| r3.o.lencr.org/ |  23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashc7a8ba48383a0e56baca8c8c41b81a04 b04c1f1e730a71f17ff639c9db697c532d4e5421 7860552382285e6eddddc5226c6f6400caa3f6fc3cb4b8a2d550c6fc653f78bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7860552382285E6EDDDDC5226C6F6400CAA3F6FC3CB4B8A2D550C6FC653F78BB"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7912
Expires: Mon, 07 Nov 2022 05:44:55 GMT
Date: Mon, 07 Nov 2022 03:33:03 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ |  93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash05978511215be8462d0b69e33b3a91a3 61535ba131d547f1c5108d9e7763ee3fc8d8c824 cfdbf0f9e88e3c1ae8eb03e46c352633a75d4b2edbfbd57c1c6b52ff1623a109
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4067
Cache-Control: max-age=115547
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 03:33:03 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 11:38:50 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashd8c32b2fb818533a5b3fe5c69157bde9 93594fd3fc50d9d444c28660eabba1edbe4f0588 df8b8ce7a83d11fbe075c8780103c509654f288b5d757d64b696d861a11f3c7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF8B8CE7A83D11FBE075C8780103C509654F288B5D757D64B696D861A11F3C7F"
Last-Modified: Sun, 06 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5761
Expires: Mon, 07 Nov 2022 05:09:04 GMT
Date: Mon, 07 Nov 2022 03:33:03 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain |  34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash67d5a988edcda47bc3b3b3f65d32b4b6 d4f0e0da8b3690cc7da925026d3414b68c7d954f 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Vpxk3LjYqD0dzzTbJOKl5a1SXpRBZ7BFYdBAS9ozHe2Vy+DTPDpw1O6oC8X0ZUzIifvoStErKlQ=
x-amz-request-id: JTGDERDYZPTZVRWK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 07 Nov 2022 02:47:53 GMT
age: 2710
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 03:33:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash18c61a4a5b2b9a2ab106281ba5a2a39e 45518d7e94c1139f1b8ce288307db9df639a23fb 3def2e638d34b69ccdcba2920f86e2ded38fe42c9f5169e90b8fa59ba8323747
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3DEF2E638D34B69CCDCBA2920F86E2DED38FE42C9F5169E90B8FA59BA8323747"
Last-Modified: Mon, 07 Nov 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21568
Expires: Mon, 07 Nov 2022 09:32:31 GMT
Date: Mon, 07 Nov 2022 03:33:03 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashd862f992e9902530594e7aca425f129b 25b414fe833d30b52928535d659a1ee281b82e3a 0c6286152fe8bb5fdf1505f2001d530a65ee53aa6d9601bbb1eecb683036071d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6209
Cache-Control: max-age=112636
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 03:33:04 GMT
Etag: "6367792b-1d7"
Expires: Tue, 08 Nov 2022 10:50:20 GMT
Last-Modified: Sun, 06 Nov 2022 09:06:51 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
|
|
| nwl.com.qa/opl/eroiensperrlddefom | 162.214.80.109 | 301 Moved Permanently | 0 B |
URL HTTP/2nwl.com.qa/opl/eroiensperrlddefom IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /opl/eroiensperrlddefom HTTP/1.1
Host: nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
date: Mon, 07 Nov 2022 03:33:04 GMT
server: Apache
content-type: text/html; charset=UTF-8
content-length: 0
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://www.nwl.com.qa/opl/eroiensperrlddefom
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: true
x-proxy-cache: EXPIRED
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 35.161.231.36 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP35.161.231.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1RpsSZ5PyqYsO/iAt4Ms5g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: doWui/T2Cp+kna++KCJoM0tgpcA=
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hashb8988c44d656e4521aa7d84091f926d3 debd55429e2a0f0bcd257201f2efe00d2e7ed35f e04704fa687f5daa90436f47c59fabadc7779f604a68cef3baf6b97a0bc5e92b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 03:33:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.nwl.com.qa/wp-includes/js/wp-emoji-release.min.js?ver=6.1 | 162.214.80.109 | 200 OK | 5.3 kB |
URL HTTP/2www.nwl.com.qa/wp-includes/js/wp-emoji-release.min.js?ver=6.1 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with very long lines (15660) Hash710f8b142ea44c0682dc2c30f318f065 49144e9b3a76d3d383b1d4359cf7a25e947f4233 708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 27 Oct 2022 09:56:56 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 5321
