Report - nuancedigital.qa/omr/aqtueut

Report Overview

Submitted URL
nuancedigital.qa/omr/aqtueut
IP
119.18.49.15
ASN
#394695 PUBLIC-DOMAIN-REGISTRY
Submitted
2022-10-27 19:51:34
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
180

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	3.0 kB	8.0 kB	23.36.76.226
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	682 B	1.6 kB	93.184.220.29
away.cdnbestplatform.com	unknown	2022-10-27T16:34:25Z	2023-02-22T21:06:17Z	509 B	645 B	91.211.91.104
groundflares.com	unknown	2022-09-28T23:00:56Z	2023-03-10T00:31:20Z	1.5 kB	973 B	185.177.94.152
broworker4s.com	unknown	2022-10-07T18:21:26Z	2023-03-10T08:51:57Z	824 B	728 B	51.15.18.159
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.8 kB	76 kB	34.120.237.76
www.nuancedigital.qa	unknown	2017-12-27T02:09:33Z	2023-02-10T23:27:00Z	16 kB	224 kB	119.18.49.15
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-10T12:25:49Z	429 B	1.8 kB	142.250.74.10
0.groundflares.com	unknown	2022-09-28T23:00:52Z	2023-03-10T00:31:18Z	1.1 kB	551 B	185.177.94.152
new.weatherplllatform.com	unknown	2022-10-25T22:18:12Z	2023-03-09T14:32:19Z	382 B	377 B	91.211.91.114
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	34.218.159.206
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	1.4 kB	2.8 kB	142.250.74.35
www.google.com	7	2015-05-10T13:11:19Z	2023-03-10T12:19:40Z	427 B	1.2 kB	142.250.74.164
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-10T13:03:15Z	390 B	44 kB	142.250.74.168
nuancedigital.qa	442831	2017-12-25T21:12:24Z	2023-03-04T04:55:45Z	457 B	10 kB	119.18.49.15
di4.biz	unknown	2017-01-20T20:13:06Z	2023-03-10T01:48:50Z	1.1 kB	611 B	185.177.92.179

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-27	medium	www.nuancedigital.qa/omr/aqtueut	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/themes/geobin/assets/css/owltheme.css?ver=1.0	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-includes/css/dist/block-library/style.min.css?ver=5.9.5	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/css/mainstyles.css?ver=3.14	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/themes/geobin/assets/css/owlcarousel.min.css?ver=1.0	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/themes/geobin/assets/css/icofonts.css?ver=1.0	Malware
2022-10-27	medium	nuancedigital.qa/omr/aqtueut	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/js/app.js?ver=3.14	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/themes/geobin/assets/css/style.css?ver=1.0	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/waypoints.min.js?ver=1.0	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/main.js?ver=1.0	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/jquery.counterup.min.js?ver=1.0	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/easy-pie-chart.js?ver=1.0	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/popper.min.js?ver=1.0	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/owl.carousel.min.js?ver=1.0	Malware
2022-10-27	medium	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/bootstrap.min.js?ver=1.0	Malware
2022-10-27	medium	groundflares.com/b91698fd2.js	Phishing
2022-10-27	medium	0.groundflares.com/b91698fd2.js	Phishing
2022-10-27	medium	groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3	Phishing

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	nuancedigital.qa	Sinkholed
2022-10-27	medium	di4.biz	Sinkholed
2022-10-27	medium	di4.biz	Sinkholed

JavaScript (22)

	URL	Size	First Seen	Last Seen
	www.nuancedigital.qa/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10	6.2 kB	2023-03-07	2024-04-18
Pretty URL www.nuancedigital.qa/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10 IP 119.18.49.15 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-18 15:46:17 Times Seen824 Hash b739d72c47c93702aef206eb58857289 fdc2a712672c64f317df41073aec28d7b01a5e6e dcbe862273a5d7cb61ffaa1eda7e0a1ecb466ca5e08a592fae3e6d1824960293 Loading...

	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/popper.min.js?ver=1.0	19 kB	2023-03-07	2024-01-24
Pretty URL www.nuancedigital.qa/wp-content/themes/geobin/assets/js/popper.min.js?ver=1.0 IP 119.18.49.15 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27:36 Last Seen2024-01-24 16:48:33 Times Seen136 Hash 499c736b389842485292bd8cd0b9b3fd 5e8d1df55dc690485b8bcdec20b8f159402267e6 32f81bf83cab69d72c36d23efaa3436b31b849912224330363a7b25bc508ca88 Loading...

	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/owl.carousel.min.js?ver=1.0	51 kB	2023-03-08	2023-11-25
Pretty URL www.nuancedigital.qa/wp-content/themes/geobin/assets/js/owl.carousel.min.js?ver=1.0 IP 119.18.49.15 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:05:48 Last Seen2023-11-25 14:03:09 Times Seen13 Hash 371f32e37080d88b31d44c0a4704467b 1a2ee3f2227c1630ffe9e7c457a85d2a5aac5cc4 8c5a43424071ab57da147d7b757bd24efb8e9eb678c7f3c25fe06ea8b229626e Loading...

	groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3	705 B	2023-03-07	2023-04-05
Pretty URL groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2023-04-05 02:03:39 Times Seen49 Hash dd81871bef578a008b6d389ca0d1a234 31f4851126c5708430334e0b3b5674d7b22f1c2d f4805b1fa2c14f4bfb52cbfcdbd03a7ff3ace4aac7dc2466f0501d5cdfd19954 Loading...

	groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3	8.1 kB	2023-03-10	2023-03-10
Pretty URL groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 16:45:57 Last Seen2023-03-10 16:45:57 Times Seen1 Hash 89c097da4a688945ad642cf387cbe810 ed903b3d54ab57d559ccb1e3d71242f70e3103fc 5eafdc6c4b67256ebfde262e3aae99453e0ba25e717afbcb1e2f2331d2880b14 Loading...

	groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3	29 kB	2023-03-07	2024-01-03
Pretty URL groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2024-01-03 10:59:23 Times Seen188 Hash ae7f0f1874bd3e9a6a0e9736f3307398 f9ea5e0bc3f3f8039b7d2835e9d8aa775621b9d3 cf8229ead2362ab9f5b9f608b9eb668414a21aca7c9bcc0c90b138415abf72cf Loading...

	www.nuancedigital.qa/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9	6.5 kB	2023-03-07	2024-04-19
Pretty URL www.nuancedigital.qa/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 IP 119.18.49.15 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:19 Last Seen2024-04-19 07:32:31 Times Seen2797 Hash 64e89b93b02055fb75ea0913089ded0b 9ccf854a6acedb27496725fa7570a670fd7bd572 a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd Loading...

