm-icons.css?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1842
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/css/colors/red.css?ver=1.0.7
63.250.38.5200 OK 822 B URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/css/colors/red.css?ver=1.0.7
IP 63.250.38.5:0
File type assembler source, ASCII text
Hash cdf24a0bbfc5013c290af846e446a203
76a342839ef0be1ed28b67d1f0daba04df226a5e
a4801f35dd5deeead2fef21eb58f438dfbd150f88354dfb63b0bd97536d4de9e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/css/colors/red.css?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 822
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
63.250.38.5200 OK 4.0 kB URL HTTP/2 afribookmarket.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 63.250.38.5:0
File type ASCII text, with very long lines (11126)
Hash 7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 19:36:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3995
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-includes/js/dist/vendor/react.min.js?ver=17.0.1
63.250.38.5200 OK 4.3 kB URL HTTP/2 afribookmarket.com/wp-includes/js/dist/vendor/react.min.js?ver=17.0.1
IP 63.250.38.5:0
File type ASCII text, with very long lines (11082)
Hash 37ba49127420039aa947a0576265d685
d7a41dbe4d9493d8cb03a18035978d9a00d7cbd6
7e6c361ab2be11ceae26483006ca5bd8f5e663ae0c4a94b70c9c1c620a6ac38c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/react.min.js?ver=17.0.1 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Wed, 13 Apr 2022 00:42:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4285
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
63.250.38.5200 OK 6.3 kB URL HTTP/2 afribookmarket.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP 63.250.38.5:0
File type Unicode text, UTF-8 text, with very long lines (17819), with no line terminators
Hash fecbc00e8af71d8cfb678cd811c7cb2e
44e5dd77f62cb5c67271442b75cdff10d45f2f8d
d6f03fb4728d0c23251451df8d66b5107d3c87458dc624aacfbad437e99d01f1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 01:13:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6335
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
63.250.38.5200 OK 2.4 kB URL HTTP/2 afribookmarket.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP 63.250.38.5:0
File type ASCII text, with very long lines (6475), with no line terminators
Hash 4e773d7cec56bacab6d2db420be6f262
c95573d884c1caec0ec9c6f3e2a8c0fbf28d939a
5c8839d0b02f21e8d83d856bbf85a6b87fbedf9ba0b70711b11a1c378d5443e7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Mon, 11 Apr 2022 21:34:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2354
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-includes/js/dist/escape-html.min.js?ver=03e27a7b6ae14f7afaa6
63.250.38.5200 OK 493 B URL HTTP/2 afribookmarket.com/wp-includes/js/dist/escape-html.min.js?ver=03e27a7b6ae14f7afaa6
IP 63.250.38.5:0
File type ASCII text, with very long lines (1104)
Hash 7588dbcae1ffe1ccc32edd47ada41e96
668e7bb441f6964586f8715ccd984676001e24b3
eecc99db9c696e17d6f944cc88c5dfd49520451624ad1da6d64622aae5541e82
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/escape-html.min.js?ver=03e27a7b6ae14f7afaa6 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Mon, 11 Apr 2022 21:34:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 493
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.slick-carousel.js?ver=1.0.7
63.250.38.5200 OK 3.5 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.slick-carousel.js?ver=1.0.7
IP 63.250.38.5:0
File type ASCII text, with very long lines (404)
Hash d4f8fafe6b6ad75570ca1b07e4847021
ea19320c0d76562608b84f1a582f1764606b21d9
5a2a8d460083cc94d903087f5a7503328cf8890dbb908afc1c7a251c3b14688a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.slick-carousel.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3501
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-includes/js/dist/element.min.js?ver=47162ff4492c7ec4956b
63.250.38.5200 OK 4.7 kB URL HTTP/2 afribookmarket.com/wp-includes/js/dist/element.min.js?ver=47162ff4492c7ec4956b
IP 63.250.38.5:0
File type ASCII text, with very long lines (7680)
Hash 61ce7e162bdb5fe5d0d07eeb024a08ef
240fefea97e483ebfaab7784186eb27b594b57b8
78473845cb5a9c8ea7cd8c4c13b3163d114177cdf721d074e985ef42bedf90e5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/element.min.js?ver=47162ff4492c7ec4956b HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 01:13:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4705
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.countdown.js?ver=1.0.7
63.250.38.5200 OK 1.8 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.countdown.js?ver=1.0.7
IP 63.250.38.5:0
Hash 3ae125877f4a520dc925e6d5aa313293
73a3b727eed63c28b7725abcd29eceb05ffa468b
f7fd0c2abbd5535bffae6cef39f3753b6e8059c3a36ad2dc6adf4498b687f820
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.countdown.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1790
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/hs.core.js?ver=1.0.7
63.250.38.5200 OK 1.2 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/hs.core.js?ver=1.0.7
