Report - nsweave.org.au/rulesupdate/QBOT

Report Overview

Submitted URL
nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
IP
208.76.80.20
ASN
#16556 TOTALCHOICE
Submitted
2023-01-05 08:30:01
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
78

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
nsweave.org.au	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	838 B	911 B	208.76.80.20
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
pixel.wp.com	2545	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	519 B	239 B	192.0.76.3
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	813 B	92 kB	157.240.200.14
stats.wp.com	2711	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	362 B	12 kB	192.0.76.3
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	517 B	694 B	216.58.207.228
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	7.7 kB	216.58.211.3
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	387 B	46 kB	142.250.74.40
use.fontawesome.com	942	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	825 B	1.7 kB	172.64.133.15
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.4 kB	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.149.51.98
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	107 kB	216.58.207.227
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	609 B	713 B	142.251.1.156
i0.wp.com	3021	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	455 B	1.8 kB	192.0.77.2
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	516 B	694 B	142.250.74.35
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	47 kB	34.120.237.76
www.nsweave.org.au	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	11 kB	529 kB	208.76.80.20
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375 B	21 kB	216.239.36.178

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-05	medium	nsweave.org.au/rulesupdate/QBOT_AZD.ZIP	Malware
2023-01-05	medium	nsweave.org.au/rulesupdate/QBOT_AZD.ZIP	Malware
2023-01-05	medium	www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP	Malware
2023-01-05	medium	www.nsweave.org.au/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=11e48491e5544a25ce95b6a249b44c97	Malware
2023-01-05	medium	www.nsweave.org.au/wp-content/plugins/link-library/colorbox/colorbox.css?ver=11e48491e5544a25ce95b6a249b44c97	Malware
2023-01-05	medium	www.nsweave.org.au/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.11.0	Malware
2023-01-05	medium	www.nsweave.org.au/wp-content/plugins/jetpack/css/jetpack.css?ver=11.6	Malware
2023-01-05	medium	www.nsweave.org.au/wp-includes/js/jquery/jquery.min.js?ver=3.6.1	Malware
2023-01-05	medium	www.nsweave.org.au/wp-content/plugins/jetpack/_inc/build/facebook-embed.min.js?ver=11.6	Malware
2023-01-05	medium	www.nsweave.org.au/wp-content/plugins/link-library/colorbox/jquery.colorbox-min.js?ver=1.3.9	Malware
2023-01-05	medium	www.nsweave.org.au/wp-includes/js/wp-emoji-release.min.js?ver=11e48491e5544a25ce95b6a249b44c97	Malware
2023-01-05	medium	www.nsweave.org.au/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/awb-icons.woff	Malware
2023-01-05	medium	www.nsweave.org.au/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.woff2	Malware
2023-01-05	medium	www.nsweave.org.au/wp-content/plugins/all-in-one-event-calendar/public/themes-ai1ec/plana/css/ai1ec_parsed_css.css?ver=3.0.0	Malware

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed
2023-01-05	medium	nsweave.org.au	Sinkholed

Quad9 DNS

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	connect.facebook.net/en_US/sdk.js?hash=6c91330a79e93cc3dd7aade62bb4027e	313 kB	2023-03-12	2023-03-12
Pretty URL connect.facebook.net/en_US/sdk.js?hash=6c91330a79e93cc3dd7aade62bb4027e IP 157.240.200.14 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:01:34 Last Seen2023-03-12 15:01:34 Times Seen1 Hash 5ea89c35673f38e0c7544f3511ef7ff7 45b62796551d606a19dd77c9ecebe044afca097d e6ee985c24e537c7ac876a8d6fd7008571c94868e0cd5e70d1cff02712ae6b88 Loading...

	www.nsweave.org.au/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	11 kB	2023-03-07	2024-04-24
Pretty URL www.nsweave.org.au/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-24 19:00:09 Times Seen68598 Hash 79b4956b7ec478ec10244b5e2d33ac7d a46025b9d05e3df30d610a8aef14f392c7058dc9 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Loading...

	www.nsweave.org.au/wp-content/plugins/link-library/colorbox/jquery.colorbox-min.js?ver=1.3.9	12 kB	2023-03-07	2024-04-24
Pretty URL www.nsweave.org.au/wp-content/plugins/link-library/colorbox/jquery.colorbox-min.js?ver=1.3.9 IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:22 Last Seen2024-04-24 17:27:36 Times Seen3642 Hash 663dd01c8e3859c4aa97cf088c49a64e 4181716dabb9a951a17bfa6e3a03f48ad17e016f 41bc4d4fe88139d6ee89abfcb2abac71e1430d85dbffc0be7c8f6bd36f4ced7e Loading...

	www.nsweave.org.au/wp-content/plugins/jetpack/_inc/build/facebook-embed.min.js?ver=11.6	639 B	2023-03-07	2024-04-21
Pretty URL www.nsweave.org.au/wp-content/plugins/jetpack/_inc/build/facebook-embed.min.js?ver=11.6 IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:27 Last Seen2024-04-21 15:59:48 Times Seen328 Hash 2f7e7f218879e6daacaa313c5b71e0cf 000c992e89a4848f1f9bee33bb9fc160e6f09e78 a5950c0c5ca80c85d524deccd4d0b2c34d3567ec90e568e670fcd858cf6a2ead Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-24
Pretty URL www.google-analytics.com/analytics.js IP 216.239.36.178 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-24 18:41:20 Times Seen1526 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	connect.facebook.net/en_US/sdk.js#xfbml=1&appId=249643311490&version=v2.3	3.1 kB	2023-03-12	2023-03-12
Pretty URL connect.facebook.net/en_US/sdk.js#xfbml=1&appId=249643311490&version=v2.3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:01:19 Last Seen2023-03-12 15:01:34 Times Seen1 Hash 2f4e63a275be3ed3a74db7205053d7ac 7e822bd9287e5b2fd24aa8c8d281299d14d08635 eb26333b8e1d422d58ccecd136a89aed6b9ff2b86b5b4bd98aca50c492a8a2cc Loading...

	www.nsweave.org.au/wp-includes/js/jquery/jquery.min.js?ver=3.6.1	90 kB	2023-03-08	2024-04-24
Pretty URL www.nsweave.org.au/wp-includes/js/jquery/jquery.min.js?ver=3.6.1 IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:46 Last Seen2024-04-24 17:42:44 Times Seen31797 Hash 17738318d61d394f1de8890d589afaec f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3 cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Loading...

	www.nsweave.org.au/wp-content/uploads/fusion-scripts/8118d9d59938e0ef2674c578c8c54bed.min.js?ver=3.9.1	410 kB	2023-03-12	2023-03-12
Pretty URL www.nsweave.org.au/wp-content/uploads/fusion-scripts/8118d9d59938e0ef2674c578c8c54bed.min.js?ver=3.9.1 IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:59:23 Last Seen2023-03-12 19:17:07 Times Seen1 Hash 4c617f00f528f5b29a098cdd8e4a80cc 9d39f439af382801136c61791797d4205f3af38d ec3f251ce5617e50160c11c3974b6c672f35209efe5050f74d13e45b83103727 Loading...