	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/jquery.magnific.popup.js?ver=1.0	44 kB	2023-03-07	2024-04-18
Pretty URL www.nuancedigital.qa/wp-content/themes/geobin/assets/js/jquery.magnific.popup.js?ver=1.0 IP 119.18.49.15 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:54 Last Seen2024-04-18 13:36:03 Times Seen186 Hash 480ecf294c28becf9b85e166ec46a720 a390c2346dbf057b3c2447ac659f2010d823b0c3 63d576b7e46477e414fccfa292d0415a192bd4a3ddb8ef4452f94d84554e18ab Loading...

	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/bootstrap.min.js?ver=1.0	49 kB	2023-03-07	2024-04-18
Pretty URL www.nuancedigital.qa/wp-content/themes/geobin/assets/js/bootstrap.min.js?ver=1.0 IP 119.18.49.15 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:33 Last Seen2024-04-18 13:36:03 Times Seen587 Hash d061ab58270e692309b728296e90bba2 c9b4b1b279855515ea3f919adc71420664b18000 b00834c17c50af103e353ef86a69d90bbcaa819ed92b4d6ed670a425514e3c3a Loading...

	groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3	3.1 kB	2023-03-07	2024-01-03
Pretty URL groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2024-01-03 10:59:23 Times Seen191 Hash 68e280edf3cadafe4af8ccdc8782024d 7467ad11f5f3a21a3a4e0ab8556912db67311d90 3d8d725c431734a47f6dbbce8a3546d9490407d342cfbb48eba2eeddede260aa Loading...

	www.nuancedigital.qa/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1	12 kB	2023-03-07	2024-04-18
Pretty URL www.nuancedigital.qa/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1 IP 119.18.49.15 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:48 Last Seen2024-04-18 02:50:18 Times Seen5597 Hash a76f61318af036823b08d73536486be6 31ff9b215dcef9151b9f4fc50ea91a9df1962102 abc9faa4970e07db7d506d6b2a98e4c86223be305c7541ced54ea2e15f99a76e Loading...

	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/waypoints.min.js?ver=1.0	9.0 kB	2023-03-08	2024-01-09
Pretty URL www.nuancedigital.qa/wp-content/themes/geobin/assets/js/waypoints.min.js?ver=1.0 IP 119.18.49.15 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:05:48 Last Seen2024-01-09 11:40:31 Times Seen3 Hash 8b530a8d7faeeae8a9a62cd7ef5744f7 de6e25b2c96c549663c1580aa4df45ccfab22a78 191f2c2109588093a1c134a6ae72cd7f5322ccbbec4412f8b12706fd430bc89d Loading...

	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/main.js?ver=1.0	7.3 kB	2023-03-10	2023-03-10
Pretty URL www.nuancedigital.qa/wp-content/themes/geobin/assets/js/main.js?ver=1.0 IP 119.18.49.15 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:10:11 Last Seen2023-03-10 17:10:37 Times Seen1 Hash 9d6b9bbae6105cd79032b2c4249ce08c a7ab7738ae5ae3a90531dbd3443bbb707303c4c9 75095ce5c05651895f3137d86cfebceda39ae5f79b4124c637d0a59c596b08e4 Loading...

	www.nuancedigital.qa/wp-includes/js/jquery/jquery.min.js?ver=3.6.0	90 kB	2023-03-07	2024-04-19
Pretty URL www.nuancedigital.qa/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 IP 119.18.49.15 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:32 Last Seen2024-04-19 15:27:18 Times Seen4931 Hash 0732e3eabbf8aa7ce7f69eedbd07dfdd 4cd5ddc413b3024d7b56331c0d0d0b2bd933f27f ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b Loading...

	away.cdnbestplatform.com/go.php?id=3245467-34-56736-11	200 B	2023-03-10	2023-03-10
Pretty URL away.cdnbestplatform.com/go.php?id=3245467-34-56736-11 IP 91.211.91.104 ASN #206638 PE Brezhnev Daniil Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 16:44:57 Last Seen2023-03-10 16:45:57 Times Seen1 Hash 93c62bd52c18dba8b47aae98f59024d9 003dfadda5150d073de368348eef5e5d5bf37c37 d29b3eeeab083704bbcb0dd76aa4f793ec2c54d44c4a9527a3395713b8411b68 Loading...

	groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3	203 B	2023-03-07	2024-01-03
Pretty URL groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3 IP 185.177.94.152 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:57 Last Seen2024-01-03 10:59:23 Times Seen188 Hash c4824c2a16d2c8bb70469ed7b8508f34 783dcaa37fcdd311197de60f0c55ab5367be4fe2 f97308b8745f77dc6b279dafa3f98d4e64de2f494681e452a477afaa13b4d1fb Loading...

	0.groundflares.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=speedm3	8.1 kB	2023-03-10	2023-03-10
Pretty URL 0.groundflares.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=speedm3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 16:45:57 Last Seen2023-03-10 16:45:57 Times Seen1 Hash 7300beee9e52a096b3af090700b69c91 3c71059887f8490edbbb5f37e3ed2f4dd5675c0e f5d2cb1adfc03bdb8b807e883af415e6713239e32a9b520574ed61a7cd55cc26 Loading...

	www.nuancedigital.qa/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	11 kB	2023-03-07	2024-04-17
Pretty URL www.nuancedigital.qa/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP 119.18.49.15 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:45:05 Last Seen2024-04-17 11:26:19 Times Seen228 Hash 84cf3d32b3d78abe75d6f5e9f8354dcc a0eafbfb48cdcaa246b58346cd7ebfd67458adf3 d301bad6e867bd0803600fb51a818a777655abe5513a2e9ac1128502d93f09ac Loading...

	www.nuancedigital.qa/wp-content/themes/geobin/assets/js/easy-pie-chart.js?ver=1.0	10 kB	2023-03-10	2023-03-10
Pretty URL www.nuancedigital.qa/wp-content/themes/geobin/assets/js/easy-pie-chart.js?ver=1.0 IP 119.18.49.15 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 13:10:11 Last Seen2023-03-10 17:10:37 Times Seen1 Hash 4cc833de0d685a56bc93b9c6886120e9 0bf6a480c257b2b1542cdbeb0771335a3ea67a15 8b410c3211891f7b5aa0574c9d20eaf0d4b7b3559116f2b8c0e2d2c99ab09a35 Loading...

	new.weatherplllatform.com/pick.js?v=7.77.3	2.3 kB	2023-03-08	2023-03-11
Pretty URL new.weatherplllatform.com/pick.js?v=7.77.3 IP 91.211.91.114 ASN #206638 PE Brezhnev Daniil Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:46 Last Seen2023-03-11 23:34:29 Times Seen1 Hash b44eea14204182e61452dea83f5896b8 0142488636ef1fe4ada476225e58147babd9fa63 af8b20e40e19ff4a8c23e6d714c04934c802e83dd397f79795aa5a3b684f8b7f Loading...