IP 63.250.38.5:0
Hash 86376895695a41a7d5cf180969904550
25aedfe7e143456beec51bb2eb316028a26e45ed
1e75e985f6698eeea7709b7c008f55988ad950fef2b0550a6ea714297c3ff7c2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/hs.core.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1232
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/wpforms-lite/assets/css/wpforms-full.min.css?ver=1.7.8
63.250.38.5200 OK 5.3 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/wpforms-lite/assets/css/wpforms-full.min.css?ver=1.7.8
IP 63.250.38.5:0
File type ASCII text, with very long lines (40956)
Hash dbb717777cdc1af3d2dbebdecc971dab
096cd5c70502e2a0ae60820716894ca55cdc55fe
b79e296795cf1c10e91e134dc5a84a4405239eef5c47173078faff91fdb3eddf
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpforms-lite/assets/css/wpforms-full.min.css?ver=1.7.8 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Thu, 10 Nov 2022 17:24:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5307
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/popper.js/dist/umd/popper.min.js?ver=1.0.7
63.250.38.5200 OK 7.0 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/popper.js/dist/umd/popper.min.js?ver=1.0.7
IP 63.250.38.5:0
File type ASCII text, with very long lines (20363)
Hash 99dce4f24d461ecbd569c921d11461fd
5ddb3aa23a141abf9f5b11730fe805f8c9e5e44e
d7a7c1b1fddc091b269d73a4968d2b24fa4c0881cc0b57853f6cb4b45cd2cc86
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/popper.js/dist/umd/popper.min.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7007
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/jquery.countdown.min.js?ver=1.0.7
63.250.38.5200 OK 2.2 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/jquery.countdown.min.js?ver=1.0.7
IP 63.250.38.5:0
File type ASCII text, with very long lines (4136)
Hash 34ae27a14c6bd0b97adf30d7e95b58f1
4d749b45dd156a57bd1899816d4ae9c1912220c9
84f9cbde735393b7d9d808b41f0bf37d6dc2e91be301da73f91ab49dcf07a608
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/jquery.countdown.min.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2238
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.min.js?ver=3.15.0
63.250.38.5200 OK 6.2 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.min.js?ver=3.15.0
IP 63.250.38.5:0
File type HTML document, ASCII text, with very long lines (24951), with no line terminators
Hash a8cadbc3c514fca4b31fd8d98bd99922
503b0d92ee27b87f4a7f9c5163d25bbadd90bd38
79bf34585f2d00399b1eb5020da9085931f5cb56fdfe643d4db3713959a2e2f0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.min.js?ver=3.15.0 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sun, 19 Jun 2022 18:19:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6249
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.1.0
63.250.38.5200 OK 3.2 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.1.0
IP 63.250.38.5:0
File type ASCII text, with very long lines (9111)
Hash 078e27719ab2b91e57a3d06d05bf24d8
ee2c8af72d9dbb148d4101a374f6026d0c9c3044
1c8b599f3f7bfa8d7950d95a171f2c873d051960a91c91e22304293596e5b890
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.1.0 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Wed, 19 Oct 2022 00:34:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3247
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.min.js?ver=1.2.0
63.250.38.5200 OK 3.5 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.min.js?ver=1.2.0
IP 63.250.38.5:0
File type Unicode text, UTF-8 text, with very long lines (14924), with no line terminators
Hash 8e3bd2af5dfce9709733e4adabb032ad
94aa210458d7103cecb401ef0a71100ea48c2ed7
a24331f6cb5f0d263a8aa7a78e9105ec5956f82162f30d718fd23fb325d7b669
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.min.js?ver=1.2.0 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Thu, 18 Feb 2021 16:35:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3500
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js?ver=3.1.6
63.250.38.5200 OK 5.4 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js?ver=3.1.6
IP 63.250.38.5:0
File type HTML document, ASCII text, with very long lines (21310), with no line terminators
Hash 33081d75af44148dbfd85f7f8f4382ff
a2bac4c76a6a40839a6682df66eb40cd8c4d470d
b8dad2c0f7d74cdfcf2b9f96a17f72886b64edab3e392f7d72df15e1c1ac3119
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js?ver=3.1.6 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Tue, 19 Jul 2022 23:16:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5350
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/font-awesome/css/fontawesome-all.min.css?ver=1.0.7
63.250.38.5200 OK 12 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/font-awesome/css/fontawesome-all.min.css?ver=1.0.7
IP 63.250.38.5:0
File type ASCII text, with very long lines (57147)
Hash 78ba0f087a3b65e4df54645db2ecb9f9
e6793c9bb3f372c21fe3e5b3cc89c0a7828b138d
d0287475b0c28072e8a4f3cd952703a4af634cf84b32a186a6c8f3baed0aaaa4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/font-awesome/css/fontawesome-all.min.css?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11958
