r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9e164a845d32db8fa51fdb5b1aa218d9
169099b4d2f8e119ab6cf6fca279b6fb535b1759
402ffbf1404cf05c0516c5a8cd5344bd53537ac5150d387730a90c81c17dc9e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "402FFBF1404CF05C0516C5A8CD5344BD53537AC5150D387730A90C81C17DC9E4"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5730
Expires: Tue, 08 Nov 2022 16:44:00 GMT
Date: Tue, 08 Nov 2022 15:08:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9a21dcd6794c5ba4178522096f695511
d731cf49db5e048d0d820d5cee03417cdd8c1c7b
c4981ce849fcfce045d1c9eeb2978767d87fcbf6087626f3d6541ec8b1938a37
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C4981CE849FCFCE045D1C9EEB2978767D87FCBF6087626F3D6541EC8B1938A37"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8863
Expires: Tue, 08 Nov 2022 17:36:13 GMT
Date: Tue, 08 Nov 2022 15:08:30 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7908acd0c083145e2b454aaeb063c236
0696647bb0a4118327f637a50ebcc21bac39d592
ffc30b68df0b33d67f31e37bbf5ae5cf4c23e1c8b8197bf76a95ee06bec4cd36
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4008
Cache-Control: max-age=160169
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:08:30 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 11:37:59 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: unagvKgUDh6jdvcJb7zNZ29VXwd5reE6SqwsaL/ghQOfSU2h9F6MfSgd6KI1K8j0vHWeNGwHgEk=
x-amz-request-id: XJAQ71RS45YC449W
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 08 Nov 2022 14:11:20 GMT
age: 3430
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 08 Nov 2022 15:08:30 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
shipperslinkgh.com/nfos/qakbot.zip
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/qakbot.zip
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/qakbot.zip HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
maps.google.com/maps/api/js
216.58.211.14200 OK 53 kB URL HTTP/1.1 maps.google.com/maps/api/js
IP 216.58.211.14:0
File type ASCII text, with very long lines (2505)
Hash 18e35dc6f74322fbaa8e6251ec019af5
bdb316bd00bd86b05071c9e57504036733698c34
e10b76c8c8566d1e32b4df58e96884741359c887f90c411097bd9da599ad8037
GET /maps/api/js HTTP/1.1
Host: maps.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Tue, 08 Nov 2022 15:08:30 GMT
Expires: Tue, 08 Nov 2022 15:38:30 GMT
Cache-Control: public, max-age=1800
Vary: Accept-Language
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Content-Encoding: gzip
Server: mafe
Content-Length: 53429
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Server-Timing: gfet4t7; dur=13
shipperslinkgh.com/nfos/plugins/bootstrap/css/bootstrap.min.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/bootstrap/css/bootstrap.min.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/font-awesome/css/font-awesome.min.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/font-awesome/css/font-awesome.min.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2a47d129a3af5f02c654faf925c60273
9ad27ed9f4500c939260a677c12e702599b00fa9
0e031af077bf7009ffefada782407a247bbd31bddc96994c68de7bfe902bf992
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2127
Cache-Control: max-age=153223
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:08:30 GMT
Etag: "636a1c26-1d7"
Expires: Thu, 10 Nov 2022 09:42:13 GMT
Last-Modified: Tue, 08 Nov 2022 09:06:46 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
shipperslinkgh.com/nfos/plugins/Stroke-Gap-Icons-Webfont/style.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/Stroke-Gap-Icons-Webfont/style.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/Stroke-Gap-Icons-Webfont/style.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/css/navigation.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/css/navigation.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/css/navigation.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/css/settings.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/css/settings.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/css/settings.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/css/layers.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/css/layers.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/css/layers.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/flaticon/flaticon.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/flaticon/flaticon.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/flaticon/flaticon.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/jquery-ui-1.11.4/jquery-ui.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/jquery-ui-1.11.4/jquery-ui.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/jquery-ui-1.11.4/jquery-ui.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