		Size	First Seen	Last Seen
	#1 Eval - 03311e1c436c92c9fba29101a7642c30	7.9 kB	2023-03-10	2023-03-10
Pretty Observations First Seen2023-03-10 16:45:57 Last Seen2023-03-10 16:45:57 Times Seen1 Hash 03311e1c436c92c9fba29101a7642c30 8534cc43404d11edf8003e2f3355cd97e186145b 07224953dbc6bfc98550a3af37f8d4a8ca101b287075fa57922b4c9066aa785a Loading...

	#2 Eval - c06fd6034ed11e686bbb786feca1c32c	8.1 kB	2023-03-10	2023-03-10
Pretty Observations First Seen2023-03-10 16:45:57 Last Seen2023-03-10 16:45:57 Times Seen1 Hash c06fd6034ed11e686bbb786feca1c32c ec8d2bdf898ff6ad9601ad35392456e1f2f7e9ba 3a74d315f5012db12cb7828abb045af376fdceca3a39c6af5a8e1657a5408220 Loading...

HTTP Transactions (72)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4c9ec202b798d350b6582220b7bb8457
d16ca24cd60b349231ad06fa5db32f54a3bc9e09
df036d315a613ac6396b77afb0a4ea5f793091786be0cbf3f3a0d043bc1d1d3c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF036D315A613AC6396B77AFB0A4EA5F793091786BE0CBF3F3A0D043BC1D1D3C"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2722
Expires: Thu, 27 Oct 2022 20:36:44 GMT
Date: Thu, 27 Oct 2022 19:51:22 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
221b3fe9a6458de64d8bbfcd4a8e2f36
988c93428ff15108d46a11865e1c7e2782fbae34
a5ff1b60b9ef85086d0c6617d9d39cf17ae45855bf7b0ee24ec49ad5a863c18e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1615
Cache-Control: max-age=137201
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:51:23 GMT
Etag: "635a4fdd-1d7"
Expires: Sat, 29 Oct 2022 09:58:04 GMT
Last-Modified: Thu, 27 Oct 2022 09:31:09 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22eebb819dc140cc288474d9891526b4
45c18772664e9e3efb6a44d7da93699c81f71827
ce6a96e470dbfb48ff42fdaf5eaa464a87dc60b495e3e2767086ec0b6564fdd7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE6A96E470DBFB48FF42FDAF5EAA464A87DC60B495E3E2767086EC0B6564FDD7"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11965
Expires: Thu, 27 Oct 2022 23:10:48 GMT
Date: Thu, 27 Oct 2022 19:51:23 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: ssXn3JWy0SSHdbquzdymGa0RUJcpp3OTJkGXQg8tOTtZW2peGJ9E+Kmwsf0YGIX1CYdC6o+yrWw=
x-amz-request-id: 6Z6FB9VFMGJSVAMK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 27 Oct 2022 19:09:57 GMT
age: 2486
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:51:23 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
38be39969611eb137b29488b446d1ef4
379b4d332444158157b510736f84e882ba60ea1a
b8a597eb19faaac4ec26b8e4bf00b942ec66f72f4d9f2a4bc50f477eee28f94e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8A597EB19FAAAC4EC26B8E4BF00B942EC66F72F4D9F2A4BC50F477EEE28F94E"
Last-Modified: Wed, 26 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21566
Expires: Fri, 28 Oct 2022 01:50:49 GMT
Date: Thu, 27 Oct 2022 19:51:23 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d72d2f5d05f03753594e43fd34398221
ac6795c1c33f3fa2139e7f8dc601c3e6de6029a5
036c965156cf07faecc342cb2e30b7a20def68ad4a10423951ce871a7a3a6777

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3395
Cache-Control: max-age=133921
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:51:23 GMT
Etag: "635a3c19-1d7"
Expires: Sat, 29 Oct 2022 09:03:24 GMT
Last-Modified: Thu, 27 Oct 2022 08:06:49 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.218.159.206

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.218.159.206:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VuaSV7tzMnOLmpsyh3YPcQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3aoMjvENsODYAfwDwtTunD/pcoQ=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5477
Expires: Thu, 27 Oct 2022 21:22:41 GMT
Date: Thu, 27 Oct 2022 19:51:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5477
Expires: Thu, 27 Oct 2022 21:22:41 GMT
Date: Thu, 27 Oct 2022 19:51:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5477
Expires: Thu, 27 Oct 2022 21:22:41 GMT
Date: Thu, 27 Oct 2022 19:51:24 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4524 bytes)
Hash
91ee720c15dc69de45080d0c951353af
5292b31a99d90bcb7071f327b93d52034bdf9dcb
7fbe9f0f6db08fd539f2e8d4ac22e3b4d5ca14f7cde69f8424cce8b361d026e6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4524
x-amzn-requestid: a493efe7-11c7-4032-b36b-7f838f8180bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aljicH_6IAMFqpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63587fa9-0f15eae7680ea7b15e5e47ec;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 00:30:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OV7g4Y4fcQGijljebzHQtnpKdcPKw6LTxqORxxBJL2lFPYQLLoyNuQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 00:44:24 GMT
age: 68820
etag: "5292b31a99d90bcb7071f327b93d52034bdf9dcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fe841-b0a7-4f17-8713-d982fcedd316.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6306 bytes)
Hash
27838ba1a0dc8484cc39e787b1e35c24
317f858e36816c2605e0ca91fd7ba60896bc082d
f5b148a13cdcdf31e83ba5db3da139f581778d8b843b8f59ab0c9f08990d0374

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fe841-b0a7-4f17-8713-d982fcedd316.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6306
x-amzn-requestid: c5a693a2-df65-4c7a-a755-133e0dbf14e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apW_tHDGoAMFp2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a0531-72afd432100cd0117ec18934;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 04:12:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NHW-9SOjQC6lVwPls0OvxKPmyyvXjVp-k6Ht5Jhn6MHbu4lAXbvo-Q==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 04:38:42 GMT
age: 54762
etag: "317f858e36816c2605e0ca91fd7ba60896bc082d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9720 bytes)
Hash
2193431d88baf9af6829421cd13743ff
a192ab139ad0dc5cf206986eb06028ddad224e46
c535e09fb4a53ca580f5f5926d1494c50b6ad6c7c9ec78df6b7015213852b737