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/cubeportfolio/css/cubeportfolio.min.css?ver=1.0.7
63.250.38.5200 OK 12 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/cubeportfolio/css/cubeportfolio.min.css?ver=1.0.7
IP 63.250.38.5:0
File type ASCII text, with very long lines (65254)
Hash 586560bfdcdda5c3f60a63d6035567aa
2adc16ae4dd9ded86e26d243c0b4bf075cd0feb2
336eab3cf226680dc55f2a094b88dd321f860cd95297504272901ee350753770
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/cubeportfolio/css/cubeportfolio.min.css?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12080
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/jetpack/css/jetpack.css?ver=11.5.1
63.250.38.5200 OK 16 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/jetpack/css/jetpack.css?ver=11.5.1
IP 63.250.38.5:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 689ebe98eda70de6e971dd03b18f0328
218ed8ee8e28b44f8492660c2c750f47ae0b3447
945844c773bb0f2ed5f1fb8d2f5ff8a4b9471860df265eda71fa679ff98ea80f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/jetpack/css/jetpack.css?ver=11.5.1 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 17:51:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 15569
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/slick-carousel/slick/slick.min.js?ver=1.0.7
63.250.38.5200 OK 10 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/slick-carousel/slick/slick.min.js?ver=1.0.7
IP 63.250.38.5:0
File type ASCII text, with very long lines (42862)
Hash 09ed72c756aef05979d1c10d176eeb7a
1f3c35043f1aae481a38b40327fefb959ff63885
8638bee02f96fc15e4a3dae0ae220e31f020ee0b10c8eb5f829d9986b3fc53c4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/slick-carousel/slick/slick.min.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10097
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/bootstrap/bootstrap.min.js?ver=1.0.7
63.250.38.5200 OK 15 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/bootstrap/bootstrap.min.js?ver=1.0.7
IP 63.250.38.5:0
File type ASCII text, with very long lines (57791)
Hash 49b924c7e2e5212444b2aa7295d2f50e
69336f38681bf08d49fa417a58b6f5b386258e3e
6e2eae0217bec6b0d044515261ca9272a82456fdc222b573c4f1089f966d265b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/bootstrap/bootstrap.min.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 14733
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/uploads/2022/10/cropped-cropped-flyer_20221019065317_2.jpg
63.250.38.5200 OK 4.7 kB URL HTTP/2 afribookmarket.com/wp-content/uploads/2022/10/cropped-cropped-flyer_20221019065317_2.jpg
IP 63.250.38.5:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 340x87, components 3\012- data
Hash d3cde76f355bc6a44d8c073eff6cc847
4971f000455f338998891253e482c5949f98dd5b
07f042b9e4981c3f89a45644db6763f8ce8edb03cdb8c45113d914dffd2f62d5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/10/cropped-cropped-flyer_20221019065317_2.jpg HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: image/jpeg
last-modified: Fri, 21 Oct 2022 14:08:18 GMT
accept-ranges: bytes
content-length: 4676
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.1.0
63.250.38.5200 OK 899 B URL HTTP/2 afribookmarket.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.1.0
IP 63.250.38.5:0
File type ASCII text, with very long lines (1668)
Hash 22d65ba38528349e705d912ce26bf8ac
c89ba006009043d93b88ff155b4fec8797330550
6253bcb85e4267ad3ba843145534e729ee2c1d7e85e5b4ab5b2e074ae636bca3
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.1.0 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Wed, 20 Jan 2021 04:55:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 899
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.1.0
63.250.38.5200 OK 972 B URL HTTP/2 afribookmarket.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.1.0
IP 63.250.38.5:0
File type HTML document, ASCII text, with very long lines (3029), with no line terminators
Hash 5ed77e0c59800f40061b5c322cff21fa
ced9d401d300dd1fc676a673bbf7e6360beb402d
3b284b8a096256e6cd0d9cbf2cb4b36505e71c0d7b2227fcd3132dddbeea18cc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.1.0 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Wed, 19 Oct 2022 00:34:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 972
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/yith-woocommerce-compare/assets/js/jquery.colorbox-min.js?ver=1.4.21
63.250.38.5200 OK 4.5 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/yith-woocommerce-compare/assets/js/jquery.colorbox-min.js?ver=1.4.21
IP 63.250.38.5:0
File type ASCII text, with very long lines (11827)
Hash ad837a8d18fb12f3db5d03cef2956caa
520179c7b4cd32f94386f4576e439e3689e18747
b6618604f7dadbad0b877cf727356465919707ceec7965c340adeca61d824b36
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/yith-woocommerce-compare/assets/js/jquery.colorbox-min.js?ver=1.4.21 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Tue, 28 Apr 2020 20:38:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4457