54.148.242.254101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.242.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vb2hHDQ5ngAabL+2NxamXA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RwsjFzF8LH4iX9JQ5oDtvBaKWm8=
shipperslinkgh.com/nfos/plugins/owl.carousel-2/assets/owl.carousel.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/owl.carousel-2/assets/owl.carousel.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/owl.carousel-2/assets/owl.carousel.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/animate.min.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/animate.min.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/animate.min.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/fancyapps-fancyBox/source/jquery.fancybox.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/fancyapps-fancyBox/source/jquery.fancybox.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/fancyapps-fancyBox/source/jquery.fancybox.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/owl.carousel-2/assets/owl.theme.default.min.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/owl.carousel-2/assets/owl.theme.default.min.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/owl.carousel-2/assets/owl.theme.default.min.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/css/style.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/css/style.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/css/style.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/css/responsive.css
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/css/responsive.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/css/responsive.css HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/jquery/jquery-1.11.3.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/jquery/jquery-1.11.3.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/jquery/jquery-1.11.3.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/bootstrap/js/bootstrap.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/bootstrap/js/bootstrap.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/owl.carousel-2/owl.carousel.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/owl.carousel-2/owl.carousel.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/owl.carousel-2/owl.carousel.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/jquery-ui-1.11.4/jquery-ui.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/jquery-ui-1.11.4/jquery-ui.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/jquery-ui-1.11.4/jquery-ui.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/jquery-countTo/jquery.countTo.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/jquery-countTo/jquery.countTo.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/jquery-countTo/jquery.countTo.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/jquery-appear/jquery.appear.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/jquery-appear/jquery.appear.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/jquery-appear/jquery.appear.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/jquery-validation/dist/jquery.validate.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/jquery-validation/dist/jquery.validate.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/jquery-validation/dist/jquery.validate.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/gmap.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/gmap.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/gmap.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/jquery.mixitup.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/jquery.mixitup.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/jquery.mixitup.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/js/jquery.themepunch.tools.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/js/jquery.themepunch.tools.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/js/jquery.themepunch.tools.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/js/jquery.themepunch.revolution.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/js/jquery.themepunch.revolution.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/js/jquery.themepunch.revolution.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.actions.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.actions.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/js/extensions/revolution.extension.actions.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.carousel.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.carousel.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/js/extensions/revolution.extension.carousel.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.kenburn.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.kenburn.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/js/extensions/revolution.extension.kenburn.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.layeranimation.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.layeranimation.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/js/extensions/revolution.extension.layeranimation.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.migration.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.migration.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/js/extensions/revolution.extension.migration.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.navigation.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.navigation.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/js/extensions/revolution.extension.navigation.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.parallax.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.parallax.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/js/extensions/revolution.extension.parallax.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.slideanims.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.slideanims.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/js/extensions/revolution.extension.slideanims.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.video.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/revolution/js/extensions/revolution.extension.video.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/revolution/js/extensions/revolution.extension.video.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/fancyapps-fancyBox/source/jquery.fancybox.pack.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/fancyapps-fancyBox/source/jquery.fancybox.pack.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/fancyapps-fancyBox/source/jquery.fancybox.pack.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/plugins/typed.js-master/dist/typed.min.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/plugins/typed.js-master/dist/typed.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/plugins/typed.js-master/dist/typed.min.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/js/main.js
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/js/main.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/js/main.js HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/logo.png
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/logo.png
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/logo.png HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/slider/3.jpg
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/slider/3.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/slider/3.jpg HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/slider/7.jpg
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/slider/7.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/slider/7.jpg HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/slider/2.jpg
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/slider/2.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/slider/2.jpg HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/slider/cap-1.png
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/slider/cap-1.png
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/slider/cap-1.png HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/slider/cap-2.png
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/slider/cap-2.png
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/slider/cap-2.png HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/about-info-box/2.jpg
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/about-info-box/2.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/about-info-box/2.jpg HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/full-man.jpg
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/full-man.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/full-man.jpg HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/clients/1.jpg
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/clients/1.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/clients/1.jpg HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/clients/3.jpg
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/clients/3.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/clients/3.jpg HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/clients/2.jpg
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/clients/2.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/clients/2.jpg HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/clients/4.jpg
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/clients/4.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/clients/4.jpg HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9497
Expires: Tue, 08 Nov 2022 17:46:49 GMT
Date: Tue, 08 Nov 2022 15:08:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9497
Expires: Tue, 08 Nov 2022 17:46:49 GMT
Date: Tue, 08 Nov 2022 15:08:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9497
Expires: Tue, 08 Nov 2022 17:46:49 GMT
Date: Tue, 08 Nov 2022 15:08:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9497
Expires: Tue, 08 Nov 2022 17:46:49 GMT
Date: Tue, 08 Nov 2022 15:08:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3564993-11e9-4914-840f-9a1b924c950a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3564993-11e9-4914-840f-9a1b924c950a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7884b85a4b30e918a0b44f73a301a78b
f7ae1b83a0199b76dd0d31a21db4072b867e4f37
9576f9ad95c958887de953dee72b267cd0ed7293ed62fb540df76a2d49fac035
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3564993-11e9-4914-840f-9a1b924c950a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4527
x-amzn-requestid: c3be9447-c43a-48d6-9aef-c0999742886c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQA1GFN5IAMFaRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b53-3bb315de52dcf6114da9ad05;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:40:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: _nFA59k8ERwiA6Ct_pZJs0WkFuagosyyiOkeQc1PuWMcno-Lpz4UfA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 22:01:04 GMT
age: 61648
etag: "f7ae1b83a0199b76dd0d31a21db4072b867e4f37"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd21b731d-5fcc-42b8-ba5c-4292558c1d65.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd21b731d-5fcc-42b8-ba5c-4292558c1d65.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 37802736d42529da1237e5d89e253928
6f246d25b36dc880489f3af2ae8767a0f5f2542b
b21622ee7e858a4508096480ec3ffba824e96d469b0fcfa0f6daaabad296fd40
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd21b731d-5fcc-42b8-ba5c-4292558c1d65.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12165
x-amzn-requestid: 7baae03c-2e22-477c-9c14-d21a26469b47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAvEFHdIAMF_XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b2d-2edb1d9722872b1166a5b085;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:39:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1QlljbC_YBobvvYSxTH2jH4a4kZAK8Am-k6CNxJrLIm1TY1gbfP1gg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 22:12:03 GMT
age: 60989
etag: "6f246d25b36dc880489f3af2ae8767a0f5f2542b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92bcf73f-5c71-47c9-824d-b8fa1f9af018.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92bcf73f-5c71-47c9-824d-b8fa1f9af018.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ff4c1be0934222258267f7595f2ecde
5d51855ed7cc6f8cac53eef1730212eb70b28036
49ce70117f2b108ebcff7f8e0ac14b2583eaf6b36a10baff097b35b728ba44d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92bcf73f-5c71-47c9-824d-b8fa1f9af018.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10781
x-amzn-requestid: c5063271-8b84-41d7-899c-958c135541c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAwTF2cIAMF0DQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b34-6b6018d826efae3e3738a7d9;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:40:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tL667rmWZPwJrD76JI5jBbUa3oEwaLZc-A5omJ8WyQMzsxDgIXsQhg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 22:11:08 GMT
etag: "5d51855ed7cc6f8cac53eef1730212eb70b28036"
content-type: image/jpeg
age: 61044
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39446652ee66d20bd73df20f1a29589c
349ea78f3ad0f2f7376ba22e417226b2e06806d7
655a00944a319ba167e99b43055044cb18bc48d53605ff0d1b6c8b1ba8ee8237
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4737
x-amzn-requestid: ad230e08-9f4e-46cf-9a86-f8e013a1c498
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQBFkEhLIAMFq_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697bbd-7e8b686a23a84c5d473c9ef5;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:42:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FoOPmZEjC6nhw801dgqENVL-9-aC0pyFAF-fMS57XzQyfxck2GGUvA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:55:45 GMT
age: 61967
etag: "349ea78f3ad0f2f7376ba22e417226b2e06806d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
shipperslinkgh.com/nfos/images/clients/5.jpg
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/clients/5.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/clients/5.jpg HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 6dc7dc5c-88e9-4550-abf0-f16965ab7cd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bF_38GKXoAMFwSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636579cc-28ea4125437c31cc34683fb7;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 20:45:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q0yZmbExDP4tH0n1n2qj_NR2Mv_y_dsO0LJ1RKZoS6Me-NLbhpUWqw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 09:08:56 GMT
age: 21576
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a2bb539-06cb-47fd-8d3c-7043929bfeaa.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a2bb539-06cb-47fd-8d3c-7043929bfeaa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 71473fb15e07b9c973e7368bdd2c2eb7
e5e369ed7b77ff7639bffc16da2f2ca6c035421c
a7e72e22f9d0204e2be1f21fe1c66c8469c5b14ef3b4c64f3cf2335ba5365618
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a2bb539-06cb-47fd-8d3c-7043929bfeaa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9336
x-amzn-requestid: fb33f029-9d6c-40df-aab2-bdb139d8dedb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAKOGdEIAMFujA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697a41-53c235ce324b4e896b401a40;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wiVqhBy98fSb32WK61Z0nQQH1XMnTnD-XPqmNZkCYqnvMY7dzsSudw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:40:30 GMT
age: 62882
etag: "e5e369ed7b77ff7639bffc16da2f2ca6c035421c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
shipperslinkgh.com/nfos/images/clients/6.jpg
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/clients/6.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/clients/6.jpg HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/testimonials/5.png
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/testimonials/5.png
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/testimonials/5.png HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
shipperslinkgh.com/nfos/images/footer-logo.png
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/nfos/images/footer-logo.png
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /nfos/images/footer-logo.png HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 89d3b51d06a660181b023005fb2396a4
df0483119c2dfc20349c6aa00ddbc399e0ef03f0
51f52c22a57c3fbbdb9411641234063b9c8ce79a61a72fa81e7570ef2171220d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5433
Cache-Control: max-age=146821
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:08:32 GMT
Etag: "6369f63c-1d7"
Expires: Thu, 10 Nov 2022 07:55:33 GMT
Last-Modified: Tue, 08 Nov 2022 06:25:00 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
142.250.74.106403 Forbidden 132 B URL HTTP/1.1 maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP 142.250.74.106:0
File type JSON data\012- , ASCII text
Hash 3c954b0fdf7d56714cf712d02e0bf056
5c5acb630475cc6198b7191ba1adf49d72dd82f9
effda9280db937a1b47807f746c2797cdd1d44ffc3af3e1eee40306d7a9fe632
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://shipperslinkgh.com
Connection: keep-alive
Referer: http://shipperslinkgh.com/
HTTP/1.1 403 Forbidden
Vary: Origin, X-Origin, Referer
Content-Type: application/json; charset=UTF-8
Content-Encoding: gzip
Date: Tue, 08 Nov 2022 15:08:32 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
Content-Length: 132
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: http://shipperslinkgh.com
Access-Control-Expose-Headers: vary,vary,vary,content-encoding,date,server,content-length
connect.facebook.net/en_US/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1961)
Hash bd44b330908584062f6e8f3a63de303c
abd7faa3092c03bf4ae83a6f611fd2c879c8469b
63383c4198085de4e51b10c96ef46c5957577f71277089e7ee222eceb9e5a38e
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://shipperslinkgh.com
Connection: keep-alive
Referer: http://shipperslinkgh.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: a97d40777213c2eee7d2de213589a9b5
etag: "87b91c2e7d858bb6b639738ac0ac925e"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Tue, 08 Nov 2022 15:10:34 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: vUSzMJCFhAYvbo86Y94wPA==
x-fb-debug: bR8igqlbIn0sWSZv49Y+vENySx8dVGM138Dg9u+JCwLD+FZFr2eLtajZXB6j6Hfv1tB8IisyZ2GwX9815inGQA==
content-length: 1686
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 89d3b51d06a660181b023005fb2396a4
df0483119c2dfc20349c6aa00ddbc399e0ef03f0
51f52c22a57c3fbbdb9411641234063b9c8ce79a61a72fa81e7570ef2171220d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5433
Cache-Control: max-age=146821
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:08:32 GMT
Etag: "6369f63c-1d7"
Expires: Thu, 10 Nov 2022 07:55:33 GMT
Last-Modified: Tue, 08 Nov 2022 06:25:00 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/sdk.js?hash=ba68c672c88a1fd128e953ed1e1f7108
31.13.72.12200 OK 87 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=ba68c672c88a1fd128e953ed1e1f7108
IP 31.13.72.12:0
File type ASCII text, with very long lines (13192)
Hash 504fc9d30ab95665f3031fedff73acce
5b97c980d76ff44aa50b3c3f3af578eaf71bfb33
f95d8b8392c85de34fc5e38aae9cedfbbb8c7317742e48af9b0521cefc3123d6
GET /en_US/sdk.js?hash=ba68c672c88a1fd128e953ed1e1f7108 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://shipperslinkgh.com
Connection: keep-alive
Referer: http://shipperslinkgh.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 236fa6cf257fa4264368fdbb65a717cd
etag: "534cf50da3d008f57bb98ce670e24c99"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 08 Nov 2023 13:34:59 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: UE/J0wq5VmXzAx/t/3Oszg==
x-fb-debug: gEGCQNo17sqxuzmjEMwOeuPlEMvegnafbc46hhPwev0gKLUchqRdXdTA7q4njmAQXj425aDl8CsjfF5kBGCMkw==
priority: u=3,i
content-length: 86891
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
shipperslinkgh.com/favicon.ico
208.91.199.18200 OK 5.9 kB URL HTTP/1.1 shipperslinkgh.com/favicon.ico
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (558), with CRLF, LF line terminators
Hash ad280efe8456b85574f8fa55ba01c6e4
e255ac2861a852be20a88a17a889f5520a921cb3
2acbd60edfb1ded706590fe105c3462f7b089ccae660935e3e11c48d86f6ef03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: shipperslinkgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/nfos/qakbot.zip
HTTP/1.1 200 OK
Date: Tue, 08 Nov 2022 15:08:32 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5879
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/eI-Z_8po6XG.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 5.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yH/l/0,cross/eI-Z_8po6XG.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (4431)
Hash 64001d0d115194ba64aad8ad8c22102a
f1c49b8f3f36db11db9a8e1e367b9c735250c289
b345a4d95d4cb15f6cfe6b9c3273fc1923cb82bd59ab3bb1c0fddd2dbc33339e
GET /rsrc.php/v3/yH/l/0,cross/eI-Z_8po6XG.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 07 Nov 2023 19:29:33 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: ZAAdDRFRlLpkqtitjCIQKg==
x-fb-debug: eiJPQ3rCpk4ccoAcQ77gLB2sEKkGT804i5sKYvgjeJOcj2GBE+p0Fr0U7MJfmNqLqMaeKeSJpPCbIXL5pwgVGA==
priority: u=3,i
content-length: 5156
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 827 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (724)
Hash 29973cf3b0ef9f16fe31ed981b2f6573
f22eb80b89b5e0ae9ace854aab6676d56eaef6a1
476822c80e0a0ee078edb7a74db59378f8b1d43d2de844e28a9e9c2f68a4c8d8
GET /rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 27 Oct 2023 19:33:05 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: KZc887Dvnxb+Me2YGy9lcw==
x-fb-debug: g4bcggfqaqB6Bja//OmajfUrx0iD2yV41F2rYNqDegICxI5i6HgojQBI/xCVMRSxvmDHzQHeNxDWlSGFOXronA==
content-length: 827
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yM/r/WNuD0ewp6xQ.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 91 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yM/r/WNuD0ewp6xQ.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (18630)
Hash 2735f6f13ab0e68d5d21650e8d76d90d
fac3c804bd2c335c0c6aa615a0f6bd9197d5ed87
1744afaa9fc41238e9cfa2073844a8c1ed9c80093e5f1555fc93acfbec268b5d
GET /rsrc.php/v3/yM/r/WNuD0ewp6xQ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 08 Nov 2023 01:32:04 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: JzX28Tqw5o1dIWUOjXbZDQ==
x-fb-debug: bC5+aa5Je0InC3pf1rVrCdTR4TP6lFHLdvrsN0ce1Cc3jv3cHGvzYTQToVx8+qOeVfHGmJ0JfNlleTuHo1Q+uQ==
content-length: 91137
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 1.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (1984)
Hash 16f083b23b565db9d2f20d1ad75933c1
6d74ad139c96b1e3fc9d541419788b5b4893ec9a
36b909cd9132a8996a1bbb221d05217c31506a6951bb408deeea6aa612dc4200
GET /rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 03 Nov 2023 05:04:25 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: FvCDsjtWXbnS8g0a11kzwQ==
x-fb-debug: 00IrCbBbnm9vzmEGDumL0sh3nuf2iWdTpefIOOCSnTUUmtz+z/FyUfmUD4SQEeD9WcEh83B1Vahq8P4hknaGTg==
content-length: 1657
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y5/r/NXJxRmgihgl.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y5/r/NXJxRmgihgl.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (5542)
Hash ff2d2eee60e0c67cd2f5a88064e1739b
7f358686932b0d389e033443b60ffefa22115e2e
adfde198ab91ca51a572f6c857570fb93f33f7ae665d5b2dc45d041ccbdec431
GET /rsrc.php/v3/y5/r/NXJxRmgihgl.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 02 Nov 2023 18:54:51 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: /y0u7mDgxnzS9aiAZOFzmw==
x-fb-debug: u0ErtjzKSWyT9AkarcT9SHjB4/8h/uqL/185UEMWktiYoif9mxfqfQ0rqXGbXKwwAnF0CGMSHrfxyLyD1Ub9Zw==
priority: u=3,i
content-length: 12270
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/ys/r/ojzICpVg5Kb.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/ys/r/ojzICpVg5Kb.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type C source, ASCII text, with very long lines (8749)
Hash c2b0fc32b893b1c243b3a27bcc5799cd
a9a85686e79bf7bba56cf1a7883b89447096eb54
f84f8dc2511cfbed3abe4ae7dd9c8e02c02260e0824eddaf69f2d54f3994a726
GET /rsrc.php/v3/ys/r/ojzICpVg5Kb.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 05 Nov 2023 03:23:46 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: wrD8MriTscJDs6J7zFeZzQ==
x-fb-debug: ZeaG4nczRFV9qJrZM59ZmYklxtldDRvk75b6fH34gkz1gMCEFsaTtetQwAT3aF82JRPYbxFDD5vVyCK2+3MHGg==
priority: u=3,i
content-length: 16259
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y_/r/wTglN12iuj9.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 8.6 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y_/r/wTglN12iuj9.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type C source, ASCII text, with very long lines (10494)
Hash 7a251324c979f281c33a391e28e632b5
d923ec35e14b92409ad05bed1ff3a018a10edb4e
3508e37a9692eac38f87221db9769070a336586c499a49c80b1b6fdf2d111c58
GET /rsrc.php/v3/y_/r/wTglN12iuj9.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 04 Nov 2023 06:45:01 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: eiUTJMl58oHDOjkeKOYytQ==
x-fb-debug: AswBv4pVAxG8MkcovIF8KNGw7E3tjgVbc2E8fb60hQlg1iVYNeYHKYf73/PR3fzitQW528N6ApzJT2w2s778pQ==
content-length: 8632
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yl/r/SuHirPIqipH.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 8.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yl/r/SuHirPIqipH.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (9885)
Hash 0eaa197a5c011011e1489f411b042249
9ba134dd641bbbc6ce70619ccd94f5d5ef47a899
145cfec975ec864e6589409173f8f9fee2a59faf0ce28c42889897e812ab9ac4
GET /rsrc.php/v3/yl/r/SuHirPIqipH.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 31 Oct 2023 20:10:15 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: DqoZelwBEBHhSJ9BGwQiSQ==
x-fb-debug: yFSTPf9aHCGcyulbBG2ye1uEtO6uRbNdzUijFwGA9MyDesJEtfw60dXhmic10Dug+H1qEox4CIVne1nj6DcCzg==
content-length: 8222
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iLl54/yH/l/en_US/9ceEMw7kTfT.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 7.1 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iLl54/yH/l/en_US/9ceEMw7kTfT.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (2905)
Hash 950c261533c6a05f36c3ec2562963ecb
65cbaffa72eb8dafe5b43aec833435170c02b15d
4c9b051d6cba504010fc8ebdba2ca7da807224e44ad7e9798bb25b90069a3e11
GET /rsrc.php/v3iLl54/yH/l/en_US/9ceEMw7kTfT.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 31 Oct 2023 20:10:19 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: lQwmFTPGoF82w+wlYpY+yw==
x-fb-debug: 13t86O1M9DDsMwuTuYJ9iHHjy1D4DmDIoaZn1iZikhDq39+hHiXsu3jXeEJGr8g98egndLLqFp4sag+ChL7QYw==
content-length: 7089
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yC/l/en_US/I52F_owkvX4.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 23 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEpO4/yC/l/en_US/I52F_owkvX4.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (41977)
Hash e5ac274375457b828912871811b4be94
3bbd528facf279eab4dc093a7fad9dbc837689eb
602f6ee48130b3bcb4e21f4307bd1c83d110182e1fb4cb8f118171d10c6f5ae4
GET /rsrc.php/v3iEpO4/yC/l/en_US/I52F_owkvX4.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 02 Nov 2023 19:19:47 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 5awnQ3VFe4KJEocYEbS+lA==
x-fb-debug: A69DPQXhkxcqr8dhq9gxsPnfUKmSBxAmHB1DiK5n9OBFY9YKN4sHzuSG6TTw/KAmtV3VGX6Zl/E3RELd2smEhA==
priority: u=3,i
content-length: 23273
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 7.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (4061)
Hash d1ba68f146b01f4aef60d79aadb926ea
c6b4703c25d07fd2363e5d67d11e4846d9979b26
abbff04acf96f39a3121ed97505b5a23cbeee9057dd7040c58c4e423c899805d
GET /rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 02 Nov 2023 18:54:51 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 0bpo8UawH0rvYNearbkm6g==
x-fb-debug: nETVm4WUsTBjWzPPz30+NcQ/dUZibWclH+7BC3skx38X1frzgZPa413yNFDo1GF9yx7utvfMwnrRvZAKq6brWw==
content-length: 7236
x-fb-trip-id: 2074150462
date: Tue, 08 Nov 2022 15:08:32 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
scontent-arn2-2.xx.fbcdn.net/v/t1.6435-9/143360705_102385568537012_6100133757079661370_n.jpg?stp=dst-jpg_p370x247&_nc_cat=100&ccb=1-7&_nc_sid=85a577&_nc_ohc=0tUcOphDX_QAX8KtYQy&_nc_ht=scontent-arn2-2.xx&oh=00_AfAMTwOvOFqJUq4mh_9x2byRZsjix_h5yJ48o4Erext0Tg&oe=6391F4C4
157.240.194.27200 OK 16 kB URL HTTP/2 scontent-arn2-2.xx.fbcdn.net/v/t1.6435-9/143360705_102385568537012_6100133757079661370_n.jpg?stp=dst-jpg_p370x247&_nc_cat=100&ccb=1-7&_nc_sid=85a577&_nc_ohc=0tUcOphDX_QAX8KtYQy&_nc_ht=scontent-arn2-2.xx&oh=00_AfAMTwOvOFqJUq4mh_9x2byRZsjix_h5yJ48o4Erext0Tg&oe=6391F4C4
IP 157.240.194.27:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 370x370, components 3\012- data
Hash 597a50ca5b9d1fd3bea4f366433abeaa
27bf2311cbf76df310d213df3586b7e5a41887de
679cce73777f94d7d0cf1599cbe66bd2d02cfa46122f6af829eca197e9be905a
GET /v/t1.6435-9/143360705_102385568537012_6100133757079661370_n.jpg?stp=dst-jpg_p370x247&_nc_cat=100&ccb=1-7&_nc_sid=85a577&_nc_ohc=0tUcOphDX_QAX8KtYQy&_nc_ht=scontent-arn2-2.xx&oh=00_AfAMTwOvOFqJUq4mh_9x2byRZsjix_h5yJ48o4Erext0Tg&oe=6391F4C4 HTTP/1.1
Host: scontent-arn2-2.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Tue, 26 Jan 2021 12:13:27 GMT
x-haystack-needlechecksum: 3197764788
x-needle-checksum: 2397286769
content-type: image/jpeg
content-digest: adler32=2835485919
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 15573
x-fb-trip-id: 1904183273
date: Tue, 08 Nov 2022 15:08:33 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
maps.google.com/maps-api-v3/api/js/50/12a/common.js
216.58.211.14200 OK 254 kB URL HTTP/1.1 maps.google.com/maps-api-v3/api/js/50/12a/common.js
IP 216.58.211.14:0
File type ASCII text, with very long lines (581)
Size 254 kB (253994 bytes)
Hash 7caaf941be566b5a0ab845ebbe6fa41c
6baa9fd462731f60d53390e8e808bca815601226
b7f6913366b53872adac07cbd9708d54830a578b5a59e6fcb600e32b340fa1bc
GET /maps-api-v3/api/js/50/12a/common.js HTTP/1.1
Host: maps.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding, Origin
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="maps-api-js"
Report-To: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
Content-Length: 253994
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 07 Nov 2022 18:35:11 GMT
Expires: Tue, 07 Nov 2023 18:35:11 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 04 Nov 2022 20:14:02 GMT
Content-Type: text/javascript
Age: 74005
maps.google.com/maps-api-v3/api/js/50/12a/util.js
216.58.211.14200 OK 170 kB URL HTTP/1.1 maps.google.com/maps-api-v3/api/js/50/12a/util.js
IP 216.58.211.14:0
File type ASCII text, with very long lines (590)
Size 170 kB (169553 bytes)
Hash 0b9b4e5d1bc7a1ae4ca5568310adcc16
8cb5a2a559d5d30b15e5feadea686192f2474462
9c794b1db0cce54971541669b8c23bbe83b3406db2d70eecac666136e6627b93
GET /maps-api-v3/api/js/50/12a/util.js HTTP/1.1
Host: maps.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shipperslinkgh.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding, Origin
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="maps-api-js"
Report-To: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
Content-Length: 169553
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 07 Nov 2022 18:35:11 GMT
Expires: Tue, 07 Nov 2023 18:35:11 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 04 Nov 2022 20:14:02 GMT
Content-Type: text/javascript
Age: 74005
www.facebook.com/v9.0/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2e43bce9c6fbc2%26domain%3Dshipperslinkgh.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fshipperslinkgh.com%252Ff116221da7e5254%26relation%3Dparent.parent&container_width=1252&hide_cover=false&href=https%3A%2F%2Fweb.facebook.com%2FShippers-Link-Agency-Company-Limited-102381255204110&locale=en_US&sdk=joey&show_facepile=true&small_header=false&tabs=timeline&width=800
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/v9.0/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2e43bce9c6fbc2%26domain%3Dshipperslinkgh.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fshipperslinkgh.com%252Ff116221da7e5254%26relation%3Dparent.parent&container_width=1252&hide_cover=false&href=https%3A%2F%2Fweb.facebook.com%2FShippers-Link-Agency-Company-Limited-102381255204110&locale=en_US&sdk=joey&show_facepile=true&small_header=false&tabs=timeline&width=800
IP 31.13.72.36:0
GET /v9.0/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2e43bce9c6fbc2%26domain%3Dshipperslinkgh.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fshipperslinkgh.com%252Ff116221da7e5254%26relation%3Dparent.parent&container_width=1252&hide_cover=false&href=https%3A%2F%2Fweb.facebook.com%2FShippers-Link-Agency-Company-Limited-102381255204110&locale=en_US&sdk=joey&show_facepile=true&small_header=false&tabs=timeline&width=800 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shipperslinkgh.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
facebook-api-version: v9.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: EnKgnBOJf6Iv/f74ttakZpFP30Dg+PL1qZL+NwuKhF8CDJuuKBglNpC14IxihqCmIdo0Ru7rFHbDsWmKXHheYQ==
date: Tue, 08 Nov 2022 15:08:32 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2