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-includes/css/classic-themes.min.css?ver=1 | 162.214.80.109 | 200 OK | 189 B |
URL HTTP/2www.nwl.com.qa/wp-includes/css/classic-themes.min.css?ver=1 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
Hash5a18e16eb01cbaa862eb32e6b77bedb2 3abf9b913cc9f558f02cba7c9b822f8d1812cb96 d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 07:10:32 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 189
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/bold-page-builder/slick/slick.css?ver=4.4.6 | 162.214.80.109 | 200 OK | 575 B |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/bold-page-builder/slick/slick.css?ver=4.4.6 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
Hashc7cd7eaaeceb626699c3f61cf0d97b31 7930a73cbfbc0683ebf12b982b4ec0ddf3498852 9782a15945372abd060dd052ac7e93e7239f7f4ac20ff8716c8f554a2e78855f
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/bold-page-builder/slick/slick.css?ver=4.4.6 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:38:58 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 575
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1 | 162.214.80.109 | 200 OK | 120 B |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with no line terminators Hashe980e49c18172db82d09fc2feee80815 642b8ac7ee7db890dba42f5c10a12fd7e80c69e1 d13d3f73a1de94437a1aa3d907bfe57f37f02de23c084050280b420b17708514
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 01 Nov 2022 09:23:52 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 120
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1 | 162.214.80.109 | 200 OK | 318 B |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with very long lines (907) Hash54294941c8d1af0fb6b7c3906a40cf2d 90208fd5ddb92000a1da90b5c465d046d52a5ea9 278f52c1593e37e608bf09e278e8e2718eb85e668a7bc3ea05c94071d94a9ec7
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 01 Nov 2022 09:23:52 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 318
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/themes/gardena/framework/css/style.css?ver=6.1 | 162.214.80.109 | 200 OK | 116 B |
URL HTTP/2www.nwl.com.qa/wp-content/themes/gardena/framework/css/style.css?ver=6.1 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with CRLF line terminators Hash9c8882e2641e64acc9a4173e5e4f452d f34909a775901cf62f72dce3b7234654fba13985 c278e430eedc1d9649450aec219b8c42b90e38afdea3325e7aaf2b88b1bc6a87
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/themes/gardena/framework/css/style.css?ver=6.1 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:33:28 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 116
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/themes/gardena-child/style.css?ver=1.0.0 | 162.214.80.109 | 200 OK | 273 B |
URL HTTP/2www.nwl.com.qa/wp-content/themes/gardena-child/style.css?ver=1.0.0 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
Hashec5464a46d3b07700f144437781b4729 e3c89bf2c54eeaa3f7eb39cd423a23a32bb93aac 45a84de36fccee7815b8a8edd9ba69792935b0d13fd210968e9dd65e7445bf9f
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/themes/gardena-child/style.css?ver=1.0.0 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:34:16 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 273
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hashb8988c44d656e4521aa7d84091f926d3 debd55429e2a0f0bcd257201f2efe00d2e7ed35f e04704fa687f5daa90436f47c59fabadc7779f604a68cef3baf6b97a0bc5e92b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 03:33:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash2e37c89a5a7f608a21ac42b87ee0f7fc 55132fb03671e178b7e186da48ac7e02d6e96e23 6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8793
Expires: Mon, 07 Nov 2022 05:59:38 GMT
Date: Mon, 07 Nov 2022 03:33:05 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash2e37c89a5a7f608a21ac42b87ee0f7fc 55132fb03671e178b7e186da48ac7e02d6e96e23 6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8793
Expires: Mon, 07 Nov 2022 05:59:38 GMT
Date: Mon, 07 Nov 2022 03:33:05 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash2e37c89a5a7f608a21ac42b87ee0f7fc 55132fb03671e178b7e186da48ac7e02d6e96e23 6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8793
Expires: Mon, 07 Nov 2022 05:59:38 GMT
Date: Mon, 07 Nov 2022 03:33:05 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash2e37c89a5a7f608a21ac42b87ee0f7fc 55132fb03671e178b7e186da48ac7e02d6e96e23 6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8793