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.1.0
63.250.38.5200 OK 677 B URL HTTP/2 afribookmarket.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.1.0
IP 63.250.38.5:0
File type ASCII text, with very long lines (2139), with no line terminators
Hash a43fc0dde8fdd69656ad0957e62849c7
4b07cf702ac8a770c8cbffc22b9a788b6e5389ba
1ce3d0493424870c81deec0ec41de0592d2af9f91cd8081cd40a1d7ea89b614f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.1.0 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Tue, 18 May 2021 21:00:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 677
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/yith-woocommerce-compare/assets/js/woocompare.min.js?ver=2.20.1
63.250.38.5200 OK 1.2 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/yith-woocommerce-compare/assets/js/woocompare.min.js?ver=2.20.1
IP 63.250.38.5:0
File type ASCII text, with very long lines (4602), with no line terminators
Hash 6a5cf02c457796835cd28c6197b3b064
c58cdd6ea85cc624e313c7cfec9ed2d27e609703
d596e6c774b8f750e18905d4279d8dc1adbe532b7b6faf90241e01eede68d44a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/yith-woocommerce-compare/assets/js/woocompare.min.js?ver=2.20.1 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Mon, 11 Apr 2022 11:31:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1201
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.1.0
63.250.38.5200 OK 934 B URL HTTP/2 afribookmarket.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.1.0
IP 63.250.38.5:0
File type ASCII text, with very long lines (2938), with no line terminators
Hash cf25dd071a208312bdc07f34d2cee027
76119563119eaae392ecc8903c989d98d0b93002
8635ba2cad8f887e72779bd526f8738ff6343c74cba715caf2eddea383ba7ce6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.1.0 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Wed, 24 Nov 2021 03:30:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 934
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/multilevel-sliding-mobile-menu/dist/jquery.zeynep.js?ver=1.0.7
63.250.38.5200 OK 1.6 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/multilevel-sliding-mobile-menu/dist/jquery.zeynep.js?ver=1.0.7
IP 63.250.38.5:0
Hash 9d79874687d5bdb15d3a362cefce3bb4
114a657b2d13278d29e23115302347fb71ec375f
4730b08af7b45815adb127d9ce7540d7bbaa8e21151395c2fbd5ac91674207ec
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/multilevel-sliding-mobile-menu/dist/jquery.zeynep.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1568
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/appear.js?ver=1.0.7
63.250.38.5200 OK 2.2 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/appear.js?ver=1.0.7
IP 63.250.38.5:0
Hash 3e9dea41a25cfa5f5030b42db31a015c
6a895deaa8867bef7168e97430048e37e28480e2
dc89d146662e08f1c31d226ee22ae38282dadf21335ec222d38bf1a0947ca4f9
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/appear.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2239
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.unfold.js?ver=1.0.7
63.250.38.5200 OK 3.1 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.unfold.js?ver=1.0.7
IP 63.250.38.5:0
Hash 8b8bf866201c9b307a3ad74ecc1136cb
59e868e273b5a019949defbd6e66ef721bc66eb5
423d2c08073a3e5d1e69f0e4d4882349b19d6f397b5ae5d01d47e6c97dd7f87d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.unfold.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3052
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.header.js?ver=1.0.7
63.250.38.5200 OK 4.3 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.header.js?ver=1.0.7
IP 63.250.38.5:0
Hash d806a242ded7380eec27f946cc504079
874b15dc8943fa7f9dfd60c6fe4bb13b4e49b0a5
4455df51ccb4e1d45e00d83e148cb964c25f448efe921c2908aba81d7a6dba99
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.header.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4275
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.selectpicker.js?ver=1.0.7
63.250.38.5200 OK 582 B URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.selectpicker.js?ver=1.0.7
IP 63.250.38.5:0
Hash ccccf3be917079c3a4a8c943eae61915
ff07c112e893c02e75ada29e647878e7baf85460
7832b2b89d6acc0dfe53d4faf260b623b704dcbd1a2cadbefdb15ebeea291457
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.selectpicker.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 582
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.fancybox.js?ver=1.0.7
63.250.38.5200 OK 1.3 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.fancybox.js?ver=1.0.7
IP 63.250.38.5:0
Hash b64acdaf3cb5bddd2c542254c3d0d90c
2b984827ca2fdbcf25c8d0dc31b17a390f3e5bb0
86ecedeec82e7922558fef45d63232ff319d71a76cbdc16669fb3e34f09ccc2a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.fancybox.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1342
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.quantity-counter.js?ver=1.0.7
63.250.38.5200 OK 594 B URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.quantity-counter.js?ver=1.0.7
IP 63.250.38.5:0
Hash f030112f7d4142963a398668142d4294
c22efdda1bc1767b4bedf8d1cdaa8b5d1ba29db8