	www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP	419 B	2023-03-12	2023-05-02
Pretty URL www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:59:23 Last Seen2023-05-02 23:35:06 Times Seen2 Hash dae7df76e21cab4c19cb1cff7cbe8747 ea6dd85f612d514c91f4e6c40434ad6c683d4316 af0acb08e499ef76f3e16aca21cbab966d4e88a213deb61abe634c055cb2c7e8 Loading...

	www.nsweave.org.au/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001	685 B	2023-03-07	2024-04-15
Pretty URL www.nsweave.org.au/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001 IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:05 Last Seen2024-04-15 22:34:30 Times Seen3122 Hash 24626ac4453bf45fe07e6c5d4e859fbd 9adbe5e7a5e1b5fb19aee82a9d765631b62ecb2f 5cfd3418ebf7c95f8f7a9024ebfa383ff5a267a8568c9a2708c26733824bdf07 Loading...

	www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP	86 B	2023-03-07	2024-04-03
Pretty URL www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:21 Last Seen2024-04-03 08:39:58 Times Seen229 Hash af779bce242f779af7c9820e0dfba3b1 0cbecc23cafa905244a8963394367bbc5b91d846 13bdb89e8fb35b7b042bdd29ee638508379c56a680e47979b3ef3f106f824a11 Loading...

	www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP	191 B	2023-03-12	2023-03-12
Pretty URL www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:59:23 Last Seen2023-03-12 19:17:07 Times Seen1 Hash 0525d7f60f7b146faf370b435a162a98 3ea8ffd1786b8781f9341da6fa59aab608472ef3 73fea6d6fa185336b4724008720be06c9d05487fab08fe483512b6dfb357d644 Loading...

	stats.wp.com/e-202301.js	9.0 kB	2023-03-07	2024-01-05
Pretty URL stats.wp.com/e-202301.js IP 192.0.76.3 ASN #2635 AUTOMATTIC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:19 Last Seen2024-01-05 09:08:33 Times Seen3233 Hash 9152c169155daa333287728cb8e4ae93 1e45a9ea1464acf983f022567cb9f669f4c77f65 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302 Loading...

	www.nsweave.org.au/wp-content/plugins/link-library/upvote-downvote/js/general.js?ver=4.0.1	2.2 kB	2023-03-07	2023-12-29
Pretty URL www.nsweave.org.au/wp-content/plugins/link-library/upvote-downvote/js/general.js?ver=4.0.1 IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:38:12 Last Seen2023-12-29 10:14:40 Times Seen47 Hash e0015c37a27e9c45e0e899cac29bcb3e b08e8085b23a96105967c59850e7fb4f79fdf532 261a09cd008c859b7fe397871f8718d588211e4af05e827d1c3ef33fd1c8f485 Loading...

	www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP	1.9 kB	2023-03-09	2024-04-24
Pretty URL www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 11:51:17 Last Seen2024-04-24 00:38:23 Times Seen1028 Hash a6a94103c455260d260effefe81a41df 62fd5e0120b821cea7421087b3e7a9a5c4aafb2b b332c0be5b99fdfb2db165759cc14117b69e1881b75a5f6db8c9e9255f9194d1 Loading...

	www.nsweave.org.au/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.11.0	12 kB	2023-03-07	2024-03-08
Pretty URL www.nsweave.org.au/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.11.0 IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:28 Last Seen2024-03-08 16:02:30 Times Seen1559 Hash 45f98dec2f0965e8e879f2c7a1f4e996 8187dccc170f82df78e9be302e5ab49e024d4d34 23eb134e746f1e5c265c5d33d045af48c444617adaa281fb993d6070bdc04c9f Loading...

	www.nsweave.org.au/wp-includes/js/wp-emoji-release.min.js?ver=11e48491e5544a25ce95b6a249b44c97	19 kB	2023-03-07	2024-04-24
Pretty URL www.nsweave.org.au/wp-includes/js/wp-emoji-release.min.js?ver=11e48491e5544a25ce95b6a249b44c97 IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-24 18:24:18 Times Seen38037 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP	144 B	2023-03-12	2023-03-12
Pretty URL www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:01:34 Last Seen2023-03-12 15:01:34 Times Seen1 Hash a6a9c36eed3152458251b55a9955f4f6 809c821e42d480f6e10a7416e3a873bdc3a7551c f73c0e662924ea0d359eb48f62ccfee6bf8cde107a1704b7aa3072c5e022dc63 Loading...

	www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP	104 B	2023-03-07	2024-04-24
Pretty URL www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:49 Last Seen2024-04-24 16:00:19 Times Seen2544 Hash 1a29eee38377876a5fef7fde6f714211 66e5281767a5e019dac163696dfe7753bba4fa20 319580ef5f2f38f9bce87b07075e029a56de1b38a312721ce079be855246570d Loading...

	www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP	350 B	2023-03-12	2023-05-02
Pretty URL www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:59:23 Last Seen2023-05-02 23:35:06 Times Seen2 Hash 13921ef3ee9b354e0a5aef6ae7870fa7 ff5c26d48d0fdc436ede4ae64e814613e408d86f c612571f2b866be88d63b16113fad76da267babb08425666bb4ca2708d792639 Loading...

	www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP	5.7 kB	2023-03-12	2023-03-12
Pretty URL www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:59:23 Last Seen2023-03-12 19:17:07 Times Seen1 Hash b91b034a292d6a456d2981664db27807 aaa6a39a3096ff207bda5cf13289db930608a937 efb639c80ba870d9a43490391ca770ec0473c58e055571b22b64654f59f5ddc7 Loading...

	www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP	2.2 kB	2023-03-12	2023-03-12
Pretty URL www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP IP 208.76.80.20 ASN #16556 TOTALCHOICE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:59:23 Last Seen2023-03-12 19:17:07 Times Seen1 Hash 7afae3e503da16f7731592ee4329039b 413de4585c86704d8630db394276dfdae40b05d8 301c0feb374287d68d8e6cac576b79db5cb3d7ab00dcb930646397433cb8796c Loading...

	www.googletagmanager.com/gtag/js?id=UA-68431928-1	115 kB	2023-03-12	2023-03-12
Pretty URL www.googletagmanager.com/gtag/js?id=UA-68431928-1 IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:01:34 Last Seen2023-03-12 15:01:34 Times Seen1 Hash 4a117de19eb98aa5e2fd8e6e8c98da0a 3b35a2423f5f22aa1ea0fdf788851e1fad610f3d b856ab1a605c73e79a3de2650b01fecfa8974ad197bcf9af61ff36b5fe709df8 Loading...