Expires: Mon, 07 Nov 2022 05:59:38 GMT
Date: Mon, 07 Nov 2022 03:33:05 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash2e37c89a5a7f608a21ac42b87ee0f7fc 55132fb03671e178b7e186da48ac7e02d6e96e23 6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8793
Expires: Mon, 07 Nov 2022 05:59:38 GMT
Date: Mon, 07 Nov 2022 03:33:05 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F100d1c51-b2c7-40d5-bd34-a37c21b8252d.jpeg | 34.120.237.76 | 200 OK | 9.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F100d1c51-b2c7-40d5-bd34-a37c21b8252d.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashc0a079a6dfb70fb2a2d6b5aff7103f73 55ffd5d6cb8074bdbdb8d06719119021bc81aeab 196ffd4e5245355c1c5d67f49b28200630ccfe1e4ebaa7280154b7adaf39b18f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F100d1c51-b2c7-40d5-bd34-a37c21b8252d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9435
x-amzn-requestid: 7c39c00f-1362-44c1-9628-749045e542b4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEIU9G5gIAMFzZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364ba85-57fbfb872251c37f4137b262;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:08:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GaFmcnh2vF0lCj_QPQ7SAIT_UzHHyr8UaHa-R_ifuZsX7quU0mBJ9Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 21:50:59 GMT
age: 20526
etag: "55ffd5d6cb8074bdbdb8d06719119021bc81aeab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Noto+Sans+TC%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CPoppins%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CNoto+Sans+TC%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CNoto+Sans+TC%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CNoto+Sans+TC%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CSpectral%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CPoppins%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic&subset=latin%2Clatin-ext&ver=1.0.0 | 142.250.74.10 | 200 OK | 215 kB |
URL HTTP/2fonts.googleapis.com/css?family=Noto+Sans+TC%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CPoppins%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CNoto+Sans+TC%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CNoto+Sans+TC%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CNoto+Sans+TC%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CSpectral%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CPoppins%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic&subset=latin%2Clatin-ext&ver=1.0.0 IP142.250.74.10:0
Size215 kB (214925 bytes) Hashb5579b315ee81c2ad5c3ebbf8d1ef858 c2ad64031a8cc271482f80b55325c54341bfbd32 7e844e33ee8affd1667cd46a1e31e16f04df84999afadc348e353ebc8319807d
GET /css?family=Noto+Sans+TC%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CPoppins%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CNoto+Sans+TC%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CNoto+Sans+TC%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CNoto+Sans+TC%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CSpectral%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CPoppins%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic&subset=latin%2Clatin-ext&ver=1.0.0 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 07 Nov 2022 03:33:05 GMT
date: Mon, 07 Nov 2022 03:33:05 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg | 34.120.237.76 | 200 OK | 10 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash4e2853cc6ec6223160471401e6871f4b f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3fDf4aoep5tTAusisXhIdAf0A6SbpM5fYtYaiXtNSb0-VRJo5nu8Vg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 09:11:34 GMT
age: 66091
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56aa1a3-694e-4b80-85bc-4623e329ddce.jpeg | 34.120.237.76 | 200 OK | 7.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56aa1a3-694e-4b80-85bc-4623e329ddce.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash1880403dd046309abafaa754e128c77d ffa0c6a21a1abd598805781c8674d0804e9eac23 11fac70eb2d4c7e362d2636f51b3ce674d702b5aa71bd811b94b7d977f528350
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56aa1a3-694e-4b80-85bc-4623e329ddce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7267