18a0cacdf5255e7d2615d14c1d12a8f9540a0915436a0f5076f88c88a4de0c04
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.quantity-counter.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 594
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.malihu-scrollbar.js?ver=1.0.7
63.250.38.5200 OK 672 B URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.malihu-scrollbar.js?ver=1.0.7
IP 63.250.38.5:0
Hash 99be771670ff64f13ce86472b3a32041
9776414fb12db6b37efab374a2847b29dfe81fb3
12dfb3c92b4800d69b9979d071ea34228d406cc0248cea3139c90dd30b78998d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.malihu-scrollbar.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 672
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.scroll-nav.js?ver=1.0.7
63.250.38.5200 OK 2.0 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.scroll-nav.js?ver=1.0.7
IP 63.250.38.5:0
Hash 9b9fdc30cc62f0088b4d72c06b8b32bd
6db1f681933a50f98b8cf695a2ad956716d86a6c
8ac973144e474720294bc814ccb90ac7b66656eda82861dc44fc25db608cc1af
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.scroll-nav.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1951
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.onscroll-animation.js?ver=1.0.7
63.250.38.5200 OK 1.2 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.onscroll-animation.js?ver=1.0.7
IP 63.250.38.5:0
Hash 276aed8f27349c04586fcd0395923a9d
829f21977b994d3effbf1062d39a2f9a9e49628a
14858616944569e4ea2bf4e431ab85744012f01f8e39ce678f3a9e0a0e3abc53
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.onscroll-animation.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1194
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.show-animation.js?ver=1.0.7
63.250.38.5200 OK 775 B URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.show-animation.js?ver=1.0.7
IP 63.250.38.5:0
Hash 844ce9a66aff0c8d47ecd36c4ed349bc
7e53906f56d611dbfdc770bdb980d2dcb1fdc661
63dc738e14aa1318687a20573938d14662db5d69ad7c2f4fa2171aded3025831
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.show-animation.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 775
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.cubeportfolio.js?ver=1.0.7
63.250.38.5200 OK 1.4 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.cubeportfolio.js?ver=1.0.7
IP 63.250.38.5:0
Hash d7e802708a4698809eb25597a2ab1f60
b06dfaf501820653bef2428561e21c79507e28d9
816df5ee0844f507bfd7b8c3318c6cade48931952a83ddbd9876448bc2e4026e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.cubeportfolio.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1369
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/bookworm.js?ver=1.0.7
63.250.38.5200 OK 2.3 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/bookworm.js?ver=1.0.7
IP 63.250.38.5:0
File type assembler source, ASCII text
Hash e1d5225e67e7f889029879865446b9d9
a5fcf0e51dc83b30b1164513a7123a37898b6af0
d8159a861c3b4d288e0f4bdd9b19fd8c36e13f16d0fc80cf4246cfab8ac94993
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/bookworm.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2256
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/wpforms-lite/assets/lib/punycode.min.js?ver=1.0.0
63.250.38.5200 OK 833 B URL HTTP/2 afribookmarket.com/wp-content/plugins/wpforms-lite/assets/lib/punycode.min.js?ver=1.0.0
IP 63.250.38.5:0
File type ASCII text, with very long lines (1713), with no line terminators
Hash 08f4f71fba69b46947b1cb8dd287308c
e78a529644bd145de9d1363d31934a9de12ae062
ce1890fdec2706b513d60978f087f69c191e4e577ecec0ffe9727c06d176aec1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpforms-lite/assets/lib/punycode.min.js?ver=1.0.0 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Thu, 10 Nov 2022 17:24:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 833
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
63.250.38.5200 OK 4.6 kB URL HTTP/2 afribookmarket.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 63.250.38.5:0
File type ASCII text, with very long lines (15660)
Hash 0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Tue, 12 Apr 2022 15:26:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4619
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/wpforms-lite/assets/js/utils.min.js?ver=1.7.8
63.250.38.5200 OK 174 B URL HTTP/2 afribookmarket.com/wp-content/plugins/wpforms-lite/assets/js/utils.min.js?ver=1.7.8
IP 63.250.38.5:0
File type ASCII text, with no line terminators
Hash df8d6b24a870f878b16510e5dca1631d
588d0f674156a3208cee87b897af15f40854e484
499999d720ab71bdffc4e0115b8b05e1d5997f12e482426546a58a00edd77f74
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpforms-lite/assets/js/utils.min.js?ver=1.7.8 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Thu, 10 Nov 2022 17:24:24 GMT
accept-ranges: bytes
content-length: 174
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/wpforms-lite/assets/lib/jquery.validate.min.js?ver=1.19.5
63.250.38.5200 OK 7.7 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/wpforms-lite/assets/lib/jquery.validate.min.js?ver=1.19.5
IP 63.250.38.5:0