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9720
x-amzn-requestid: 6b4749ca-bcb9-4274-a309-e6d463851a6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aV_n6FOSIAMFroA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63524632-56186f1f2a0bf68f6dba843b;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 07:11:46 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DjRLNrY4BFc3GwHGBW40LIyh-RYT3hshdKPxXok4KE97fGvatXN6yQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 11:05:53 GMT
age: 31531
etag: "a192ab139ad0dc5cf206986eb06028ddad224e46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F577b3c1d-3b6e-4105-8d19-8557bacffa02.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15768 bytes)
Hash
4ded5eb41644bfe7ea87cff5ab0d79f0
9b13eca2d768277b92c05a8a82743018489783a6
3de7fcc3e9c8a107e4c5d6e59506ec71e68129a8351e47af63930873775ac3f9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F577b3c1d-3b6e-4105-8d19-8557bacffa02.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15768
x-amzn-requestid: ab678277-5d12-4ae2-9af7-f15fab294657
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aRoclEbBoAMFz9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63508783-344a14d17bfcd6b12ffe02b0;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 23:25:55 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: AgS3Yq-WCRRnFvCxMcwq13lQz8cGvvdwZ51C3H0szmB0iyZLb9mf-A==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:58:12 GMT
age: 78792
etag: "9b13eca2d768277b92c05a8a82743018489783a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabc32527-e3a5-4250-9792-7b6bceea4bac.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9256 bytes)
Hash
e307787eef6193fe4988367feb5e07d9
f50d8270aeb43fb15457d961f925cf2b38060240
d69ba1c958614a831462b81a046bb6a59e353db0b63d23b060b84df124057452

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabc32527-e3a5-4250-9792-7b6bceea4bac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9256
x-amzn-requestid: 25249b1e-6ef4-432c-b370-a645259c0727
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aoeDVHAyIAMFo9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359aa15-73f252de0cc8d8246183f658;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:43:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V7UFjzwuVqIZJiJg_Q3BWuSd8B_aghBauo7NYg2EYT3MDme-jggsYA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 22:11:54 GMT
age: 77970
etag: "f50d8270aeb43fb15457d961f925cf2b38060240"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4709 bytes)
Hash
c92c49279a7704d715e50836676d1abb
3092b4dbd87f7e5a2eff65c463da9c5103ff748a
6941145d63e68abf0f20081517faa4082eed3c59f8b8a69066f70b29d90fd355

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4709
x-amzn-requestid: c2923a57-57c4-4d62-83bc-e4c8b61aa2bd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aocuiGeeIAMF9Dg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359a7f6-7e47cfe804e333cc540f162a;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:34:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: M72Vjcyc06ihmWcqr2_Xrk8dGcC5pCoDidg5rhtRkVddavcUFE6G6w==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:47:37 GMT
etag: "3092b4dbd87f7e5a2eff65c463da9c5103ff748a"
content-type: image/jpeg
age: 79427
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f046e6113dd1e5e499c765516be08b17
c2253055e09b46209469853cad8720e64f84a1bf
18663a8f0b5d4d7581b771da6c2dc897bc2b82d51d7dac1a56d22f9bebab6fb3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:51:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.nuancedigital.qa/omr/aqtueut

119.18.49.15

404 Not Found

14 kB

URL HTTP/2
www.nuancedigital.qa/omr/aqtueut
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
data
Size
14 kB (14424 bytes)
Hash
421866ec8c1d4b3e17b8ed35c0d40e76
75de25cb48f63a008247155569ac29ffd9717b16
38943903b54071b2ec04675dcc74151077d6276f0369a1efb29cc4a2600517a5

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /omr/aqtueut HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 404 Not Found
date: Thu, 27 Oct 2022 19:51:26 GMT
server: Apache
content-type: text/html; charset=UTF-8
pragma: no-cache
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.nuancedigital.qa/wp-json/>; rel="https://api.w.org/"
content-encoding: gzip
vary: Accept-Encoding
set-cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4; path=/; secure; HttpOnly
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a63ea2903767bb46326d85331e42e34e
b113b248df6025ed117551b7baa1960316122415
4ba54e12a06237d2c396d93e1cf9513b066074df9993ee408ee2bfb365c5f3c6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:51:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Nunito%3A%2C800%7CAsap%3Aitalic%2C500italic

142.250.74.10

200 OK

1.1 kB

URL HTTP/2
fonts.googleapis.com/css?family=Nunito%3A%2C800%7CAsap%3Aitalic%2C500italic
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.1 kB (1064 bytes)
Hash
aa27f078cbc5d0a2c74fdc78156565da
486547964cb7acb4f52db9283be355a328bd1162
b0d8e8682cedb25d8191c085a1afac5d0d299f5c07e78f3714e6175d66ea8e2c

HTTP Headers

GET /css?family=Nunito%3A%2C800%7CAsap%3Aitalic%2C500italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 27 Oct 2022 19:51:27 GMT
date: Thu, 27 Oct 2022 19:51:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js?render=6LeKfV4hAAAAAH9LosYloXkfiIrLxuan9GacUhUW&ver=3.0

142.250.74.164

200 OK

583 B

URL HTTP/2
www.google.com/recaptcha/api.js?render=6LeKfV4hAAAAAH9LosYloXkfiIrLxuan9GacUhUW&ver=3.0
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (884), with no line terminators
Size
583 B (583 bytes)
Hash
33186748a005610c7cabe7ccd6536904
7883cb01be294fdd83b8e98214bd804fc556dc96
72340b584d1ec747b324db26e20e66b678ac0403c88ce5abc0a8b9d25c6bf27d

HTTP Headers

GET /recaptcha/api.js?render=6LeKfV4hAAAAAH9LosYloXkfiIrLxuan9GacUhUW&ver=3.0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Thu, 27 Oct 2022 19:51:27 GMT
date: Thu, 27 Oct 2022 19:51:27 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 583
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/css/owltheme.css?ver=1.0

119.18.49.15

200 OK

616 B

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/owltheme.css?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
616 B (616 bytes)
Hash
233b2eaafce1b242f64f65e13d82a51e
65b86daacde29a575f024f908243ebc36e6cbd9f
50ea60ae45a8291bbe45914c6c18987cfcb6d3ce4d61ffaad11b2f631d8da279

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/css/owltheme.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:14 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 616
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-includes/css/dist/block-library/style.min.css?ver=5.9.5

119.18.49.15

200 OK

11 kB

URL HTTP/2
www.nuancedigital.qa/wp-includes/css/dist/block-library/style.min.css?ver=5.9.5
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (39791), with CRLF line terminators
Size
11 kB (11102 bytes)
Hash
2dd8a0297bf78fdbcff7f8eea01499e7
a658a36f395090c19e28a23d923aac41f6902ed8
4c37d1af1d16942416317e69e36ecc76f58d9613345438ad0b68750e992134e1

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=5.9.5 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 25 Aug 2022 23:43:24 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 11102
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/css/mainstyles.css?ver=3.14

119.18.49.15

200 OK

1.1 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/css/mainstyles.css?ver=3.14
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1128 bytes)
Hash
8847b200fc704c7988394ea77782bde2
551fab44123fc5f7961a5a84588966c783ce87e3
85b39cbc5a36fade0471524bf993cd6bfbbb4e6ca6a0d7a78dae5646f2c50119

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/css/mainstyles.css?ver=3.14 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 14 Oct 2022 11:13:02 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1128
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/css/owlcarousel.min.css?ver=1.0

119.18.49.15

200 OK

1.1 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/owlcarousel.min.css?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1099 bytes)
Hash
64f3cfc95d56f68bfd4484c19cc9e353
dd7804a382cc04681a8dd04ef2698c047d1b665c
e5881c2d80b9ca505518c643b2eccfbc3bc2973e275b541d74cd7fb382815919

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/css/owlcarousel.min.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:16 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1099
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/css/icofonts.css?ver=1.0

119.18.49.15

200 OK

2.8 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/icofonts.css?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
2.8 kB (2759 bytes)
Hash
ad600c029011eb73b9f831da130ecc2f
8fffc0b17e569eb9d3e36388575f21d22cc63955
ded108f92cd277eeb2a63b5f5b9da6b5e4f4b94979cfbe2c31fc7c3542f56c61

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/css/icofonts.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:16 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2759
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/css/blog-style.css?ver=1.0

119.18.49.15

200 OK

5.6 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/blog-style.css?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
assembler source, ASCII text, with CRLF line terminators
Size
5.6 kB (5603 bytes)
Hash
8f549493473cb739b946f94bf3da6e98
82b717e07877d0df51be117bbf18d3fb90aff958
44b165e2a7dc38577885ac1d0bf31613599d88114ca64ac5056cc2ee4a32da35

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/css/blog-style.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:18 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 5603
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-158043906-1

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-158043906-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1588)
Size
44 kB (43634 bytes)
Hash
161eff61b8f0d8a361895323f8e2adda
ad1706177fa6159bc6d773e667a5413476cfc28e
c6d017a0a48c71af97b53c5e27a9e33efbe5afadb809dfe9681619b0026016c2

HTTP Headers

GET /gtag/js?id=UA-158043906-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 27 Oct 2022 19:51:27 GMT
expires: Thu, 27 Oct 2022 19:51:27 GMT
cache-control: private, max-age=900
last-modified: Thu, 27 Oct 2022 19:15:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43634
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4cdf16c5333628708fae7b304303fc48
23654b66838aa89e8b975a9e6c0251d2f8f18366
6f3935f102b0dcfee703eb07abcf04d9181fdfe13fae4d7566aed743a00beb9c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:51:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c14c3f7d8817b44fda85ba769cc83062
bf41520c5a807058748db49621e7d6ee4ecf5729
eb15bf461ab810e1487ece424600f22d33bebc4f438ef6a10927df18dda0d216

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 19:51:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.nuancedigital.qa/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0

119.18.49.15

200 OK

6.9 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (30837)
Size
6.9 kB (6928 bytes)
Hash
10bb8483b915813f543677f506467ff6
5b385098d3d633235f9a5c731985a43c9125df6d
970d86b37614a80420b44ba9fd03939bdab9bf323e543f2bcb0f55c4a3fae711

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Oct 2022 23:48:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 6928
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/css/bootstrap.min.css?ver=1.0

119.18.49.15

200 OK

19 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/bootstrap.min.css?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (65313), with CRLF line terminators
Size
19 kB (19389 bytes)
Hash
7ae6f6409229ffd0b8131ef18e24fa88
e5ea25c6167a22b2faad298cfe820c122508dc1c
ab8e9cda5fcbbc15b4def58e38a483f361fccd49fbcd6ec43795dd027202a21c

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/css/bootstrap.min.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:18 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 19389
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

nuancedigital.qa/omr/aqtueut

119.18.49.15

301 Moved Permanently

9.6 kB

URL HTTP/2
nuancedigital.qa/omr/aqtueut
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document text\012- assembler source, Unicode text, UTF-8 text, with very long lines (684), with CRLF line terminators
Size
9.6 kB (9611 bytes)
Hash
d1156a8838cafde62a982e413a5f3f6c
0aed2c6294ffa6820ef205f555d190091861754c
35821d130129a9598286e79f9ac1b4a5e67f6abc5a3cda37ba033557eb8cddab

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /omr/aqtueut HTTP/1.1
Host: nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
date: Thu, 27 Oct 2022 19:51:23 GMT
server: Apache
content-type: text/html; charset=UTF-8
pragma: no-cache
expires: Thu, 27 Oct 2022 20:51:25 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
content-encoding: gzip
vary: Accept-Encoding
location: https://www.nuancedigital.qa/omr/aqtueut
x-server-cache: true
x-proxy-cache: MISS
set-cookie: PHPSESSID=8435654a5b0a2ab003155875187cee73; path=/; secure; HttpOnly
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/css/responsive.css?ver=1.0

119.18.49.15

200 OK

2.4 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/responsive.css?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
2.4 kB (2444 bytes)
Hash
42e16ad716ebe0106f6118603aa4da60
223b36639cdbd4eb4a6c4fb22b99399e5d9441de
22b20d8734353f22bf729f34f9e1d7bcb362c773fc3a2f2e36d164e0d280e9b8

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/css/responsive.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:14 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2444
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1

119.18.49.15

200 OK

3.2 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (1577)
Size
3.2 kB (3243 bytes)
Hash
44fccb0d9f8f584ed10c013605467d64
898b00892bf7d05701de0a85f40ebf97be2ec195
c363b81fb2b98243ca5f0f43b885c46e5d15b8402355045678fbbc5aea2e290b

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.1 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 24 Oct 2022 20:39:00 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3243
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/js/app.js?ver=3.14

119.18.49.15

200 OK

542 B

URL HTTP/2
www.nuancedigital.qa/wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/js/app.js?ver=3.14
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
542 B (542 bytes)
Hash
ac75fba5a3e7fe8159455348490115f6
e2d651cf71958e0ea1eb2037f607ace432162c33
d360b83b3657441f3943e4536da5a6719ed5485565ebc1acac9981479a596298

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/click-to-chat-for-whatsapp/prev/assets/js/app.js?ver=3.14 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 14 Oct 2022 11:13:02 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 542
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

119.18.49.15

200 OK

4.2 kB

URL HTTP/2
www.nuancedigital.qa/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (11126), with CRLF line terminators
Size
4.2 kB (4170 bytes)
Hash
7ae57a61a2e13e8cbd699c3ca7dc104c
28db5d970b82f96ebd180501a227cfc897db1c15
0454c42f651f80d5cf0beed15346df03f7c0c5214bc24f7be350926cf72dab1f

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 25 Aug 2022 23:47:50 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4170
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/css/style.css?ver=1.0

119.18.49.15

200 OK

15 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/css/style.css?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (317), with CRLF line terminators
Size
15 kB (15361 bytes)
Hash
1752631c85b2df9682b765d1dae4e02f
10b59327bd881d367fdee1603ae8904aa5f37986
9f53921f95d3fcb716f1e1a950988d2eaf211fd9e1d1c3de0cebf65fbdf19512

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/css/style.css?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:14 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 15361
content-type: text/css; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/js/waypoints.min.js?ver=1.0

119.18.49.15

200 OK

2.8 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/waypoints.min.js?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
Unicode text, UTF-8 text, with very long lines (8863), with CRLF, CR line terminators
Size
2.8 kB (2758 bytes)
Hash
1ebf7b707b98230c03e4836a7509891b
85d65472bad2ec4c4a6312786a1de063aaf708bb
e10e4bd73626f4bdfa72da15e2f911d7b48dd7cc99b73dd7acd355a34de51375

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/js/waypoints.min.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:48 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2758
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/js/main.js?ver=1.0

119.18.49.15

200 OK

1.8 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/main.js?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
1.8 kB (1815 bytes)
Hash
680edaa6fe8c547d6bf8144b98d8e8e8
6faee2d6b4ecf77bb8209b13694d5d37e8ffe303
87a401dac6a685cee42e32df084a8e18640592bb942e89cb424f057848e841d4

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/js/main.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1815
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/uploads/2018/10/icon-3.png

119.18.49.15

200 OK

797 B

URL HTTP/2
www.nuancedigital.qa/wp-content/uploads/2018/10/icon-3.png
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced\012- data
Size
797 B (797 bytes)
Hash
b6c780756cad2358567c8d8a3f168d22
72f37c6012a3f0fd6a11afa583dae5918019784c
24cb523547a02be0509e347ba103985674a69c05d59023993f5e2500bb64ac5d

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/10/icon-3.png HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 00:21:00 GMT
accept-ranges: bytes
content-length: 797
cache-control: max-age=10368000, public
expires: Fri, 24 Feb 2023 19:51:27 GMT
vary: Accept-Encoding
content-type: image/png
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/uploads/2018/10/logo2.png

119.18.49.15

200 OK

4.8 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/uploads/2018/10/logo2.png
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 168 x 92, 8-bit/color RGBA, non-interlaced\012- data
Size
4.8 kB (4798 bytes)
Hash
df284b466c6d87eee8f72433fca40d50
30096648e9023b490a75f0b239443fc43c601cf3
3fdb8b3a2d6b832564cdb97421448a8f65db9e3be03d6bac5bf274e9619b2412

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/10/logo2.png HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 00:21:00 GMT
accept-ranges: bytes
content-length: 4798
cache-control: max-age=10368000, public
expires: Fri, 24 Feb 2023 19:51:27 GMT
vary: Accept-Encoding
content-type: image/png
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/images/404.png

119.18.49.15

200 OK

13 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/images/404.png
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (13040 bytes)
Hash
5ca787a3e8f3dcf9102736946d22414d
02c4bec7be7862712f4f3c602d69da39a7784eda
2c2b76caa8a99e0fe29c95d216514c6ba3117773d2a3f07b69e8dacd0e831c96

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/images/404.png HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:32 GMT
accept-ranges: bytes
content-length: 13040
cache-control: max-age=10368000, public
expires: Fri, 24 Feb 2023 19:51:27 GMT
vary: Accept-Encoding
content-type: image/png
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/img/whatsapp-logo-32x32.png

119.18.49.15

200 OK

1.1 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/img/whatsapp-logo-32x32.png
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Size
1.1 kB (1148 bytes)
Hash
247951a528f1c654c378b1cc02161528
e64a22682d119c5822b22202540bc515b6f7280d
e49970c0e24a6903f017792add41cc37f9a7b6b782c1bcca138351de51fffcf2

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/img/whatsapp-logo-32x32.png HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 14 Oct 2022 11:13:02 GMT
accept-ranges: bytes
content-length: 1148
cache-control: max-age=10368000, public
expires: Fri, 24 Feb 2023 19:51:27 GMT
vary: Accept-Encoding
content-type: image/png
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/plugins/creame-whatsapp-me/public/js/joinchat-lite.min.js?ver=4.5.11

119.18.49.15

200 OK

1.2 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/plugins/creame-whatsapp-me/public/js/joinchat-lite.min.js?ver=4.5.11
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (2805), with no line terminators
Size
1.2 kB (1235 bytes)
Hash
3601d44f46e37447a4fc4ba44632303d
79799ef5fa9ec1c5caae68c1707ee43e9be30a33
174054f41cd0f24dffa8f946aab79778ac34c13bcc55eae47335136e606ae2f6

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/creame-whatsapp-me/public/js/joinchat-lite.min.js?ver=4.5.11 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 24 Oct 2022 20:39:13 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1235
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/js/jquery.counterup.min.js?ver=1.0

119.18.49.15

200 OK

578 B

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/jquery.counterup.min.js?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (917), with CRLF line terminators
Size
578 B (578 bytes)
Hash
306ea69c876201ec32a9562f18b9d673
96c0dfa4df03cd823476b46668ab47463c9169f3
2dadb57bba327dc006803a8ec08cf1d0e96f298b5cafaf2c3c9db12e3af96c4f

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/js/jquery.counterup.min.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:54 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 578
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10

119.18.49.15

200 OK

2.6 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (6210), with no line terminators
Size
2.6 kB (2559 bytes)
Hash
dfcc74301f163fabd32e3256b91ba54e
3e861de3c9a7d5638eb7da2274f50274cde6cc0c
0611e07de6e96239da5373ee60ec187406e535614413b431c823fa3c21ecf8d7

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.8.10 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 15 Sep 2022 11:45:12 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2559
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

119.18.49.15

200 OK

31 kB

URL HTTP/2
www.nuancedigital.qa/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (65446), with CRLF line terminators
Size
31 kB (30835 bytes)
Hash
4273e0f3804379368199587af3d87eb6
8ae8a3c9ae43e44e71e858d8c48378f5b321264f
f9f127c9c85ab75b0125438cb9266fef325828162833841c4e0c8ba47dd06e30

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 25 Aug 2022 23:47:46 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 30835
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9

119.18.49.15

200 OK

2.4 kB

URL HTTP/2
www.nuancedigital.qa/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (6494), with no line terminators
Size
2.4 kB (2419 bytes)
Hash
ac8e3264bbf056252840769d80367138
f39423d928ac13e06b2f70a1c568ff53c55db038
10d1fb39911c03d5ea6da7330e723a4cde477907297dba5ea01d0c9a837950a8