x-amzn-requestid: 1e3a514d-a886-4e53-bd87-c52f892d94eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bG3xcGbdoAMFzXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6365d33c-31d42df829d8a01b50a8a24d;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 03:06:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DgFgFXttaTDf0oL0XB8vB5TwGqTzWisGjuYevFOVpqlBYYkqQdB09A==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 03:57:30 GMT
age: 84935
etag: "ffa0c6a21a1abd598805781c8674d0804e9eac23"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9bbb756-5249-4b34-8849-4de6e2b8bea6.jpeg | 34.120.237.76 | 200 OK | 6.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9bbb756-5249-4b34-8849-4de6e2b8bea6.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashf89b1eca136f5f378e0630a65e6c65d3 d985016eff9cb2c84e9cb0f1852f73b16eebfd6d 9cd925c0d860cde07875cab7d701a828e15bdffa95b8ba135bfde472813284dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9bbb756-5249-4b34-8849-4de6e2b8bea6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6347
x-amzn-requestid: 41292db8-3d29-4fce-9465-4e33405f42c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bDyeFFP3oAMFuLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364978d-455e931830b585987128ed34;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 04:39:41 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Qych14kRSODXc6HCyuslzfjzsmB5jJEsJ_v8BYTFwjTcQEV51LAfGA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 14:04:17 GMT
age: 48528
etag: "d985016eff9cb2c84e9cb0f1852f73b16eebfd6d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08fced45-2207-4622-ad9c-c2ab54f27b2a.jpeg | 34.120.237.76 | 200 OK | 7.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08fced45-2207-4622-ad9c-c2ab54f27b2a.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash6c405a2c2821da31e4000a3badb64d60 4ae120aa65e23ea40cf9f3dc25c5c3c0aba24db9 c192840e892b171fe60c7688b3e6388433d4fcc8a0a1f54699a361373da64d37
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08fced45-2207-4622-ad9c-c2ab54f27b2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7460
x-amzn-requestid: 031771ee-eab5-41f8-80de-5281dded85bf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bMtUrE79IAMF3vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636828ea-58109a273d57d22c7149dbf2;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LquZ8nU3W4g-4YNMXaHivixIV_W4vQM05ZjhXdxFx6l9N6Ha19hESw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 21:39:31 GMT
age: 21214
etag: "4ae120aa65e23ea40cf9f3dc25c5c3c0aba24db9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=2.7.3 | 162.214.80.109 | 200 OK | 4.4 kB |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=2.7.3 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with very long lines (30283), with no line terminators Hashc2c381b76f533a3992b1060b1e8275ed 8441603d412df07e265d70d72569bd3ed90c51ee 6b1c02e5f7f5a04d0320c0a69a67651c6c322b81dfcf1ad9ca29e0f7374cf613
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=2.7.3 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 31 Oct 2022 06:46:23 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 4436
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/bold-page-builder/slick/slick.min.js?ver=4.4.6 | 162.214.80.109 | 200 OK | 14 kB |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/bold-page-builder/slick/slick.min.js?ver=4.4.6 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with very long lines (42862) Hashe61b26be7b27fbf2a5c2f479364c12b8 ff046102856e16854639a9862521c193fa05e9d7 19f098db827ce2943ab549c6fb9b142c4cc70aa9ecd7d3afc657a3a0eed8be88
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/bold-page-builder/slick/slick.min.js?ver=4.4.6 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:39:00 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 14332
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ekiticons.css?ver=2.7.3 | 162.214.80.109 | 200 OK | 13 kB |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ekiticons.css?ver=2.7.3 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with very long lines (65536), with no line terminators Hash2586b72a57d56fcc09dfabcd84488de5 58d34cec79898ec005ba78f3b9cc600d1cd4ec96 21a7ae5c7541cd7322cdd1d73bcf1c5d1b47b830dd864079e6d8337a47d32839
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ekiticons.css?ver=2.7.3 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 31 Oct 2022 06:46:23 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 12707
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.5.12 | 162.214.80.109 | 200 OK | 148 B |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.5.12 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
Hashd660fe5cb235fe11eadc620a37765bca 3e874b2b7935e2e03574cd64740d5530b801891b 12d878b56e2a2b7ca91005a50121c12ebc00d8941fde5da544fb5ab682975572
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.5.12 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 01 Nov 2022 09:23:52 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 148
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.4.2 | 162.214.80.109 | 200 OK | 900 B |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.4.2 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with very long lines (3432) Hash1e0ef5b4ebd931aecd01564980628978 e618b92e03a6c4bd4abffed22abb1e835c05a601 1deef467f6db854d82e8c6288086664c7cf60a41b18bb7216d63bb83061ba878
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.4.2 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 31 Oct 2022 19:10:03 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 900
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 | 162.214.80.109 | 200 OK | 4.6 kB |
URL HTTP/2www.nwl.com.qa/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with very long lines (11126) Hashacdb97105af28a7066790c6748ae2e1e 65794d2c5a9d04f747faf370bc8bacd330e69e5a dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 27 Oct 2022 09:56:55 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 4618
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/bold-page-builder/content_elements_misc/js/jquery.magnific-popup.min.js?ver=4.4.6 | 162.214.80.109 | 200 OK | 9.2 kB |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/bold-page-builder/content_elements_misc/js/jquery.magnific-popup.min.js?ver=4.4.6 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with very long lines (20087) Hash7a10ae63b238729dc4da7f7bd8986219 654c47168dca0ec7080f6c57e8c4482b57f879d4 b782185399b361358f7c409d6f23f22d45f695dcbb63876c35752c7b1de72db3
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/bold-page-builder/content_elements_misc/js/jquery.magnific-popup.min.js?ver=4.4.6 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:38:48 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 9204
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/sitepress-multilingual-cms/res/flags/ar.png | 162.214.80.109 | 200 OK | 1.6 kB |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/sitepress-multilingual-cms/res/flags/ar.png IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typePNG image data, 18 x 12, 8-bit/color RGBA, interlaced\012- data Hash82585d30472469cba18765432614f80a f87d8d78e2f0e55b9e64a1aa1d541d6ee4719e27 dd6ec70c1a1055b179971376f57dfda35dd44b9ab6ab5c73b05639f8f508d7b6
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/ar.png HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 01 Nov 2022 09:23:52 GMT
accept-ranges: bytes
content-length: 1642
cache-control: max-age=31536000
expires: Tue, 07 Nov 2023 03:33:05 GMT
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=2.7.3 | 162.214.80.109 | 200 OK | 40 B |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=2.7.3 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with no line terminators Hash94d041d462db321cdb888066586f2068 717d2f9da7fb9f9e2bf2058a8177a0344f8a8647 b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=2.7.3 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 31 Oct 2022 06:46:23 GMT
accept-ranges: bytes
content-length: 40
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.4.2 | 162.214.80.109 | 200 OK | 2.9 kB |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.4.2 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with very long lines (8014), with no line terminators Hash1c44ef5e10d4a8e0d89d78ad512e2cbc 6b5a049fefb1c791a9f84e9a97c9256ad0fae8ac 7f3df0933239d81fd6c58b50ea4b943db51c48aecd636b249514937c91c03d62
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.4.2 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 31 Oct 2022 19:10:03 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 2937
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/bold-page-builder/content_elements/bt_bb_section/bt_bb_elements.js?ver=4.4.6 | 162.214.80.109 | 200 OK | 693 B |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/bold-page-builder/content_elements/bt_bb_section/bt_bb_elements.js?ver=4.4.6 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with CRLF line terminators Hashf773df13d5e566dbb9809bb2c44e8de6 2ac9e83185fcdedfc44bfaa8a886a7ca42aba66d ec371ec41eae8c23693cb5ccc4fe07805fa0bee3109c47c16269f86895513194
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/bold-page-builder/content_elements/bt_bb_section/bt_bb_elements.js?ver=4.4.6 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:39:20 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 693
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/themes/gardena/framework/js/header.misc.js?ver=6.1 | 162.214.80.109 | 200 OK | 3.3 kB |
URL HTTP/2www.nwl.com.qa/wp-content/themes/gardena/framework/js/header.misc.js?ver=6.1 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with CRLF line terminators Hash32d8a03a6588f03372bd19b589ee43a3 fe29b6819f34f295f97e07a5686d40f3aaa97a69 802c008c90a718c74857b3f13001150b0ffc8227f56f0bd8c99537809020f45e
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/themes/gardena/framework/js/header.misc.js?ver=6.1 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:33:30 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 3324
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/themes/gardena/framework/js/fancySelect.js?ver=6.1 | 162.214.80.109 | 200 OK | 2.0 kB |
URL HTTP/2www.nwl.com.qa/wp-content/themes/gardena/framework/js/fancySelect.js?ver=6.1 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
Hash88cf9d5756f6bfeccde84f50d8330c00 ad7cd1f9493b06cb871fae6a620d24b4738091b7 fad0f9b6c807f71b0bce7b84fb13389ce6b906b229cfe7eedb60ce4ccfcfa517
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/themes/gardena/framework/js/fancySelect.js?ver=6.1 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:33:32 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 1999
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/themes/gardena/framework/js/misc.js?ver=6.1 | 162.214.80.109 | 200 OK | 2.1 kB |
URL HTTP/2www.nwl.com.qa/wp-content/themes/gardena/framework/js/misc.js?ver=6.1 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
Hash5bee0a6bb045e46d8b0eb73876db19a0 da65b52c0f76cf95992bb38ec1a51bb695651570 0d4721159646cb812d4d725c21e4f4122b0e855d8e30bdbb43f969045a0eaf49
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/themes/gardena/framework/js/misc.js?ver=6.1 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:33:30 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 2137
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/bold-page-builder/content_elements_misc/js/content_elements.js?ver=4.4.6 | 162.214.80.109 | 200 OK | 9.2 kB |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/bold-page-builder/content_elements_misc/js/content_elements.js?ver=4.4.6 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with CRLF line terminators Hash470961ee0293aa120ba25b245f24ae8e 4579b62c93bd07e8dcd70cdd30439dcbcde8f67e 549d845cfd828785401ec2a0e73664a79bb0cb06a6f6a965197a34e53509bdfc
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/bold-page-builder/content_elements_misc/js/content_elements.js?ver=4.4.6 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:38:50 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 9247
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash6dba1915540598e77ae8d73ce49c4b3b f9c34b678d814548946cafea65b20ff352fb501b 89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 03:33:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash6dba1915540598e77ae8d73ce49c4b3b f9c34b678d814548946cafea65b20ff352fb501b 89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 03:33:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash6dba1915540598e77ae8d73ce49c4b3b f9c34b678d814548946cafea65b20ff352fb501b 89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 03:33:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/notosanstc/v26/-nFkOG829Oofr2wohFbTp9i9kwMvDrVO3cuHnQmVtV4N3QDXzPiowFVyhy21F93pzxLWunL8lQ.119.woff2 | 216.58.207.195 | 200 OK | 25 kB |
URL HTTP/2fonts.gstatic.com/s/notosanstc/v26/-nFkOG829Oofr2wohFbTp9i9kwMvDrVO3cuHnQmVtV4N3QDXzPiowFVyhy21F93pzxLWunL8lQ.119.woff2 IP216.58.207.195:0
File typeWeb Open Font Format (Version 2), CFF, length 24988, version 1.0\012- data Hashc687f6074815401ada189662dec3dcc0 0296a20919064dcd6e3c65e0a953ea568b59eb63 7f6414cf2eb4aacdc05b32aa5c2b57d2b3d611ca6ec0d4e4ecc3a57a85b9fb1a
GET /s/notosanstc/v26/-nFkOG829Oofr2wohFbTp9i9kwMvDrVO3cuHnQmVtV4N3QDXzPiowFVyhy21F93pzxLWunL8lQ.119.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nwl.com.qa
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24988
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Nov 2022 07:12:15 GMT
expires: Wed, 01 Nov 2023 07:12:15 GMT
cache-control: public, max-age=31536000
age: 505251
last-modified: Mon, 09 May 2022 18:55:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2 | 216.58.207.195 | 200 OK | 7.8 kB |
URL HTTP/2fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2 IP216.58.207.195:0
File typeWeb Open Font Format (Version 2), TrueType, length 7824, version 1.0\012- data Hashaf4d371a10271dafeb343f1eace762bc 6d11d743bc3cfb169d70bc86450f18351dc1a905 60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2
GET /s/poppins/v20/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nwl.com.qa
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7824
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:50:35 GMT
expires: Thu, 02 Nov 2023 19:50:35 GMT
cache-control: public, max-age=31536000
age: 373351
last-modified: Wed, 27 Apr 2022 16:52:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/themes/gardena/print.css?ver=6.1 | 162.214.80.109 | 200 OK | 431 B |
URL HTTP/2www.nwl.com.qa/wp-content/themes/gardena/print.css?ver=6.1 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typeASCII text, with CRLF line terminators Hash6019e5d18777ff7cd4c6c43c8925302a dda47c4bfe7298880111cd696848149bb8f6ebff 461259079806f26bd545169ee0d99073195d39e080ebf5b560b89c159915fcad
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/themes/gardena/print.css?ver=6.1 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:33:06 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:06 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-length: 431
content-type: text/css
date: Mon, 07 Nov 2022 03:33:06 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 | 216.58.207.195 | 200 OK | 7.8 kB |
URL HTTP/2fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 IP216.58.207.195:0
File typeWeb Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data Hash25b0e113ca7cce3770d542736db26368 cb726212d5d525021752a1d8470a0fb593e0c49e 9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.nwl.com.qa
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:30:59 GMT
expires: Thu, 02 Nov 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 374527
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash6dba1915540598e77ae8d73ce49c4b3b f9c34b678d814548946cafea65b20ff352fb501b 89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 03:33:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.nwl.com.qa/wp-content/themes/gardena/gfx/plug.png | 162.214.80.109 | 200 OK | 23 kB |
URL HTTP/2www.nwl.com.qa/wp-content/themes/gardena/gfx/plug.png IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typePNG image data, 313 x 530, 8-bit/color RGBA, non-interlaced\012- data Hash4e7128253124f382bfa76f0aef4122ba 9ca14ce06937f43c1b4b831af83bca1fb522d32e c425034ab60bd81433cfdf6aa38b35f79ecac4d76bd39b3b37da6bb325fcdcf3
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/themes/gardena/gfx/plug.png HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:33:42 GMT
accept-ranges: bytes
content-length: 23119
cache-control: max-age=31536000
expires: Tue, 07 Nov 2023 03:33:06 GMT
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Mon, 07 Nov 2022 03:33:06 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/uploads/2022/10/cropped-NWL-Favicon-192x192.png | 162.214.80.109 | 200 OK | 17 kB |
URL HTTP/2www.nwl.com.qa/wp-content/uploads/2022/10/cropped-NWL-Favicon-192x192.png IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data Hash6d4181052d10e3ffaefccf74cf3c3437 9f242aa800c23e24a359ff913becffe6f396eda0 2c4c61036cc12245ce4ef19f5f829caaf8fc9cf0d82b10d1b745588b4ed679e7
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/uploads/2022/10/cropped-NWL-Favicon-192x192.png HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Cookie: wp-wpml_current_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 20:45:52 GMT
accept-ranges: bytes
content-length: 16978
cache-control: max-age=31536000
expires: Tue, 07 Nov 2023 03:33:06 GMT
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: image/png
date: Mon, 07 Nov 2022 03:33:06 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| nwl.mm.qa/wp-content/uploads/2022/10/MM-Main-Logo-2-300x92-1.png |  159.223.41.111 | 200 OK | 12 kB |
URL HTTP/2nwl.mm.qa/wp-content/uploads/2022/10/MM-Main-Logo-2-300x92-1.png IP159.223.41.111:0 ASN#14061 DIGITALOCEAN-ASN
File typePNG image data, 300 x 92, 8-bit/color RGBA, non-interlaced\012- data Hash0f93b3d14cf0117f47a038e199a8cb34 6d932a39f0384cdcda97ec3e2d238b1bbdb23adf dea483d71648b593071399fc12767f6c79c41e5fc5055d9dedf1de2ea021e9db
GET /wp-content/uploads/2022/10/MM-Main-Logo-2-300x92-1.png HTTP/1.1
Host: nwl.mm.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 03:33:06 GMT
content-type: image/png
content-length: 11736
last-modified: Mon, 03 Oct 2022 18:53:25 GMT
etag: "633b2fa5-2dd8"
cache-control: public, max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/opl/eroiensperrlddefom | 162.214.80.109 | 404 Not Found | 0 B |
URL HTTP/2www.nwl.com.qa/opl/eroiensperrlddefom IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /opl/eroiensperrlddefom HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
date: Mon, 07 Nov 2022 03:33:04 GMT
server: Apache
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.nwl.com.qa/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/bold-page-builder/css/front_end/content_elements.crush.css?ver=4.4.6 | 162.214.80.109 | 200 OK | 0 B |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/bold-page-builder/css/front_end/content_elements.crush.css?ver=4.4.6 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/bold-page-builder/css/front_end/content_elements.crush.css?ver=4.4.6 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:38:44 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=2.7.3 | 162.214.80.109 | 200 OK | 0 B |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=2.7.3 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=2.7.3 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 31 Oct 2022 06:46:23 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.8.0 | 162.214.80.109 | 200 OK | 0 B |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.8.0 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.8.0 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 31 Oct 2022 06:46:19 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-includes/css/dist/block-library/style.min.css?ver=6.1 | 162.214.80.109 | 200 OK | 0 B |
URL HTTP/2www.nwl.com.qa/wp-includes/css/dist/block-library/style.min.css?ver=6.1 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 07:10:32 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/themes/gardena/style.css?ver=6.1 | 162.214.80.109 | 200 OK | 0 B |
URL HTTP/2www.nwl.com.qa/wp-content/themes/gardena/style.css?ver=6.1 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/themes/gardena/style.css?ver=6.1 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 25 Oct 2022 21:33:06 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Wed, 07 Dec 2022 03:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: text/css
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-includes/js/jquery/jquery.min.js?ver=3.6.1 | 162.214.80.109 | 200 OK | 0 B |
URL HTTP/2www.nwl.com.qa/wp-includes/js/jquery/jquery.min.js?ver=3.6.1 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 07:10:32 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=2.7.3 | 162.214.80.109 | 200 OK | 0 B |
URL HTTP/2www.nwl.com.qa/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=2.7.3 IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
| Analyzer | Verdict | Alert |
|---|
| fortinet | Malware | | | mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=2.7.3 HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 31 Oct 2022 06:46:23 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 07 Nov 2022 09:33:05 GMT
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: application/javascript
date: Mon, 07 Nov 2022 03:33:05 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| www.nwl.com.qa/wp-content/uploads/2022/10/cropped-NWL-Favicon-32x32.png | 162.214.80.109 | 404 Not Found | 0 B |
URL HTTP/2www.nwl.com.qa/wp-content/uploads/2022/10/cropped-NWL-Favicon-32x32.png IP162.214.80.109:0 ASN#46606 UNIFIEDLAYER-AS-1
| Analyzer | Verdict | Alert |
|---|
| mnemonic_dns | Sinkholed | | | quad9 | Sinkholed | |
GET /wp-content/uploads/2022/10/cropped-NWL-Favicon-32x32.png HTTP/1.1
Host: www.nwl.com.qa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nwl.com.qa/opl/eroiensperrlddefom
Cookie: wp-wpml_current_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.nwl.com.qa/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-endurance-cache-level: 2
x-nginx-cache: WordPress
content-type: text/html; charset=UTF-8
date: Mon, 07 Nov 2022 03:33:06 GMT
server: Apache
X-Firefox-Spdy: h2
|
|