File type Unicode text, UTF-8 text, with very long lines (24463)
Hash 6dd52359af796b867c2dee4255caa52e
7f21b4f744f9bf32b1b5d6a44dae4fa4b75cfd21
4b198541955ce022c655ce5599eddd70cb33afccb09467c1b8287b862d2ef0bb
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpforms-lite/assets/lib/jquery.validate.min.js?ver=1.19.5 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Thu, 10 Nov 2022 17:24:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7677
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.go-to.js?ver=1.0.7
63.250.38.5200 OK 1.1 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/js/components/hs.go-to.js?ver=1.0.7
IP 63.250.38.5:0
Hash 1470b02620f48785a5b2d24eb064ac96
9abe0cf31acf1f73799a2f860555d21e30f75cd4
cbd5c63d39e2f9dacab7e8d23bf35c54b014c763448e64c301aea176fab3e656
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/js/components/hs.go-to.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1121
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/wpforms-lite/assets/lib/mailcheck.min.js?ver=1.1.2
63.250.38.5200 OK 1.6 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/wpforms-lite/assets/lib/mailcheck.min.js?ver=1.1.2
IP 63.250.38.5:0
File type C source, ASCII text, with very long lines (4014), with no line terminators
Hash 204e049174229ff4ff265a32906604d3
1fe2ba0e482195116eab6850f8c2f8503fc92b8f
f1efb1329e736df7f94205dcd235a22b3f866b951aa7154b75e4b298b56baf21
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpforms-lite/assets/lib/mailcheck.min.js?ver=1.1.2 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Thu, 10 Nov 2022 17:24:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1615
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
63.250.38.5200 OK 30 kB URL HTTP/2 afribookmarket.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 63.250.38.5:0
File type ASCII text, with very long lines (65447)
Hash 3a1740685bd5c0bbd5f2b812e1eb7fb4
488e07695da787fed18361c50292aef35abb5e81
4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Mon, 19 Sep 2022 23:46:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30324
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=17.0.1
63.250.38.5200 OK 37 kB URL HTTP/2 afribookmarket.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=17.0.1
IP 63.250.38.5:0
File type ASCII text, with very long lines (65290)
Hash fc627ea4d5ac5207df2e986c8277863d
caacc0607a7826051e822f8cc8084dd942454d33
775574d89973db5568ec1ba850614f6c0480b73950f1232196d4ca8a6289b820
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/react-dom.min.js?ver=17.0.1 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Wed, 13 Apr 2022 00:42:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 37061
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/bookwormgb/dist/frontend_blocks.js?ver=1.1.3
63.250.38.5200 OK 51 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/bookwormgb/dist/frontend_blocks.js?ver=1.1.3
IP 63.250.38.5:0
File type Unicode text, UTF-8 text, with very long lines (64369)
Hash bc07b553028a3b58dadb222967c190a5
57990de4cc91b02b603bdb18af4314addd7307b4
470e19aecfa66efc2abd5e3fc229f465eb8ec88d24818a9b3bced9debc7323ef
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/bookwormgb/dist/frontend_blocks.js?ver=1.1.3 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 13:06:55 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 51337
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/malihu-custom-scrollbar-plugin/jquery.mCustomScrollbar.concat.min.js?ver=1.0.7
63.250.38.5200 OK 11 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/malihu-custom-scrollbar-plugin/jquery.mCustomScrollbar.concat.min.js?ver=1.0.7
IP 63.250.38.5:0
File type ASCII text, with very long lines (39884), with no line terminators
Hash 0b6c9703ced84a83f1cfec2d888097cf
06f99779bfcce6f0ac964a62ce936c2c7a05e82d
1731badfb560a424c8c3612273f7ecffb15f953598dc1e731bfb7d53b8d3b193
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/malihu-custom-scrollbar-plugin/jquery.mCustomScrollbar.concat.min.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11343
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/fancybox/jquery.fancybox.min.js?ver=1.0.7
63.250.38.5200 OK 16 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/fancybox/jquery.fancybox.min.js?ver=1.0.7
IP 63.250.38.5:0
File type Unicode text, UTF-8 text, with very long lines (32007)
Hash 6ebdee323c77ec9ca887ad7949edd864
660cea0db24aa48df4fceb6fe65a8ec8e47187df
6456be1a27f13f80d741b30ab75e95f024b398d78d6ce4d3baf8851e516541e5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/fancybox/jquery.fancybox.min.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 16186
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/cubeportfolio/js/jquery.cubeportfolio.min.js?ver=1.0.7
63.250.38.5200 OK 19 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/cubeportfolio/js/jquery.cubeportfolio.min.js?ver=1.0.7
IP 63.250.38.5:0
File type ASCII text, with very long lines (65259)
Hash 7b6f50fb32c571ce2146ef67b64084bb
bfe453004a9ce2d920d8c0f822d6e317e73f5613