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 25 Aug 2022 23:47:26 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2419
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/uploads/2018/10/nuance-qatar_logo.png

119.18.49.15

200 OK

7.5 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/uploads/2018/10/nuance-qatar_logo.png
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 168 x 87, 8-bit/color RGBA, non-interlaced\012- data
Size
7.5 kB (7461 bytes)
Hash
ba262fa05931971a0ceb3a11a494213b
cb40c892e33c6cc38172ae66542b8d7e37388e91
88fe5b1baee8985545b765936581ebcdf1ac213dc4d898b7346bcad890356c7a

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/10/nuance-qatar_logo.png HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 00:20:42 GMT
accept-ranges: bytes
content-length: 7461
cache-control: max-age=10368000, public
expires: Fri, 24 Feb 2023 19:51:27 GMT
vary: Accept-Encoding
content-type: image/png
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/js/easy-pie-chart.js?ver=1.0

119.18.49.15

200 OK

3.2 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/easy-pie-chart.js?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
3.2 kB (3151 bytes)
Hash
310e1132d5a4c131de8498348a17b119
ca44877f372459cefa119458a311dacda36be5cb
18d108493cb0df4a97d6c250cd94cccbfb71721e40aa6c1b479d1c470291dd05

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/js/easy-pie-chart.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3151
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

119.18.49.15

200 OK

7.0 kB

URL HTTP/2
www.nuancedigital.qa/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
Unicode text, UTF-8 text, with very long lines (19111), with CRLF line terminators
Size
7.0 kB (6995 bytes)
Hash
513d386f3ea04b4d90da8141fa23486d
8b6cca81735851650d01b191f077db828253b4f6
acf50f3a373d61fbf20db09e2ff78cbc44d3d93b1b4e27cf6afb4e6b964286e3

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 25 Aug 2022 23:47:18 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 6995
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/js/popper.min.js?ver=1.0

119.18.49.15

200 OK

6.9 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/popper.min.js?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (19063), with CRLF line terminators
Size
6.9 kB (6934 bytes)
Hash
83e880ec744b6310580a06ce6cd62911
1bf6ac4e9f8f9f72891844361491c690b6322a39
4b1a69e52d1c97532b1a5df36ccaed1c279e17b5130a7e431d2494e80eae36c3

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/js/popper.min.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:50 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 6934
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/js/owl.carousel.min.js?ver=1.0

119.18.49.15

200 OK

12 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/owl.carousel.min.js?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (2290), with CRLF line terminators
Size
12 kB (11753 bytes)
Hash
ac7e1ceda06035a69c9a41e3731495cd
06b417e59286f7a7c4327cc80cf6011836cbe597
c166b0cab723e401b86b68f5b2d156093a19f9d3ded93c25031ad54245b21f2e

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/js/owl.carousel.min.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 11753
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/js/jquery.magnific.popup.js?ver=1.0

119.18.49.15

200 OK

12 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/jquery.magnific.popup.js?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
12 kB (12534 bytes)
Hash
fbffb19d2a000fad9cdd98cbaa67862c
5f425721e4451fdf8d651c9a02c41237414d4924
8f8f3cce4e896a11485fbaa865e83069b05deafc363bd12212bb94d6f49c4f11

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/js/jquery.magnific.popup.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 12534
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

www.nuancedigital.qa/wp-content/themes/geobin/assets/js/bootstrap.min.js?ver=1.0

119.18.49.15

200 OK

13 kB

URL HTTP/2
www.nuancedigital.qa/wp-content/themes/geobin/assets/js/bootstrap.min.js?ver=1.0
IP
119.18.49.15:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (48664), with CRLF line terminators
Size
13 kB (13053 bytes)
Hash
73f2203bd353fd59966ceebed2652736
94ac0edd49cb400696c0a4382a84cf90c3f2c359
ac6fae8fe4e03cd6f2e412e77a8f933e9265bf8e8bf66aa254b2baf89cd9fb50

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/geobin/assets/js/bootstrap.min.js?ver=1.0 HTTP/1.1
Host: www.nuancedigital.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/omr/aqtueut
Cookie: PHPSESSID=cd789ea507a92edf8c47c843976d78a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 26 Aug 2022 01:23:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000, public
expires: Fri, 27 Oct 2023 19:51:27 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 13053
content-type: application/javascript; charset=utf-8
date: Thu, 27 Oct 2022 19:51:27 GMT
server: Apache
X-Firefox-Spdy: h2

away.cdnbestplatform.com/go.php?id=3245467-34-56736-11

91.211.91.104

200 OK

404 B

URL HTTP/2
away.cdnbestplatform.com/go.php?id=3245467-34-56736-11
IP
91.211.91.104:0
ASN
#206638 PE Brezhnev Daniil

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
404 B (404 bytes)
Hash
de4f65226e4e96ddbe33369deb9d8c77
488130dced04d09e726ef0f66179d9a85bbfe2d1
a4ba1869ebaba4fe07e2a681653622e041372c409e73f4a591c7227d3080fe54

HTTP Headers

GET /go.php?id=3245467-34-56736-11 HTTP/1.1
Host: away.cdnbestplatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:51:28 GMT
content-type: text/html; charset=UTF-8
content-length: 404
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f8ea645a73caad0af0c6712109be90bf
3714c8cb4bc06aa0c2d1de5fb796089313ef00b1
0bb3e59b43a8b1a3e261643440aba033ba85fd573285d9e69d53cdf497dbc2d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0BB3E59B43A8B1A3E261643440ABA033BA85FD573285D9E69D53CDF497DBC2D0"
Last-Modified: Wed, 26 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4473
Expires: Thu, 27 Oct 2022 21:06:01 GMT
Date: Thu, 27 Oct 2022 19:51:28 GMT
Connection: keep-alive

groundflares.com/b91698fd2.js

185.177.94.152

200 OK

56 B

URL HTTP/2
groundflares.com/b91698fd2.js
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
56 B (56 bytes)
Hash
01fedb484c76c86eb5bafcc15b97bddc
aa3d7fba2de0e16f69798d6dc6e77d2765a90455
93f23f64c6e14a7778241254ad90d49a38dfe406afdd5e0e223064613572d40f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b91698fd2.js HTTP/1.1
Host: groundflares.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=19d2e50c-0284-4dc0-827f-90c96376a7b6
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:51:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 56
last-modified: Thu, 13 Oct 2022 01:01:02 GMT
etag: "6347634e-38"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

groundflares.com/favicon.ico

185.177.94.152

204 No Content

0 B

URL HTTP/2
groundflares.com/favicon.ico
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: groundflares.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3
Cookie: uuid=19d2e50c-0284-4dc0-827f-90c96376a7b6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 27 Oct 2022 19:51:29 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
370b48e9aa78eebb4e150a63af292a67
8df33fd84564110d9ee1352f11a7c5f63ba11012
314971ffdfdd517dacd31671a7cb699a3a39683c15b1f0ded04ed49a6ddb98c0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "314971FFDFDD517DACD31671A7CB699A3A39683C15B1F0DED04ED49A6DDB98C0"
Last-Modified: Wed, 26 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11271
Expires: Thu, 27 Oct 2022 22:59:20 GMT
Date: Thu, 27 Oct 2022 19:51:29 GMT
Connection: keep-alive