HTTP Transactions (73)

URL IP Response Size

nsweave.org.au/rulesupdate/QBOT_AZD.ZIP

208.76.80.20

301 Moved Permanently

255 B

URL HTTP/1.1
nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
255 B (255 bytes)
Hash
213975c224fdb53fe89c3983599c838b
70de4d0158e5faf56f1f7fa53ac4687dc1f29aaf
434fa4543e89d42645d5d5cc5aadef6a5828d74ef0ed534c50888320d6a3f66b

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /rulesupdate/QBOT_AZD.ZIP HTTP/1.1
Host: nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 05 Jan 2023 08:29:50 GMT
Server: Apache
Location: https://nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Content-Length: 255
Keep-Alive: timeout=3, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
326898eb925368408f6f42ee173b9d89
b8b20ee34b7e7b139e7729b8e46a54ea25f54ac8
96c2c75f700ab55649882111713ca3cfb2eaf08e404c2bc245a641dc12ae168a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96C2C75F700AB55649882111713CA3CFB2EAF08E404C2BC245A641DC12AE168A"
Last-Modified: Wed, 04 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12669
Expires: Thu, 05 Jan 2023 12:00:59 GMT
Date: Thu, 05 Jan 2023 08:29:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b5997a492d3d161c9009d95add566733
9db765ae549ebe4aa859ca27abe365cf7f62dc4d
1ec0de25b0afd3b402c728b9c6b47c4fcf25fb989052427886841a3f52510a0e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1EC0DE25B0AFD3B402C728B9C6B47C4FCF25FB989052427886841A3F52510A0E"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11573
Expires: Thu, 05 Jan 2023 11:42:43 GMT
Date: Thu, 05 Jan 2023 08:29:50 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 05 Jan 2023 07:36:27 GMT
content-type: application/json
age: 3203
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
225d42543c0190cdb3686bf236533f4f
13a0940800fce078487372b6b3ca614dd1ab6c31
766bbe15eb1642ac39e9b71669fbb44252471c8de5adb555cd1a76db44fbe7bc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "766BBE15EB1642AC39E9B71669FBB44252471C8DE5ADB555CD1A76DB44FBE7BC"
Last-Modified: Mon, 02 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12178
Expires: Thu, 05 Jan 2023 11:52:48 GMT
Date: Thu, 05 Jan 2023 08:29:50 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: e6asqYbk3bYOFJdIfMakbKm0ciGgz0vUvXuHGysQbrWNP1FJFj3ODsgAYMLyneZ8WVqhy70Hqpw=
x-amz-request-id: NRT6XWFN1ZC4MR6W
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 05 Jan 2023 08:01:39 GMT
age: 1691
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 08:29:50 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 05 Jan 2023 07:33:38 GMT
age: 3373
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fe74c226e54f2f382d278b594df930ae
4e4ebc661443f56b74d7c924ddae50bcb107f0af
511f11fe968867447f6d7e5862d8003e3a5fc18bdb62496ea09d140e9a11f53b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3355
Cache-Control: max-age=91975
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:51 GMT
Etag: "63b541ab-1d7"
Expires: Fri, 06 Jan 2023 10:02:46 GMT
Last-Modified: Wed, 04 Jan 2023 09:06:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.149.51.98

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.51.98:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2ntCGQKosJLZFbbd9abJbQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Oq/Cwg2+CAuk43B88UKIs0SD5Fg=

nsweave.org.au/rulesupdate/QBOT_AZD.ZIP

208.76.80.20

301 Moved Permanently

1 B

URL HTTP/2
nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
data
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /rulesupdate/QBOT_AZD.ZIP HTTP/1.1
Host: nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
vary: Accept-Encoding
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Thu, 05 Jan 2023 08:29:51 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12725
Expires: Thu, 05 Jan 2023 12:01:58 GMT
Date: Thu, 05 Jan 2023 08:29:53 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12725
Expires: Thu, 05 Jan 2023 12:01:58 GMT
Date: Thu, 05 Jan 2023 08:29:53 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12725
Expires: Thu, 05 Jan 2023 12:01:58 GMT
Date: Thu, 05 Jan 2023 08:29:53 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12725
Expires: Thu, 05 Jan 2023 12:01:58 GMT
Date: Thu, 05 Jan 2023 08:29:53 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12725
Expires: Thu, 05 Jan 2023 12:01:58 GMT
Date: Thu, 05 Jan 2023 08:29:53 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F343434d9-f716-41aa-8934-1a5f79402aa1.jpeg

34.120.237.76

200 OK

4.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F343434d9-f716-41aa-8934-1a5f79402aa1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.2 kB (4248 bytes)
Hash
008614d302ad57bc6502ad5e07652378
968bc262d2939ec6f0dce9d852682c0aaf86d3d7
5eab9a2591f0f9761ba3b90a5a191b79b6326cccb1ee6b586b00dfc1517c8db6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F343434d9-f716-41aa-8934-1a5f79402aa1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4248
x-amzn-requestid: 17ccfd69-0d12-42ac-b111-059a68735e70
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eCutmF7mIAMFW2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b0f7f0-5e1653641a0303815656a578;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 03:03:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: zxPQmFj8Y1QxN5CKzoPL9l_tBPeokp60xLh7nhRHTWjcdKreTPy01A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 07:08:59 GMT
age: 4854
etag: "968bc262d2939ec6f0dce9d852682c0aaf86d3d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb431a43a-b1a3-46f7-8e91-9f652b2d5add.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6834 bytes)
Hash
1baebae9058866bc7c9baf0fa75211a9
beab584d0b8be1795ca594d075599e4631cf0224
7ad66c6e81e4f04613b4fcc7273fc631b31e9e20b3f1c749b63dd1245b0cb3c3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb431a43a-b1a3-46f7-8e91-9f652b2d5add.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6834
x-amzn-requestid: 90b5cd1d-ce5a-4e98-b521-b57c49bbfd23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ePKyuG_cIAMFrBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5f1aa-57ca38951d902f4e2bcbbfa5;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 21:37:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _bCn3O-mh2f9lRkZ-ozervsakkdAexXr6FLokVxe5MpQHYsOgS1jfg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 21:58:45 GMT
etag: "beab584d0b8be1795ca594d075599e4631cf0224"
content-type: image/jpeg
age: 37868
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5578 bytes)
Hash
e832123ea0c92a446b5894e75efc86ae
bb438ca635b43819701067ef07a3d910ad29a0c7
e1b0c6cd873f304de15664f96af6b6914e13fbbfb3e2179ba43369e116446773

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5578
x-amzn-requestid: 93353c3e-1b26-424c-b4c6-0d113703edd6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFvpBFGvIAMFobw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b22c9f-1d07cff31ae39320693642f0;Sampled=0
x-amzn-remapped-date: Mon, 02 Jan 2023 01:00:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DqWBkBqUffF-tNXmSr2AzrL7hMr0RufOsND4zDF26f8A4c1tetxnWg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 03:41:11 GMT
age: 17322
etag: "bb438ca635b43819701067ef07a3d910ad29a0c7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64c5d475-3153-467d-adb9-7187fd47e2e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5443 bytes)
Hash
01344b4dc7ce7b28acfc81aa36c7e88a
8482062315fe3251d47722e1df723555bd18d262
68f5bc4ae2c0ffd384c61442515711a0d3ef300f2898cc610a9b70a1ba78e775

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64c5d475-3153-467d-adb9-7187fd47e2e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5443
x-amzn-requestid: 600f3682-bfaf-4e00-8636-a075d5bda623
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eJVYAEYrIAMFl5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b39c33-792df8cc005d1ad5528a35d7;Sampled=0
x-amzn-remapped-date: Tue, 03 Jan 2023 03:08:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2_tlIxUuemQssDlnUbNuqKvGHak11dEZUUhR8yhQkg2tIm_O-QI0MA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 03:32:12 GMT
age: 17861
etag: "8482062315fe3251d47722e1df723555bd18d262"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e35c08d-9d47-44e2-a839-cbcbd7ba499e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10514 bytes)
Hash
f47bd2c920099c071d5d6d8383915e04
502f6afdccb731d96e5ac3e69dbf91712149fcbc
84bc8c89c2686c1af0796b26c00a032fec455352c6e28f901ff0f49748ac0260

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e35c08d-9d47-44e2-a839-cbcbd7ba499e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10514
x-amzn-requestid: ba145acc-8f57-4ff1-8861-d016b1981f18
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ePKywH9eIAMFn7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5f1ab-5031d35e2516bdd77e37a5b2;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 21:37:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GLQq3yxazuuFesCB4ZP638DuNx41_iUPeVjA46KG9nrCvLOyY6A36A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 21:57:26 GMT
etag: "502f6afdccb731d96e5ac3e69dbf91712149fcbc"
content-type: image/jpeg
age: 37947
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3f96f2f-9480-405d-a177-757b4cdb01db.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8296 bytes)
Hash
d24a6df88f783b455a57250f1d92ccac
ce2e1d0f4925717aca4f2d02dc87c2e16879bcb8
89b3dfc01030e6329f7f0e2240df218ab037386b5ff87df388e83c680ddccb3d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa3f96f2f-9480-405d-a177-757b4cdb01db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8296
x-amzn-requestid: 3dc67582-04fe-45bd-b3c8-0c8f1d228582
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ePK0FEFhIAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5f1b3-5c3a498a15a4219e10e8c3ef;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 21:37:55 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BlfHCjUE0IaEhJUaVgjAFpfZTAo6nR6ORDPqOYL5RahgF_-o4vayYg==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 04 Jan 2023 21:57:26 GMT
age: 37947
etag: "ce2e1d0f4925717aca4f2d02dc87c2e16879bcb8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP

208.76.80.20

404 Not Found

10 kB

URL HTTP/2
www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (8036), with CRLF, LF line terminators
Size
10 kB (10392 bytes)
Hash
950b1d85a07f03fa5663c778a4670879
95b3f1e753340eaeddac195cf54f979ffdee9039
4d8b4fdbe1430beb14a0974283b946e3bf16ac04d1910ee4d34f331f2f6a6353

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /rulesupdate/QBOT_AZD.ZIP HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.nsweave.org.au/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: br
content-length: 10392
content-type: text/html; charset=UTF-8
date: Thu, 05 Jan 2023 08:29:52 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a430d46fb27196c8b03f382c1bafbb23
0b31940d1067eb87c24c6d356689d7f9f90231a6
3e9cd331b1c2c1eca94ff12ec1b685e1c1c1909e30e8b3cf4493dc6eac786df8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-68431928-1

142.250.74.40

200 OK

45 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-68431928-1
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1759)
Size
45 kB (45296 bytes)
Hash
8ba9097f228ceb59f1aad2a6dc8e938d
28281f79b355d15f3c4a16ec278686043eea42d6
7050b4d4b61440c17354fe23d9f331cd238871194ab2347682d396226b3223c7

HTTP Headers

GET /gtag/js?id=UA-68431928-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 05 Jan 2023 08:29:54 GMT
expires: Thu, 05 Jan 2023 08:29:54 GMT
cache-control: private, max-age=900
last-modified: Thu, 05 Jan 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45296
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=11e48491e5544a25ce95b6a249b44c97

208.76.80.20

200 OK

982 B

URL HTTP/2
www.nsweave.org.au/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=11e48491e5544a25ce95b6a249b44c97
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text, with very long lines (4186), with no line terminators
Size
982 B (982 bytes)
Hash
a43bf1705482324d06adb5d2b644a1a2
599069728988582dee8e5ec6a4a4b37c931adb96
78ae77841e94a99977ad8f5d7e7d6757ddf5b6e4da5b66ee6029ec39be4e2204

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=11e48491e5544a25ce95b6a249b44c97 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 03 Jan 2022 08:41:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 982
content-type: text/css
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-content/plugins/link-library/upvote-downvote/css/style.css?ver=1.0.0

208.76.80.20

200 OK

2.9 kB

URL HTTP/2
www.nsweave.org.au/wp-content/plugins/link-library/upvote-downvote/css/style.css?ver=1.0.0
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text, with very long lines (786)
Size
2.9 kB (2944 bytes)
Hash
383ba7eb21deec69877d99a2e3076427
1174fe251d0fbdf6b6df15585bbe3e746a8247db
54b90820a7f289c31a4bdad6d76db79bf1e8ac88d1d899bce9e75f3b851d3484

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/plugins/link-library/upvote-downvote/css/style.css?ver=1.0.0 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 29 Dec 2022 23:07:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 2944
content-type: text/css
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17

208.76.80.20

200 OK

2.4 kB

URL HTTP/2
www.nsweave.org.au/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text, with very long lines (11256), with no line terminators
Size
2.4 kB (2397 bytes)
Hash
1d6e4a77fd29a54c63cacf31066fe58e
270a454d2b87b294ddbdb6594d491c7dda637363
46879cca8816e1802c35e96fb5d7d28519994fd9ae41a7b94299057e3f8c7f79

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 03 Jan 2022 08:41:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 2397
content-type: text/css
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-content/plugins/link-library/colorbox/colorbox.css?ver=11e48491e5544a25ce95b6a249b44c97

208.76.80.20

200 OK

928 B

URL HTTP/2
www.nsweave.org.au/wp-content/plugins/link-library/colorbox/colorbox.css?ver=11e48491e5544a25ce95b6a249b44c97
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text
Size
928 B (928 bytes)
Hash
9cda84eb2666c442792bc565341d2a76
381ee64952f46701b0de7cbba8a278236c5b1da7
73b8dcdc848514e6c87ad824ca57641f4205d3d91817e2f5c08806692ede9f33

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/plugins/link-library/colorbox/colorbox.css?ver=11e48491e5544a25ce95b6a249b44c97 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 29 Dec 2022 23:07:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 928
content-type: text/css
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.11.0

208.76.80.20

200 OK

3.0 kB

URL HTTP/2
www.nsweave.org.au/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.11.0
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text, with very long lines (1571)
Size
3.0 kB (3016 bytes)
Hash
3c4229852a30c94261b98cd2acfcb562
e623a3b989ea99a99283a63d847d2117b82c595d
33e6ce43d79c11584409e48675996994006cb3f9667e1c86715ecaab894aa740

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.11.0 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 21 Dec 2022 01:17:03 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 3016
content-type: application/javascript
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a430d46fb27196c8b03f382c1bafbb23
0b31940d1067eb87c24c6d356689d7f9f90231a6
3e9cd331b1c2c1eca94ff12ec1b685e1c1c1909e30e8b3cf4493dc6eac786df8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.nsweave.org.au/wp-content/plugins/jetpack/css/jetpack.css?ver=11.6

208.76.80.20

200 OK

16 kB

URL HTTP/2
www.nsweave.org.au/wp-content/plugins/jetpack/css/jetpack.css?ver=11.6
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
16 kB (15681 bytes)
Hash
134600ae4f7e75b9516fe5c6a93385ac
eb3666dc8ea4058286b79d5194a776798931772f
e9a6b34b74cb6b15fc0f67bd435667844670179de7f5b5f98eb5f2094bde954f

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/plugins/jetpack/css/jetpack.css?ver=11.6 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 21 Dec 2022 01:16:02 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 15681
content-type: text/css
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

208.76.80.20

200 OK

30 kB

URL HTTP/2
www.nsweave.org.au/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text, with very long lines (65447)
Size
30 kB (30350 bytes)
Hash
fb1aea2f7ce09f9d2e290d73d57defdf
62d40e64c8aeff20834868816d20d6a645fd2565
367cc15d582c7056695a307c1ef9b32a9e4810c16e33f27eac05909a1f57d4b4

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 11 Nov 2022 08:42:45 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 30350
content-type: application/javascript
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-content/uploads/2019/01/ravelry-grey.png

208.76.80.20

200 OK

20 kB

URL HTTP/2
www.nsweave.org.au/wp-content/uploads/2019/01/ravelry-grey.png
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
PNG image data, 490 x 421, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20314 bytes)
Hash
57723f2a165c82aaaaeb4fbd218032e2
26c2c4defd4f1ae1d57711ac0745651c0b7c0e7d
08e11b8deb13cafa5d954f0f25b2619ee226f68f2ff1a5f2d1ab4c4266051d77

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/uploads/2019/01/ravelry-grey.png HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 25 Jan 2019 12:36:52 GMT
accept-ranges: bytes
content-length: 20314
content-type: image/png
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001

208.76.80.20

200 OK

315 B

URL HTTP/2
www.nsweave.org.au/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text, with very long lines (685), with no line terminators
Size
315 B (315 bytes)
Hash
90b6ed98e867cd14bff93b31e7f0af82
cc2162190788e5d8579eb5844f8ef1f12fe2a69a
8ccc3f277c5d05f7e8aa933156fcf66282133edd7e47d3774d68366bfd4a2a99

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 21 Dec 2022 01:16:01 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 315
content-type: application/javascript
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-content/plugins/jetpack/_inc/build/facebook-embed.min.js?ver=11.6

208.76.80.20

200 OK

307 B

URL HTTP/2
www.nsweave.org.au/wp-content/plugins/jetpack/_inc/build/facebook-embed.min.js?ver=11.6
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text, with very long lines (639), with no line terminators
Size
307 B (307 bytes)
Hash
5a176e78a419e11c8d73cd5947ef6a76
10c14b6b382818e15a719afbb1ff099ac692ac46
5d60314528406532db9bb2d38b9272ffa284a37ba027f977168565aa6b3462e0

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/plugins/jetpack/_inc/build/facebook-embed.min.js?ver=11.6 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 21 Dec 2022 01:16:01 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 307
content-type: application/javascript
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-content/plugins/link-library/upvote-downvote/js/general.js?ver=4.0.1

208.76.80.20

200 OK

685 B

URL HTTP/2
www.nsweave.org.au/wp-content/plugins/link-library/upvote-downvote/js/general.js?ver=4.0.1
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text
Size
685 B (685 bytes)
Hash
2f2bc860c0f02a3b1cf1875547322d7a
f76ed70151bd2d5c2726dcd5c50c03b9194bca68
f02e3936404db9b579c62807ee8692680f91cc29150c43f23d361cdb3572875f

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/plugins/link-library/upvote-downvote/js/general.js?ver=4.0.1 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 29 Dec 2022 23:07:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 685
content-type: application/javascript
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

208.76.80.20

200 OK

4.0 kB

URL HTTP/2
www.nsweave.org.au/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text, with very long lines (11126)
Size
4.0 kB (3998 bytes)
Hash
1fbb59519536e28eeb7ae7173973c39f
f6542c5d0f96f621eea4f3cb442021dfe33863fa
b1b54befd52c3605721bf8b5a6c0290c572929138358738826873751256b191c

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 03 Jan 2022 08:41:21 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 3998
content-type: application/javascript
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-content/plugins/link-library/colorbox/jquery.colorbox-min.js?ver=1.3.9

208.76.80.20

200 OK

4.5 kB

URL HTTP/2
www.nsweave.org.au/wp-content/plugins/link-library/colorbox/jquery.colorbox-min.js?ver=1.3.9
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text, with very long lines (11887)
Size
4.5 kB (4467 bytes)
Hash
955f5cc9b2d406353643547dd357b28d
735ca3bd9bd9f5fa414ecabe6b8cd86b951ba5e7
a4599b2a2d4defbaa7ec5bede0c1f50e064edc70e27fd0be978c7b38d14d1e78

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/plugins/link-library/colorbox/jquery.colorbox-min.js?ver=1.3.9 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 29 Dec 2022 23:07:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 4467
content-type: application/javascript
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-includes/js/wp-emoji-release.min.js?ver=11e48491e5544a25ce95b6a249b44c97

208.76.80.20

200 OK

4.6 kB

URL HTTP/2
www.nsweave.org.au/wp-includes/js/wp-emoji-release.min.js?ver=11e48491e5544a25ce95b6a249b44c97
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text, with very long lines (15660)
Size
4.6 kB (4614 bytes)
Hash
a0083d25b89ea80ecd2393db9f865d62
24eaf2df7c722fb13f2b5bf77ada5ee446720c25
f7533cb93f2efbb9e3bccfa9ff4036a2cafa7dd1bd4d66bea4833306b321e957

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=11e48491e5544a25ce95b6a249b44c97 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 27 May 2022 02:43:32 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 4614
content-type: application/javascript
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-content/uploads/2022/03/logo-guild-monochrome.png

208.76.80.20

200 OK

12 kB

URL HTTP/2
www.nsweave.org.au/wp-content/uploads/2022/03/logo-guild-monochrome.png
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
PNG image data, 140 x 48, 8-bit/color RGB, non-interlaced\012- data
Size
12 kB (12133 bytes)
Hash
7a94e0c20438ad32c8ccc9a87de6cf62
73c584d1dbc16b99d58f9f9cbc1c036821894998
160452dc59e6d024233530d2f8deedb0ad78969c761e6aaad905747b129a9f64

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/uploads/2022/03/logo-guild-monochrome.png HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 21 Mar 2022 08:56:33 GMT
accept-ranges: bytes
content-length: 12133
content-type: image/png
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-content/uploads/fusion-scripts/8118d9d59938e0ef2674c578c8c54bed.min.js?ver=3.9.1

208.76.80.20

200 OK

105 kB

URL HTTP/2
www.nsweave.org.au/wp-content/uploads/fusion-scripts/8118d9d59938e0ef2674c578c8c54bed.min.js?ver=3.9.1
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
Unicode text, UTF-8 text, with very long lines (34773)
Size
105 kB (105408 bytes)
Hash
99dc35fc1fcc85769e0f011a2e70f7be
7cc3d2fc86b7d3d434ccaad5952642f49d09c9c5
97b72e4da9510d5d16632d75f70e23163a45234a4f169f76d64b7f208ec4df13

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/uploads/fusion-scripts/8118d9d59938e0ef2674c578c8c54bed.min.js?ver=3.9.1 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 29 Dec 2022 23:10:33 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 105408
content-type: application/javascript
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.nsweave.org.au/?display_custom_css=css&ver=11e48491e5544a25ce95b6a249b44c97

208.76.80.20

200 OK

769 B

URL HTTP/2
www.nsweave.org.au/?display_custom_css=css&ver=11e48491e5544a25ce95b6a249b44c97
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
assembler source, ASCII text, with CRLF line terminators
Size
769 B (769 bytes)
Hash
00a4fbd5b406fbb91173cc1780e3b1f9
9af20030cb80f852cf5b156425fb1d3e8e47272f
281d9909d8c09c64129e2a36ee8579a674078c6bcdc93bbd0999f6ff33cd3085

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed

HTTP Headers

GET /?display_custom_css=css&ver=11e48491e5544a25ce95b6a249b44c97 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
content-length: 769
content-type: text/css;charset=UTF-8
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5dcd3e3f6440384500af24c809a3f175
3a5df7e2369c9d65865d73410b0cac87e1b5a54c
b7c5a41dbd443dcb04231372b9ac63a3853d57e43941af5b22073693291099df

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

pixel.wp.com/g.gif?v=ext&blog=100233054&post=0&tz=11&srv=www.nsweave.org.au&j=1%3A11.6&host=www.nsweave.org.au&ref=&fcp=0&rand=0.23661231246049852

192.0.76.3

200 OK

50 B

URL HTTP/2
pixel.wp.com/g.gif?v=ext&blog=100233054&post=0&tz=11&srv=www.nsweave.org.au&j=1%3A11.6&host=www.nsweave.org.au&ref=&fcp=0&rand=0.23661231246049852
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type
GIF image data, version 89a, 6 x 5\012- data
Size
50 B (50 bytes)
Hash
e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

HTTP Headers

GET /g.gif?v=ext&blog=100233054&post=0&tz=11&srv=www.nsweave.org.au&j=1%3A11.6&host=www.nsweave.org.au&ref=&fcp=0&rand=0.23661231246049852 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 08:29:55 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5dcd3e3f6440384500af24c809a3f175
3a5df7e2369c9d65865d73410b0cac87e1b5a54c
b7c5a41dbd443dcb04231372b9ac63a3853d57e43941af5b22073693291099df

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2

216.58.207.227

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 45300, version 1.0\012- data
Size
45 kB (45300 bytes)
Hash
5fe660c3a23b871807b0e1d3ee973d23
62a9dd423b30b6ee3ab3dd40d573545d579af10a
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d

HTTP Headers

GET /s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nsweave.org.au
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 45300
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 31 Dec 2022 22:37:37 GMT
expires: Sun, 31 Dec 2023 22:37:37 GMT
cache-control: public, max-age=31536000
age: 381138
last-modified: Wed, 27 Apr 2022 16:11:08 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/anticslab/v16/bWt97fPFfRzkCa9Jlp6IacVcXA.woff2

216.58.207.227

200 OK

12 kB

URL HTTP/2
fonts.gstatic.com/s/anticslab/v16/bWt97fPFfRzkCa9Jlp6IacVcXA.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12136, version 1.0\012- data
Size
12 kB (12136 bytes)
Hash
cae549261ca235f6a254f6eed560ba20
ee867ac8b467c51d0455ab3438e04fbee79c2d87
3c478d59cd9c14ded18169933a9703a61220b737631fa08035f626f45867c134

HTTP Headers

GET /s/anticslab/v16/bWt97fPFfRzkCa9Jlp6IacVcXA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nsweave.org.au
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12136
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Dec 2022 13:33:42 GMT
expires: Sat, 30 Dec 2023 13:33:42 GMT
cache-control: public, max-age=31536000
age: 500173
last-modified: Tue, 19 Apr 2022 18:27:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5dcd3e3f6440384500af24c809a3f175
3a5df7e2369c9d65865d73410b0cac87e1b5a54c
b7c5a41dbd443dcb04231372b9ac63a3853d57e43941af5b22073693291099df

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.nsweave.org.au/wp-content/themes/Avada/assets/images/page_title_bg.png

208.76.80.20

200 OK

50 kB

URL HTTP/2
www.nsweave.org.au/wp-content/themes/Avada/assets/images/page_title_bg.png
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
PNG image data, 1400 x 87, 8-bit/color RGBA, non-interlaced\012- data
Size
50 kB (50495 bytes)
Hash
626bdf14ba987a175c0ace4510e9747c
7abdc3fe86410e599ac7d9a3732daddab83c23a0
6490da8fa414a3ee09c42b4b0557ee396bd60c3dd7654c9df31c50f35a3fa122

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/themes/Avada/assets/images/page_title_bg.png HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/wp-content/uploads/fusion-styles/aee18c7b0b895ce9e6c9faf0b5513a3b.min.css?ver=3.9.1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 21 Dec 2022 01:18:12 GMT
accept-ranges: bytes
content-length: 50495
content-type: image/png
date: Thu, 05 Jan 2023 08:29:55 GMT
server: Apache
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2

216.58.207.227

200 OK

47 kB

URL HTTP/2
fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 47048, version 1.0\012- data
Size
47 kB (47048 bytes)
Hash
87a1556b696ae2cb1a726bd8c4584a2f
1be0f6f39e0cf316f9827f945eeeaef8294cc37b
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1

HTTP Headers

GET /s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nsweave.org.au
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47048
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 03 Jan 2023 15:42:38 GMT
expires: Wed, 03 Jan 2024 15:42:38 GMT
cache-control: public, max-age=31536000
age: 146837
last-modified: Wed, 27 Apr 2022 16:55:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/awb-icons.woff

208.76.80.20

200 OK

21 kB

URL HTTP/2
www.nsweave.org.au/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/awb-icons.woff
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
Web Open Font Format, TrueType, length 21028, version 1.0\012- data
Size
21 kB (21028 bytes)
Hash
6b9a736ada76cf8a7ebbf83613292697
9d034292d47aeb744ce0851d50211aa684a6e075
288d156b63cea15974f8ced0963ccc03ca9688a0e2da4af409339c065faab72f

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/awb-icons.woff HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.nsweave.org.au/wp-content/uploads/fusion-styles/aee18c7b0b895ce9e6c9faf0b5513a3b.min.css?ver=3.9.1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 21 Dec 2022 01:18:13 GMT
accept-ranges: bytes
content-length: 21028
vary: Accept-Encoding
content-type: font/woff
date: Thu, 05 Jan 2023 08:29:55 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5dcd3e3f6440384500af24c809a3f175
3a5df7e2369c9d65865d73410b0cac87e1b5a54c
b7c5a41dbd443dcb04231372b9ac63a3853d57e43941af5b22073693291099df

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.nsweave.org.au/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.woff2

208.76.80.20

200 OK

78 kB

URL HTTP/2
www.nsweave.org.au/wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.woff2
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
Web Open Font Format (Version 2), TrueType, length 78212, version 331.-31261\012- data
Size
78 kB (78212 bytes)
Hash
8c4f474a3aaa695346196b1f33fab616
abc1ae262d760e104a5a5cb68614ac119fd0db18
ef2369c82b6ec19bcf4fe76799d94edc43604e164c0f73978059536159845441

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/themes/Avada/includes/lib/assets/fonts/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.nsweave.org.au/wp-content/uploads/fusion-styles/aee18c7b0b895ce9e6c9faf0b5513a3b.min.css?ver=3.9.1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 21 Dec 2022 01:18:13 GMT
accept-ranges: bytes
content-length: 78212
vary: Accept-Encoding
content-type: font/woff2
date: Thu, 05 Jan 2023 08:29:55 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b1ec4eb5276a6872b64135f424c57124
261ffe8ee941a2e48eb12bb5f6e5d6bc0b8e6344
38dc5616ee5568e1714ea7364b2578af0e854599f46e699fa97990bd1154da66

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3219
Cache-Control: max-age=99408
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:55 GMT
Etag: "63b55f40-1d7"
Expires: Fri, 06 Jan 2023 12:06:43 GMT
Last-Modified: Wed, 04 Jan 2023 11:13:04 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

www.google-analytics.com/analytics.js

216.239.36.178

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
216.239.36.178:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 05 Jan 2023 06:41:10 GMT
expires: Thu, 05 Jan 2023 08:41:10 GMT
cache-control: public, max-age=7200
age: 6525
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

i0.wp.com/www.nsweave.org.au/wp-content/uploads/2019/01/cropped-logo-guild.png?fit=32%2C32&ssl=1

192.0.77.2

200 OK

1.2 kB

URL HTTP/2
i0.wp.com/www.nsweave.org.au/wp-content/uploads/2019/01/cropped-logo-guild.png?fit=32%2C32&ssl=1
IP
192.0.77.2:0
ASN
#2635 AUTOMATTIC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.2 kB (1202 bytes)
Hash
de39bc939673e026108584911a9aed57
133dfd783428a61ef2f298e09a255f2335ff7b99
6b4705b36a97311ecb8be9d0f66ec635bfb386011b5c1c922a28318e0e690394

HTTP Headers

GET /www.nsweave.org.au/wp-content/uploads/2019/01/cropped-logo-guild.png?fit=32%2C32&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 08:29:55 GMT
content-type: image/webp
content-length: 1202
last-modified: Tue, 03 Jan 2023 19:02:54 GMT
expires: Fri, 03 Jan 2025 07:02:54 GMT
cache-control: public, max-age=63115200
link: <https://www.nsweave.org.au/wp-content/uploads/2019/01/cropped-logo-guild.png>; rel="canonical"
x-content-type-options: nosniff
etag: "b2e01dbe0d9f0438"
vary: Accept
x-nc: HIT arn 2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

stats.wp.com/e-202301.js

192.0.76.3

200 OK

11 kB

URL HTTP/2
stats.wp.com/e-202301.js
IP
192.0.76.3:0
ASN
#2635 AUTOMATTIC

File type
ASCII text, with very long lines (2690)
Size
11 kB (11315 bytes)
Hash
9409004e71055d03accf541001a53596
6a668d1e63beef328c1292d2e905f21143bf51e2
910455ff0df16f726a3cee9f53a916a3928f4232cd1d4d4e4c086b2f9827c6cd

HTTP Headers

GET /e-202301.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 05 Jan 2023 08:29:54 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Sun, 31 Dec 2023 13:33:19 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2

connect.facebook.net/en_US/sdk.js

157.240.200.14

200 OK

1.7 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (1957)
Size
1.7 kB (1685 bytes)
Hash
c3688cbc4709492bf887c3df3bedc710
1169d9fd54ef8c483ed7ec98b50b5be3b6a7defd
fc1f2f38e7d773c5a5c37a8b87c19e9cf0fbf8efa4feb98be23a35f80b6608a9

HTTP Headers

GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 2f4e63a275be3ed3a74db7205053d7ac
etag: "c9cccea03b36dc1f49cda85f47c23437"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Thu, 05 Jan 2023 08:40:18 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: w2iMvEcJSSv4h8PfO+3HEA==
x-fb-debug: 86UDiX+VbV0nlDmgDyb0m87a2ag7cpecZSsQODq1x10xUZ0lzPbWGHiRdzbPrtmdhfoZ7Re8QmF8A0s6XQBjYQ==
content-length: 1685
x-fb-trip-id: 1679558926
date: Thu, 05 Jan 2023 08:29:55 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b1ec4eb5276a6872b64135f424c57124
261ffe8ee941a2e48eb12bb5f6e5d6bc0b8e6344
38dc5616ee5568e1714ea7364b2578af0e854599f46e699fa97990bd1154da66

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3219
Cache-Control: max-age=99408
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:55 GMT
Etag: "63b55f40-1d7"
Expires: Fri, 06 Jan 2023 12:06:43 GMT
Last-Modified: Wed, 04 Jan 2023 11:13:04 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b815e7b1a5f00b7cff7f2a68bb723f77
c944dc7284f4758dfebbd1b8ab4b7b327259f651
f1701c75e48206c4405afcd5a60ae3141ff4db9f811ec9ab4cdd9090af666f26

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.facebook.net/en_US/sdk.js?hash=6c91330a79e93cc3dd7aade62bb4027e

157.240.200.14

200 OK

88 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js?hash=6c91330a79e93cc3dd7aade62bb4027e
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (18530)
Size
88 kB (88402 bytes)
Hash
97d0e6236ff9ec8ef6f3a2948d8e82be
25ef5f43317f4cc4864ebe5a1a8d22b9ad2633d1
f71b40475edb045b334dc61a6cce5faa1d81992df40017a683981adaee6a0436

HTTP Headers

GET /en_US/sdk.js?hash=6c91330a79e93cc3dd7aade62bb4027e HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nsweave.org.au
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 5ea89c35673f38e0c7544f3511ef7ff7
etag: "73760cb27e514ece88f277dce43d5b1a"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 05 Jan 2024 07:40:34 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: l9DmI2/57I7286KUjY6Cvg==
x-fb-debug: UU+8H+H1mmn/4jsYQzXzsnmB2PSA+DR1KUzS5Bw4peqx5VrWqnczlVYeB1kdbAYWY5WVbKrsTI4e5Mbs37BB+A==
priority: u=3,i
content-length: 88402
x-fb-trip-id: 1679558926
date: Thu, 05 Jan 2023 08:29:56 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-68431928-1&cid=330922301.1672907386&jid=947000246&gjid=902306677&_gid=2136363360.1672907386&_u=YEBAAUAAAAAAACAAI~&z=311986657