344c4930bb27a63065526050a5ab96787ff537c46796e01fb0b5ebd77c00edbe
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/cubeportfolio/js/jquery.cubeportfolio.min.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18688
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/plugins/wpforms-lite/assets/js/wpforms.min.js?ver=1.7.8
63.250.38.5200 OK 9.3 kB URL HTTP/2 afribookmarket.com/wp-content/plugins/wpforms-lite/assets/js/wpforms.min.js?ver=1.7.8
IP 63.250.38.5:0
File type ASCII text, with very long lines (32390), with no line terminators
Hash 9d4d65fb96c906b9a22c005ef652d30a
03218309668302df04d56bd528487f55eeee888a
f5cfd56ba8d09ded1b2ef24f6375b460ef10f2a9a4648b61851b1f3cc767679a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpforms-lite/assets/js/wpforms.min.js?ver=1.7.8 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Thu, 10 Nov 2022 17:24:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 9337
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 71821131fa0825a241bb6f95ad63a26a
4c676dbf861c2fca225bd1b9620237246ddfc724
f2dbe2a5c73657c35a660931a44cda1c1641c5b277ceea3d8fd7b4bfcacaf5ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 00:52:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash c58de690a701dea26333a42815dc3003
91d9e60c285f6578b5d814901a90f52cafbb8790
179d035993138ec5fdb0b2bf1987888f751903e959af09e335ada210be842ca6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 00:52:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash c58de690a701dea26333a42815dc3003
91d9e60c285f6578b5d814901a90f52cafbb8790
179d035993138ec5fdb0b2bf1987888f751903e959af09e335ada210be842ca6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 00:52:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
216.58.207.195200 OK 38 kB URL HTTP/2 fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 37924, version 1.0\012- data
Hash e08be6d5d433944f7ad52902e4d24db5
e2600c1d60d12d397b3ee44411a021231d71e974
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
GET /s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://afribookmarket.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 06:03:56 GMT
expires: Fri, 17 Nov 2023 06:03:56 GMT
cache-control: public, max-age=31536000
age: 154131
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2
216.58.207.195200 OK 57 kB URL HTTP/2 fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 56968, version 1.0\012- data
Hash 6256ef56b938ba30869c7a60d12e9600
2740fa67137026e4fae386baa827129dbd8b8490
45606f837ab8530c01f3602592ed7a118450be4ef3f629ca644d0543099e5c6b
GET /s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://afribookmarket.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 56968
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Nov 2022 15:25:51 GMT
expires: Sat, 18 Nov 2023 15:25:51 GMT
cache-control: public, max-age=31536000
age: 34016
last-modified: Mon, 11 Jul 2022 21:29:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js
104.17.24.14200 OK 1.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (2609)
Hash f56bc0a6837b34f783f73cd70cd9f2c1
a093b6f45674f1cac3ccc35498eb1a5945f7dde9
0c67ee4dc6af2a5a0b020d3e2e5b049720e516bb4faf6b0b60bd96bf3eba1199
GET /ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 19 Nov 2022 00:52:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 1046
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-ad3"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 8748732
expires: Thu, 09 Nov 2023 00:52:47 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lCbok8lMDlzHqBE5msKdakXKkefzpUozUJXQgppmr1OIL7po80HZeU0huuQgRp1sZ%2BYHNgrdqXq8MyrPmwyWT6wLF3lOUp3MVOHms3Fh5Qw%2FPwdxlANFhkRvBt%2BBG1Hxy0YmXjZD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76c4f71269261bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 71821131fa0825a241bb6f95ad63a26a
4c676dbf861c2fca225bd1b9620237246ddfc724
f2dbe2a5c73657c35a660931a44cda1c1641c5b277ceea3d8fd7b4bfcacaf5ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 00:52:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pixel.wp.com/g.gif?v=ext&blog=211827636&post=0&tz=0&srv=afribookmarket.com&j=1%3A11.5.1&host=afribookmarket.com&ref=&fcp=0&rand=0.2274991509538894
192.0.76.3200 OK 50 B URL HTTP/2 pixel.wp.com/g.gif?v=ext&blog=211827636&post=0&tz=0&srv=afribookmarket.com&j=1%3A11.5.1&host=afribookmarket.com&ref=&fcp=0&rand=0.2274991509538894
IP 192.0.76.3:0
File type GIF image data, version 89a, 6 x 5\012- data
Hash e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?v=ext&blog=211827636&post=0&tz=0&srv=afribookmarket.com&j=1%3A11.5.1&host=afribookmarket.com&ref=&fcp=0&rand=0.2274991509538894 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 19 Nov 2022 00:52:47 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/flaticon/font/Flaticon.woff2
63.250.38.5200 OK 7.9 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/flaticon/font/Flaticon.woff2
IP 63.250.38.5:0
File type Web Open Font Format (Version 2), TrueType, length 7872, version 1.0\012- data
Hash 0f6016747c48d55b0eea64ed1de94c76
e1491eb5fab4fe3b2077c4147f2963d119169824
2ff70b6d19b2342b30a498e3259c647ee9ab5b059c2af13babbda10f3d6cbd9f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/flaticon/font/Flaticon.woff2 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://afribookmarket.com/wp-content/themes/bookworm/assets/vendor/flaticon/font/flaticon.css?ver=1.0.7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:47 GMT
content-type: font/woff2
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-length: 7872
date: Sat, 19 Nov 2022 00:52:47 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/font-awesome/webfonts/fa-solid-900.woff2
63.250.38.5200 OK 76 kB URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/font-awesome/webfonts/fa-solid-900.woff2
IP 63.250.38.5:0
File type Web Open Font Format (Version 2), TrueType, length 76120, version 330.-16188\012- data
Hash 55eb2a60e8181f0e68b558c991973bf0
af776f52d579da211590e0691d554b88a69dfe61
2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://afribookmarket.com/wp-content/themes/bookworm/assets/vendor/font-awesome/css/fontawesome-all.min.css?ver=1.0.7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:47 GMT
content-type: font/woff2
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-length: 76120
date: Sat, 19 Nov 2022 00:52:47 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/uploads/2022/10/flyer_20221019070153_2-e1666361051897.jpg
63.250.38.5200 OK 9.5 kB URL HTTP/2 afribookmarket.com/wp-content/uploads/2022/10/flyer_20221019070153_2-e1666361051897.jpg
IP 63.250.38.5:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 399x235, components 3\012- data
Hash 29db97bf426491300f521960147721ab
613951c83ebf8fc5612e9e1abf924a0d4522219f
d94f71cf027f39f2db464b344fd875157061d778301b21630b53befd05d9ee06
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/10/flyer_20221019070153_2-e1666361051897.jpg HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Cookie: tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:47 GMT
content-type: image/jpeg
last-modified: Fri, 21 Oct 2022 14:04:11 GMT
accept-ranges: bytes
content-length: 9536
date: Sat, 19 Nov 2022 00:52:47 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
stats.wp.com/e-202246.js
192.0.76.3200 OK 6.1 kB IP 192.0.76.3:0
File type ASCII text, with very long lines (2690)
Hash 8654c1114404a9767d7c5f2f175b290d
a7abe921d167c573f8303118a352c063b9efd377
5095cd32cc71995a266ad749bd723694bf772515d508b45eb2455c6ace9786c7
GET /e-202246.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 19 Nov 2022 00:52:45 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Sun, 05 Nov 2023 21:02:58 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/style.css?ver=1.0.7
63.250.38.5200 OK 0 B URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/style.css?ver=1.0.7
IP 63.250.38.5:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/style.css?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 77623
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
afribookmarket.com/?wc-ajax=get_refreshed_fragments
63.250.38.5200 OK 0 B URL HTTP/2 afribookmarket.com/?wc-ajax=get_refreshed_fragments
IP 63.250.38.5:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: https://afribookmarket.com
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Cookie: tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
access-control-allow-origin: https://afribookmarket.com
access-control-allow-credentials: true
x-content-type-options: nosniff
x-robots-tag: noindex
x-litespeed-tag: 1cb_HTTP.200,1cb_HTTP.200
content-type: application/json; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-litespeed-cache-control: no-cache
date: Sat, 19 Nov 2022 00:52:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
stats.wp.com/s-202246.js
192.0.76.3200 OK 0 B IP 192.0.76.3:0
GET /s-202246.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 19 Nov 2022 00:52:45 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"62f6b688-2494"
content-encoding: br
expires: Mon, 13 Nov 2023 23:50:14 GMT
cache-control: max-age=31536000
x-nc: HIT arn
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap
IP 142.250.74.10:0
GET /css2?family=Inter:wght@400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 19 Nov 2022 00:52:45 GMT
date: Sat, 19 Nov 2022 00:52:45 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afribookmarket.com/wp-content/themes/bookworm/assets/vendor/bootstrap-select/dist/js/bootstrap-select.min.js?ver=1.0.7
63.250.38.5200 OK 0 B URL HTTP/2 afribookmarket.com/wp-content/themes/bookworm/assets/vendor/bootstrap-select/dist/js/bootstrap-select.min.js?ver=1.0.7
IP 63.250.38.5:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bookworm/assets/vendor/bootstrap-select/dist/js/bootstrap-select.min.js?ver=1.0.7 HTTP/1.1
Host: afribookmarket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://afribookmarket.com/oesi/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 00:52:45 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 12:33:33 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12604
date: Sat, 19 Nov 2022 00:52:45 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2