0.groundflares.com/b91698fd2.js

185.177.94.152

200 OK

56 B

URL HTTP/2
0.groundflares.com/b91698fd2.js
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
56 B (56 bytes)
Hash
01fedb484c76c86eb5bafcc15b97bddc
aa3d7fba2de0e16f69798d6dc6e77d2765a90455
93f23f64c6e14a7778241254ad90d49a38dfe406afdd5e0e223064613572d40f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /b91698fd2.js HTTP/1.1
Host: 0.groundflares.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=19d2e50c-0284-4dc0-827f-90c96376a7b6; uuid=19d2e50c-0284-4dc0-827f-90c96376a7b6
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:51:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 56
last-modified: Thu, 13 Oct 2022 01:01:02 GMT
etag: "6347634e-38"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

0.groundflares.com/favicon.ico

185.177.94.152

204 No Content

0 B

URL HTTP/2
0.groundflares.com/favicon.ico
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 0.groundflares.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.groundflares.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=speedm3
Cookie: uuid=19d2e50c-0284-4dc0-827f-90c96376a7b6; uuid=19d2e50c-0284-4dc0-827f-90c96376a7b6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 27 Oct 2022 19:51:29 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7d52cbb39ffdcc116fd4a21985a15dff
325c401dfe5becd4a3fe5e4ba5c13fe4449d89aa
fd0bbf09506c6d5f1e5fd7917d09027b992bc2929f3d73fb32cba5e2c5c83eff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD0BBF09506C6D5F1E5FD7917D09027B992BC2929F3D73FB32CBA5E2C5C83EFF"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3870
Expires: Thu, 27 Oct 2022 20:55:59 GMT
Date: Thu, 27 Oct 2022 19:51:29 GMT
Connection: keep-alive

di4.biz/favicon.ico

185.177.92.179

204 No Content

0 B

URL HTTP/2
di4.biz/favicon.ico
IP
185.177.92.179:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: di4.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://di4.biz/?auf=hbtdanlcgm5dcnrqgixtcmjrhe3c6mrqf5tdkmtfmrrdinjpgezc6mjwgy3dsmbqgi4ds&p=b&sub1=&sub2=speedm3&sub3=&sub4=&cpc=0&cpm=0
Cookie: uuid=f30a4796-522f-4e15-a231-e2f834dcb470
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 27 Oct 2022 19:51:30 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

34.120.237.76

200 OK

18 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2013af8a-e057-44cd-8dca-381e200609e6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
18 kB (18182 bytes)
Hash
ed4462f023dbabb596a2e3b521425ca1
61b82445b422a5f917bb10640beb6d73eb0e62c3
a02af2897331acc123bf7d54b30929e3bc062a0875b5dea95302ddf60d808ded

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2013af8a-e057-44cd-8dca-381e200609e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 18182
x-amzn-requestid: f1232b1f-32ac-4820-b186-b3bfb928c0b4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aYvSKFF4oAMF2Wg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63535f40-0b9bc4d27b7534176cc278ed;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 03:10:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6Ep7Z_31m6kPwBoVaHyE2TioMdDmF_SkwT5kl326QvWN1pFEX_sy6Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 10:24:27 GMT
age: 34024
etag: "61b82445b422a5f917bb10640beb6d73eb0e62c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3

185.177.94.152

200 OK

0 B

URL HTTP/2
groundflares.com/go/mu4genjugq5dcmjrhe3a?sub2=speedm3
IP
185.177.94.152:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /go/mu4genjugq5dcmjrhe3a?sub2=speedm3 HTTP/1.1
Host: groundflares.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.cdnbestplatform.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:51:28 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=19d2e50c-0284-4dc0-827f-90c96376a7b6; expires=Sat, 26-Nov-2022 19:51:28 GMT; Max-Age=2592000; path=/; domain=groundflares.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

broworker4s.com/sw/bro.js

51.15.18.159

200 OK

0 B

URL HTTP/2
broworker4s.com/sw/bro.js
IP
51.15.18.159:0
ASN
#12876 Online S.a.s.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw/bro.js HTTP/1.1
Host: broworker4s.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://groundflares.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:51:29 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Fri, 27 Oct 2023 19:51:29 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

new.weatherplllatform.com/pick.js?v=7.77.3

91.211.91.114

200 OK

0 B

URL HTTP/2
new.weatherplllatform.com/pick.js?v=7.77.3
IP
91.211.91.114:0
ASN
#206638 PE Brezhnev Daniil

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pick.js?v=7.77.3 HTTP/1.1
Host: new.weatherplllatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nuancedigital.qa/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:51:27 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 27 Oct 2022 17:28:29 GMT
vary: Accept-Encoding
etag: W/"635abfbd-921"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2

broworker4s.com/sw/bro.js

51.15.18.159

200 OK

0 B

URL HTTP/2
broworker4s.com/sw/bro.js
IP
51.15.18.159:0
ASN
#12876 Online S.a.s.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw/bro.js HTTP/1.1
Host: broworker4s.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.groundflares.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:51:29 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Fri, 27 Oct 2023 19:51:29 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

di4.biz/?auf=hbtdanlcgm5dcnrqgixtcmjrhe3c6mrqf5tdkmtfmrrdinjpgezc6mjwgy3dsmbqgi4ds&p=b&sub1=&sub2=speedm3&sub3=&sub4=&cpc=0&cpm=0

185.177.92.179

200 OK

0 B

URL HTTP/2
di4.biz/?auf=hbtdanlcgm5dcnrqgixtcmjrhe3c6mrqf5tdkmtfmrrdinjpgezc6mjwgy3dsmbqgi4ds&p=b&sub1=&sub2=speedm3&sub3=&sub4=&cpc=0&cpm=0
IP
185.177.92.179:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?auf=hbtdanlcgm5dcnrqgixtcmjrhe3c6mrqf5tdkmtfmrrdinjpgezc6mjwgy3dsmbqgi4ds&p=b&sub1=&sub2=speedm3&sub3=&sub4=&cpc=0&cpm=0 HTTP/1.1
Host: di4.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.groundflares.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 19:51:30 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=f30a4796-522f-4e15-a231-e2f834dcb470; expires=Sat, 26-Nov-2022 19:51:29 GMT; Max-Age=2592000; path=/
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations