Overview

URLsuperliving.co.uk/tuae/index.php?e=qbot.zip
IP 194.1.147.89 (United States)
ASN#210250 K Media Tech Ltd.
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-08 21:29:30 UTC
StatusLoading report..
IDS alerts0
Blocklist alert56
urlquery alerts No alerts detected
Tags None

Domain Summary (7)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-08 06:06:41 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 35.162.217.251
img-getpocket.cdn.mozilla.net (7) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
superliving.co.uk (23) 0 2019-02-06 13:02:27 UTC 2022-11-08 17:26:36 UTC 194.1.147.66 Unknown ranking
r3.o.lencr.org (8) 344 No data No data 23.36.77.32

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-08 2 superliving.co.uk/wp-includes/css/dist/block-library/style.min.css?ver=6.1 Malware
2022-11-08 2 superliving.co.uk/wp-content/themes/popcorn/fonts/fa-minimal/style.css?ver=6.1 Malware
2022-11-08 2 superliving.co.uk/wp-content/plugins/essential-addons-for-elementor-lite/as (...) Malware
2022-11-08 2 superliving.co.uk/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Malware
2022-11-08 2 superliving.co.uk/wp-content/plugins/contact-form-7/includes/js/index.js?ve (...) Malware
2022-11-08 2 superliving.co.uk/wp-content/themes/popcorn/js/popcornsearch.js?ver=6.1 Malware
2022-11-08 2 superliving.co.uk/wp-content/plugins/elementor/assets/css/frontend-legacy.m (...) Malware
2022-11-08 2 superliving.co.uk/wp-content/plugins/contact-form-7/includes/swv/js/index.j (...) Malware
2022-11-08 2 superliving.co.uk/wp-content/plugins/essential-addons-for-elementor-lite/as (...) Malware
2022-11-08 2 superliving.co.uk/wp-content/themes/popcorn/js/popcornnav.js?ver=6.1 Malware

mnemonic secure dns
Scan Date Severity Indicator Comment
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed
2022-11-08 2 superliving.co.uk Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 194.1.147.89
Date UQ / IDS / BL URL IP
2022-11-08 21:29:30 +0000 0 - 0 - 56 superliving.co.uk/tuae/index.php?e=qbot.zip 194.1.147.89


Last 5 reports on ASN: K Media Tech Ltd.
Date UQ / IDS / BL URL IP
2023-01-17 02:58:02 +0000 0 - 1 - 0 www.florenceah.com/ 194.1.147.92
2023-01-14 01:49:32 +0000 0 - 0 - 6 blogdecachorros.com/caes-com-baixa-manutencao/ 194.1.147.50
2023-01-13 20:18:26 +0000 0 - 2 - 2 cancatseat.com/turkey/ 194.1.147.24
2023-01-09 12:44:31 +0000 0 - 0 - 3 nordictb.com/wp-admin/m/mkbssl/eaa1da31f79917 (...) 194.1.147.69
2023-01-08 12:20:40 +0000 0 - 1 - 0 waiuku.school.nz/contact-us/ 194.1.147.14


Last 4 reports on domain: superliving.co.uk
Date UQ / IDS / BL URL IP
2022-11-19 19:12:22 +0000 0 - 0 - 34 superliving.co.uk/tuae/index.php?e=qbot.zip 194.1.147.66
2022-11-08 21:29:30 +0000 0 - 0 - 56 superliving.co.uk/tuae/index.php?e=qbot.zip 194.1.147.89
2022-11-06 18:40:02 +0000 0 - 0 - 4 superliving.co.uk/tuae/index.php?e=qbot.zip 199.188.206.73
2022-11-04 20:34:36 +0000 0 - 0 - 6 superliving.co.uk/tuae/index.php?e=qbot.zip 199.188.206.73


Last 1 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-11-19 19:12:22 +0000 0 - 0 - 34 superliving.co.uk/tuae/index.php?e=qbot.zip 194.1.147.66

JavaScript

Executed Scripts (12)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (43)


Request Response
                                        
                                            GET /tuae/index.php?e=qbot.zip HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         194.1.147.66
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Date: Tue, 08 Nov 2022 21:29:17 GMT
Content-Length: 707
Connection: keep-alive
location: https://superliving.co.uk/tuae/index.php?e=qbot.zip
vary: Accept-Encoding,Origin
wpx: 1
x-turbo-charged-by: LiteSpeed
X-Edge-Location: WPX CLOUD/NOR01
Server: WPX CLOUD/NOR01
X-Cache-Status: BYPASS


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   707
Md5:    1304294c0823ca486542ba408ed761e3
Sha1:   b2a70fb2d810ca13985882e6981f33998823e83e
Sha256: 3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7860552382285E6EDDDDC5226C6F6400CAA3F6FC3CB4B8A2D550C6FC653F78BB"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5529
Expires: Tue, 08 Nov 2022 23:01:26 GMT
Date: Tue, 08 Nov 2022 21:29:17 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4577
Cache-Control: max-age=137891
Date: Tue, 08 Nov 2022 21:29:17 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 11:47:28 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C4981CE849FCFCE045D1C9EEB2978767D87FCBF6087626F3D6541EC8B1938A37"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12283
Expires: Wed, 09 Nov 2022 00:54:00 GMT
Date: Tue, 08 Nov 2022 21:29:17 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 7GL0rx0XkfEy4JDQzyf72/iz/TTX0HMzGB9/6tanO37U43GygMSuQPlLI6HzQJJ7qq39b7cuUOk=
x-amz-request-id: CYAGFVH6ZXZ4K4S8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 08 Nov 2022 21:11:27 GMT
age: 1070
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 08 Nov 2022 21:29:17 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5D5D2D9AEFF2E5AC8E37E53BA7C13C29150FAD1A85D9CBA22BBEE09E61EC8CCD"
Last-Modified: Mon, 07 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21541
Expires: Wed, 09 Nov 2022 03:28:19 GMT
Date: Tue, 08 Nov 2022 21:29:18 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3847
Cache-Control: max-age=132095
Date: Tue, 08 Nov 2022 21:29:18 GMT
Etag: "636a1c26-1d7"
Expires: Thu, 10 Nov 2022 10:10:53 GMT
Last-Modified: Tue, 08 Nov 2022 09:06:46 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Htf9yhwsNA3BGw7m2Mx/eg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         35.162.217.251
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZORcvDbd5nF07ZIEVTAuDiQa5t4=

                                        
                                            GET /tuae/index.php?e=qbot.zip HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         194.1.147.66
HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:19 GMT
content-length: 0
expires: Tue, 08 Nov 2022 22:29:19 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
location: https://superliving.co.uk/tuae/?e=qbot.zip
vary: Accept-Encoding,Origin
wpx: 1
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: BYPASS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12425
Expires: Wed, 09 Nov 2022 00:56:24 GMT
Date: Tue, 08 Nov 2022 21:29:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12425
Expires: Wed, 09 Nov 2022 00:56:24 GMT
Date: Tue, 08 Nov 2022 21:29:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12425
Expires: Wed, 09 Nov 2022 00:56:24 GMT
Date: Tue, 08 Nov 2022 21:29:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12425
Expires: Wed, 09 Nov 2022 00:56:24 GMT
Date: Tue, 08 Nov 2022 21:29:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12425
Expires: Wed, 09 Nov 2022 00:56:24 GMT
Date: Tue, 08 Nov 2022 21:29:19 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4737
x-amzn-requestid: ad230e08-9f4e-46cf-9a86-f8e013a1c498
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQBFkEhLIAMFq_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697bbd-7e8b686a23a84c5d473c9ef5;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:42:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FoOPmZEjC6nhw801dgqENVL-9-aC0pyFAF-fMS57XzQyfxck2GGUvA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:49:14 GMT
age: 85205
etag: "349ea78f3ad0f2f7376ba22e417226b2e06806d7"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4737
Md5:    39446652ee66d20bd73df20f1a29589c
Sha1:   349ea78f3ad0f2f7376ba22e417226b2e06806d7
Sha256: 655a00944a319ba167e99b43055044cb18bc48d53605ff0d1b6c8b1ba8ee8237
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92bcf73f-5c71-47c9-824d-b8fa1f9af018.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10781
x-amzn-requestid: c5063271-8b84-41d7-899c-958c135541c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAwTF2cIAMF0DQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b34-6b6018d826efae3e3738a7d9;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:40:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yfT-BN4Codmr6J5v6xIIIpOG5EaHI1xnOqineRxdeQ3VJ_MmujMZew==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:42:38 GMT
age: 85601
etag: "5d51855ed7cc6f8cac53eef1730212eb70b28036"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10781
Md5:    4ff4c1be0934222258267f7595f2ecde
Sha1:   5d51855ed7cc6f8cac53eef1730212eb70b28036
Sha256: 49ce70117f2b108ebcff7f8e0ac14b2583eaf6b36a10baff097b35b728ba44d9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C7GYpM3mXSf0hVyGO9Zzlxa3IHXHdyPlXsvr3i0GoQnaPZF6lO-OwA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 06:28:01 GMT
age: 54078
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10462
Md5:    4e2853cc6ec6223160471401e6871f4b
Sha1:   f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
Sha256: bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3564993-11e9-4914-840f-9a1b924c950a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4527
x-amzn-requestid: c3be9447-c43a-48d6-9aef-c0999742886c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQA1GFN5IAMFaRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b53-3bb315de52dcf6114da9ad05;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:40:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: _nFA59k8ERwiA6Ct_pZJs0WkFuagosyyiOkeQc1PuWMcno-Lpz4UfA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:42:39 GMT
etag: "f7ae1b83a0199b76dd0d31a21db4072b867e4f37"
age: 85600
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4527
Md5:    7884b85a4b30e918a0b44f73a301a78b
Sha1:   f7ae1b83a0199b76dd0d31a21db4072b867e4f37
Sha256: 9576f9ad95c958887de953dee72b267cd0ed7293ed62fb540df76a2d49fac035
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd21b731d-5fcc-42b8-ba5c-4292558c1d65.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12165
x-amzn-requestid: 7baae03c-2e22-477c-9c14-d21a26469b47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAvEFHdIAMF_XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b2d-2edb1d9722872b1166a5b085;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:39:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1QlljbC_YBobvvYSxTH2jH4a4kZAK8Am-k6CNxJrLIm1TY1gbfP1gg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:42:40 GMT
age: 85599
etag: "6f246d25b36dc880489f3af2ae8767a0f5f2542b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12165
Md5:    37802736d42529da1237e5d89e253928
Sha1:   6f246d25b36dc880489f3af2ae8767a0f5f2542b
Sha256: b21622ee7e858a4508096480ec3ffba824e96d469b0fcfa0f6daaabad296fd40
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc57b3745-ae4a-4265-b3dd-286aed8be329.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5978
x-amzn-requestid: e4cff3d7-86a7-44a8-8858-7c893c19e76c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAVFHdWIAMFQZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697a86-60d1a8250e0017a3574a6642;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:37:10 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qSguV2gfEtxsoWSMifxQEbIAAqhUDgVom0IWauJEIrFoMA5f17J-GA==
via: 1.1 599f04a365a179d553682d476509c388.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:42:26 GMT
age: 85613
etag: "8e549621e4182a257895a03db93e786bd86072a5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5978
Md5:    d22d633d497f2e25eab580a648c05434
Sha1:   8e549621e4182a257895a03db93e786bd86072a5
Sha256: 2263e6c2417c5a40885359d93939febbb9e94cef1c598b7ef95069d50275bf28
                                        
                                            GET /wp-content/themes/popcorn/css/main.css?ver=1.1.2b HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 3195
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Tue, 08 Nov 2022 05:24:21 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   3195
Md5:    c51459eac53ec2441641d5cd779794de
Sha1:   eabf493e5316e363fa2c6099c6975c1afb2b6ef4
Sha256: fd61dd607c4d030c3b20d45d4e2ffdc00deffd52fb6472cf2d021830245b3241

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /tuae/?e=qbot.zip HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

search
                                         194.1.147.66
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://superliving.co.uk/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11272)
Size:   10750
Md5:    35f1f2b94d4ecfa9813f745c232fd302
Sha1:   4c19755f822dbebc394479207c5b4464dbd2f71b
Sha256: 83ced6b87f1f4b6af4faec37880cc0719554ff9108647e535bedf7d8340e4d0c

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1 HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 11601
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Mon, 07 Nov 2022 10:34:53 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (47826)
Size:   11601
Md5:    3f7f7fa954242b63cf5127c14417c6e5
Sha1:   712c7c9ea049d297e3fb27d3c805be5c5867c4d4
Sha256: e274dc85b6107cb6054dbee83ddb1e3dda3162ca8f93b16b2d692a451cf9511d

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/popcorn/fonts/fa-minimal/style.css?ver=6.1 HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 1132
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Tue, 08 Nov 2022 05:24:21 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1132
Md5:    3154b610f0d4d02b6786da77339da8e0
Sha1:   bb1a7200f86204fd747dbf0f4d03c886eb994e77
Sha256: 6dbcbd540a43bc954816b375e1215264f64c756c79a176b1d116a4d23b409a03

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/popcorn/css/util.css?ver=1.1.2b HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 794
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Tue, 08 Nov 2022 05:24:21 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   794
Md5:    5b31fb8b209a50ddea7aa90a9be345c8
Sha1:   27bece94057eac4a0e538bac423de478d6e03c9a
Sha256: 9d6ac6b427848874003e4bbea0fdd5f8df10c598036fcd0585fdb95ff444f919

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.4.2 HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 708
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Mon, 07 Nov 2022 10:37:34 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3432)
Size:   708
Md5:    f3ca6b9879df2ed966ae1150f3353baa
Sha1:   03c9aa5c941faad5f1efb4aa66ff623220f697ab
Sha256: f33030c0a254c90f0fc701442b0468c882d105c44f20923696747cc09e7709cd

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 3995
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Mon, 07 Nov 2022 10:35:17 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   3995
Md5:    7e058b51f939eacfa31cdface14dded5
Sha1:   9d732e5afdeb42edef9e1b9631b7e95e054787cc
Sha256: 4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 3706
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Tue, 08 Nov 2022 07:42:57 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (12310), with no line terminators
Size:   3706
Md5:    dc6411bfa6891b75944f0074c945752d
Sha1:   03c1a8b686c287068c61ab90f58d905496d65085
Sha256: 96abeabc9cc7b4c2b7d46579f2827c67ccd02fbaef0343ae052f71accd381b0d

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/popcorn/js/popcornsearch.js?ver=6.1 HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 322
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Tue, 08 Nov 2022 05:24:21 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   322
Md5:    3130376714fa2c030cc5fbb9459d6698
Sha1:   9e7bb5105e066cd79de12c376caef4d3e754dd6b
Sha256: 1564940489f446426ab0f3d2c2f6e4bbb6a72556f090efbc5cc5b45412c56991

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.8.0 HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 741
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Mon, 07 Nov 2022 10:36:52 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (13766)
Size:   741
Md5:    db566adedd989d74f2014fcfa86029d4
Sha1:   47f13cb67686182dcd1ca098273474c1f63a7648
Sha256: 1f8f006be8408188d5a4e046a782eff82847eba49a3948e17fc3299ea8aa484b

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/2021/01/cropped-cropped-superliving-4.gif HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: image/gif
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 5368
cache-control: public, max-age=10368000,public
expires: Wed, 08 Mar 2023 21:29:20 GMT
last-modified: Mon, 15 Aug 2022 14:58:31 GMT
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 87a, 290 x 52\012- data
Size:   5368
Md5:    4621f421b578848c4f948dad37946074
Sha1:   aaa2aa72b105b8ba6c443aa4fb823347f7efd6eb
Sha256: 7321169d88462cdf5f272d8b3436350a7faaa371ad63ee35d351ba7581d08bb2

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 2817
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Tue, 08 Nov 2022 07:42:57 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (9937), with no line terminators
Size:   2817
Md5:    4317b1c024df372435f6482deadddeb3
Sha1:   5c8824a17e40a44ea8fc51568b98bdb1e2e7fab5
Sha256: 3798fb16289ba55459fb6d3b2efa915e3c019c5942759abb7bd19a0ef622b85d

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.4.2 HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 2660
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Mon, 07 Nov 2022 10:37:36 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (8014), with no line terminators
Size:   2660
Md5:    4260ecd7b11c8b2261939504401ec355
Sha1:   f0e4955a2e1e589891a198d7e1508a96013ff9e1
Sha256: c58c19b04900fc0cadf8f7f8ad6da45e381e7bd5872fb64e8ede1b316d77b58f

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/popcorn/js/popcornnav.js?ver=6.1 HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 96
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Tue, 08 Nov 2022 05:24:21 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   96
Md5:    d51dc92fe8d60e86a079a6c918cc3c8e
Sha1:   4c2510cfe17f72d0e139fae479297e6605270e28
Sha256: 0c6eace2072999b2d656ed144c5fdd9c2e3532e8f619aeeac6efb112714ca0cd

Alerts:
  Blocklists:
    - fortinet: Malware
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.8.0 HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 18162
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Mon, 07 Nov 2022 10:36:52 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65497)
Size:   18162
Md5:    ee4463ac468ee39eea8ff0e5570e3e1d
Sha1:   e9dc451292b5726122f0cc9646aed0c675feff50
Sha256: dc05465601ddab95dcfd58747074a3e84f145423650f49e7296715477974c24d

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 30324
cache-control: public, max-age=31536000,public
expires: Wed, 08 Nov 2023 21:29:20 GMT
last-modified: Mon, 07 Nov 2022 10:35:17 GMT
content-encoding: br
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   30324
Md5:    3a1740685bd5c0bbd5f2b812e1eb7fb4
Sha1:   488e07695da787fed18361c50292aef35abb5e81
Sha256: 4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/popcorn/img/cat-popcorn.jpg HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 62826
cache-control: public, max-age=10368000,public
expires: Wed, 08 Mar 2023 21:29:20 GMT
last-modified: Tue, 08 Nov 2022 05:24:21 GMT
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3\012- data
Size:   62826
Md5:    86118be7041c365320094d37fef0144f
Sha1:   3afb1827dca805f87a2bad67d7203d989b521fbd
Sha256: 3d8fc2c96a4ba0fec3213e93c5b8759d06adf0fb6612bdd75cff5fad7329d9d8

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/popcorn/img/search-icon.png HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: image/png
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 598
cache-control: public, max-age=10368000,public
expires: Wed, 08 Mar 2023 21:29:20 GMT
last-modified: Tue, 08 Nov 2022 05:24:21 GMT
vary: Accept-Encoding,Origin
wpx: 1
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 18 x 19, 8-bit colormap, non-interlaced\012- data
Size:   598
Md5:    41e5308653cd822e89bf4c70a3368ca7
Sha1:   a0c8c414a66b14528db89005965c73a23da69443
Sha256: 873f79f87fad0c56389cb5d813acfd5e0a58dc95a66c4e54f9f1e853cd9de5f4

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/2021/01/cropped-superliving-2.gif HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: image/gif
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 8890
cache-control: public, max-age=10368000,public
expires: Wed, 08 Mar 2023 21:29:20 GMT
last-modified: Mon, 15 Aug 2022 15:05:17 GMT
vary: Accept-Encoding,Origin
wpx: 1
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 87a, 475 x 86\012- data
Size:   8890
Md5:    f34d97373cbd7b90217fc29eebe7c4e9
Sha1:   57a8ea515b12fc9bd424d47061459133ce8285e3
Sha256: 546fbf5b6ba7f42a9759855faf63440146c833110d3427adda485bbc61c36527

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/2021/01/cropped-superliving-3-32x32.gif HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: image/gif
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 903
cache-control: public, max-age=10368000,public
expires: Wed, 08 Mar 2023 21:29:20 GMT
last-modified: Mon, 15 Aug 2022 15:00:27 GMT
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 87a, 32 x 32\012- data
Size:   903
Md5:    b7c1a622688075bd5ebd1472fb292bf7
Sha1:   4ccdf1c8c993005e3f2c475d50867bc13d69c450
Sha256: 99a5fac2a51716ecbd324237da8b057fc18a30176f8e1df2a985523ad3afd6cb

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/2021/01/cropped-superliving-3-192x192.gif HTTP/1.1 
Host: superliving.co.uk
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://superliving.co.uk/tuae/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         194.1.147.66
HTTP/2 200 OK
content-type: image/gif
                                        
date: Tue, 08 Nov 2022 21:29:20 GMT
content-length: 11260
cache-control: public, max-age=10368000,public
expires: Wed, 08 Mar 2023 21:29:20 GMT
last-modified: Tue, 27 Apr 2021 22:45:41 GMT
vary: Accept-Encoding,Origin
wpx: 1
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
x-turbo-charged-by: LiteSpeed
x-edge-location: WPX CLOUD/NOR01
server: WPX CLOUD/NOR01
x-cache-status: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 192 x 192\012- data
Size:   11260
Md5:    a028347b5831942c2f690d3814e5c189
Sha1:   9ec24504b077b7d7ddc93318b6772a781c8ca81d
Sha256: 967173223ec8b59bd8c046db49e9ab0db898753f932d1bc6661fccab306d7855

Alerts:
  Blocklists:
    - mnemonic_dns: Sinkholed
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02ba851a-86f3-43b7-8371-24e96a151dec.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7442
x-amzn-requestid: f8fedc67-c5ed-41b5-a384-6d45596197fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bKusfEbxoAMF67Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63675e4f-1459fdf653f4ee6f3dda084f;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 07:12:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8Sq8nD9sNRWeMedFxLrUEnILqEPv0Fr09OAkze6_Polg99dAXI4eiw==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 04:07:31 GMT
age: 62515
etag: "8bb15829bec5bbded9b864e73d8fbf1059cd4afc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7442
Md5:    36a5fcfdd58558031f15af5d13ebe21f
Sha1:   8bb15829bec5bbded9b864e73d8fbf1059cd4afc
Sha256: 544bb499e28cc9d1e0bffccacf74411bbe7186959d9f1ba54edbd167935b9055