142.251.1.156

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-68431928-1&cid=330922301.1672907386&jid=947000246&gjid=902306677&_gid=2136363360.1672907386&_u=YEBAAUAAAAAAACAAI~&z=311986657
IP
142.251.1.156:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-68431928-1&cid=330922301.1672907386&jid=947000246&gjid=902306677&_gid=2136363360.1672907386&_u=YEBAAUAAAAAAACAAI~&z=311986657 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.nsweave.org.au
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www.nsweave.org.au
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 05 Jan 2023 08:29:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b815e7b1a5f00b7cff7f2a68bb723f77
c944dc7284f4758dfebbd1b8ab4b7b327259f651
f1701c75e48206c4405afcd5a60ae3141ff4db9f811ec9ab4cdd9090af666f26

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.nsweave.org.au/wp-content/uploads/fusion-styles/aee18c7b0b895ce9e6c9faf0b5513a3b.min.css?ver=3.9.1

208.76.80.20

200 OK

154 kB

URL HTTP/2
www.nsweave.org.au/wp-content/uploads/fusion-styles/aee18c7b0b895ce9e6c9faf0b5513a3b.min.css?ver=3.9.1
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type
ASCII text, with very long lines (60056)
Size
154 kB (153659 bytes)
Hash
2f3836795156fe4736f5a17d9ddb5ccb
4322c88667d935af143a639f82b77bff6002d061
3dc6749a467cdb6b82fe1afb1cf1fb7b041cb884a8183de05ef5d490a04ea578

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/uploads/fusion-styles/aee18c7b0b895ce9e6c9faf0b5513a3b.min.css?ver=3.9.1 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 31 Dec 2022 23:12:35 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/css
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
974e444c7b66a760e0fdec04b8bebb82
23d1de086afcfbdedbd5c60fcef69c88b840b448
458cf84b0a13820b027dfeafe101e87d2cc692fc998dc0347268df5afd816aca

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-68431928-1&cid=330922301.1672907386&jid=947000246&_u=YEBAAUAAAAAAACAAI~&z=368976193

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-68431928-1&cid=330922301.1672907386&jid=947000246&_u=YEBAAUAAAAAAACAAI~&z=368976193
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-68431928-1&cid=330922301.1672907386&jid=947000246&_u=YEBAAUAAAAAAACAAI~&z=368976193 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 05 Jan 2023 08:29:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-68431928-1&cid=330922301.1672907386&jid=947000246&_u=YEBAAUAAAAAAACAAI~&z=368976193

216.58.207.228

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-68431928-1&cid=330922301.1672907386&jid=947000246&_u=YEBAAUAAAAAAACAAI~&z=368976193
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-68431928-1&cid=330922301.1672907386&jid=947000246&_u=YEBAAUAAAAAAACAAI~&z=368976193 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 05 Jan 2023 08:29:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
974e444c7b66a760e0fdec04b8bebb82
23d1de086afcfbdedbd5c60fcef69c88b840b448
458cf84b0a13820b027dfeafe101e87d2cc692fc998dc0347268df5afd816aca

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7c8811382bcd40ec65e7a6e339e94904
38d741442c52bcdde863d1a2d593ce0c81c7efbd
ce5c1060c028784381224586783b9b0943fd14947bb15bb38e6d401a1a221c23

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 05 Jan 2023 08:29:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

use.fontawesome.com/releases/v5.15.4/css/v4-shims.css?ver=2.0.2

172.64.133.15

200 OK

0 B

URL HTTP/2
use.fontawesome.com/releases/v5.15.4/css/v4-shims.css?ver=2.0.2
IP
172.64.133.15:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.15.4/css/v4-shims.css?ver=2.0.2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 05 Jan 2023 08:29:54 GMT
content-type: text/css
x-amz-id-2: Q/kdu2lbLwMmGH8XYVVj05uDBpTKrYzztOvetInXrMk+rLFpQla2+iom1jU/+LuqUeSf7Y4XHsI=
x-amz-request-id: FKMPZ963B6974F1B
last-modified: Wed, 04 Aug 2021 20:43:22 GMT
etag: W/"a034d3c71bee546f625877d7932917f8"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1735146
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JtJH57PoiTdS%2BJyH7KYL%2Fw9TNhNLySOpk3nNvqggVW1keus3Ri%2BE2G%2BTHgr8gL7soaAWC6WrnQzwQ2FJu1hKVMBG9VySoBRZl8Xt%2FXahgUBaglEyZt2dOotSYSjOnUbr2SgAYeHg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 784ad94ddedd72e2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.nsweave.org.au/wp-content/plugins/all-in-one-event-calendar/public/themes-ai1ec/plana/css/ai1ec_parsed_css.css?ver=3.0.0

208.76.80.20

200 OK

0 B

URL HTTP/2
www.nsweave.org.au/wp-content/plugins/all-in-one-event-calendar/public/themes-ai1ec/plana/css/ai1ec_parsed_css.css?ver=3.0.0
IP
208.76.80.20:0
ASN
#16556 TOTALCHOICE

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed

HTTP Headers

GET /wp-content/plugins/all-in-one-event-calendar/public/themes-ai1ec/plana/css/ai1ec_parsed_css.css?ver=3.0.0 HTTP/1.1
Host: www.nsweave.org.au
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/rulesupdate/QBOT_AZD.ZIP
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 22 Jul 2021 06:05:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/css
date: Thu, 05 Jan 2023 08:29:54 GMT
server: Apache
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.15.4/css/all.css?ver=2.0.2

172.64.133.15

200 OK

0 B

URL HTTP/2
use.fontawesome.com/releases/v5.15.4/css/all.css?ver=2.0.2
IP
172.64.133.15:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.15.4/css/all.css?ver=2.0.2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nsweave.org.au/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 05 Jan 2023 08:29:54 GMT
content-type: text/css
x-amz-id-2: lSs6dHf/6OiQx/BbZIEUH7f9wBEjEVABtTY2Lw8HOL8wYg5shBN969yMX2128YKYjljP73qSNZU=
x-amz-request-id: FKMZBBVMH5RS5WVJ
last-modified: Wed, 04 Aug 2021 20:43:22 GMT
etag: W/"ecd507b3125edc4d2a03aa6ae5d07da9"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1735149
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mA9H0HuSXmv%2Fgb1JqIKvjeI%2FRzZXC4pYPhh3UlKGSu9WppdcVnyhB0dOgHGNOTkkhwWr5utv%2BBGPAZnz7kSLQGh8jjS5d89E%2FWK01TT%2BNFbd8Vd%2Berh849BWbokF0RX3%2BP1%2Foalc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 784ad94deeea72e2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations