Report - cloudsoft.or.ke/xpra/X/eakdZkYIo.zip

Report Overview

Submitted URL
cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
IP
144.91.69.83
ASN
#51167 Contabo GmbH
Submitted
2022-11-19 01:25:48
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
58

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	686 B	1.4 kB	142.250.74.35
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	52 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.9 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	54.148.69.31
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-10T12:25:49Z	425 B	633 B	142.250.74.10
cloudsoft.or.ke	unknown	2020-12-06T10:31:32Z	2023-02-22T02:00:26Z	7.3 kB	153 kB	144.91.69.83
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	1.7 kB	4.4 kB	23.36.76.226
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	682 B	1.6 kB	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-19	medium	cloudsoft.or.ke/xpra/X/eakdZkYIo.zip	Malware
2022-11-19	medium	cloudsoft.or.ke/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1	Malware
2022-11-19	medium	cloudsoft.or.ke/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5	Malware
2022-11-19	medium	cloudsoft.or.ke/wp-includes/css/classic-themes.min.css?ver=1	Malware
2022-11-19	medium	cloudsoft.or.ke/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5	Malware
2022-11-19	medium	cloudsoft.or.ke/wp-includes/css/dashicons.min.css?ver=6.1.1	Malware
2022-11-19	medium	cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.1.0	Malware
2022-11-19	medium	cloudsoft.or.ke/wp-content/themes/zakra/style.css?ver=6.1.1	Malware
2022-11-19	medium	cloudsoft.or.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0	Malware
2022-11-19	medium	cloudsoft.or.ke/wp-includes/js/jquery/jquery.min.js?ver=3.6.1	Malware
2022-11-19	medium	cloudsoft.or.ke/wp-content/themes/zakra/assets/css/woocommerce.css?ver=2.0.9	Malware
2022-11-19	medium	cloudsoft.or.ke/wp-content/plugins/ParticleJs-WP-Plugin-master//includes/particles.js?ver=6.1.1	Malware
2022-11-19	medium	cloudsoft.or.ke/xpra/X/eakdZkYIo.zip	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed
2022-11-19	medium	cloudsoft.or.ke	Sinkholed

JavaScript (20)

	URL	Size	First Seen	Last Seen
	cloudsoft.or.ke/xpra/X/eakdZkYIo.zip	135 B	2023-03-07	2024-04-26
Pretty URL cloudsoft.or.ke/xpra/X/eakdZkYIo.zip IP 144.91.69.83 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:50 Last Seen2024-04-26 17:44:24 Times Seen26609 Hash 3f82b089cf163a5417b3edb4687151f7 28436f92ab540ff08b12fdefddc7da67ba0f04f7 5ba9af6f12e99663f8f04285ef3d4ffd4cdbca820bccbc2dda9c40f805b5a850 Loading...

	cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.1.0	2.1 kB	2023-03-07	2024-04-26
Pretty URL cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.1.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-26 05:04:06 Times Seen22410 Hash b72c1cbb1530a011a27bd9800f26765a 27b825c5d8255f33b8427a059d4545ebd65e1746 a256fccecac3b32ab73c91d79a18747519a1a18023be05465c933b03523a82e8 Loading...

	cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.1.0	2.9 kB	2023-03-07	2024-04-26
Pretty URL cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.1.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-26 05:04:06 Times Seen13991 Hash 0fd625c3991a4015814cffdc88e2fc82 d7c2f53e058210ff3ea773297641008bab71a5f3 2d022db650d194d935faea46a40e5512235b43bc3f8b181e32ce6d3dd745f4e1 Loading...

	cloudsoft.or.ke/wp-content/themes/zakra/assets/js/skip-link-focus-fix.min.js?ver=20151215	327 B	2023-03-07	2024-04-26
Pretty URL cloudsoft.or.ke/wp-content/themes/zakra/assets/js/skip-link-focus-fix.min.js?ver=20151215 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:39 Last Seen2024-04-26 16:31:08 Times Seen383 Hash b7b6e579a57c814b14a614d68ce77e57 d12679187a5f852bff1623c3d865d900d432f648 a8c2b783dfb2a8ae80f75f9b271024777ef513e93fe8b220c0df95ed8fe3a4a0 Loading...

	cloudsoft.or.ke/xpra/X/eakdZkYIo.zip	2.1 kB	2023-03-08	2023-03-29
Pretty URL cloudsoft.or.ke/xpra/X/eakdZkYIo.zip IP 144.91.69.83 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:08:09 Last Seen2023-03-29 23:50:30 Times Seen2 Hash edd9b4ba27ec69dfa65932728b351d69 fbf0cf306e12623bc83ad05a6c190cbbae33b3f4 bc8f4fa37c5a4452760dc1257771732e7293f62bff4780cfcb87aeaaf859225b Loading...

	cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.1.0	9.5 kB	2023-03-08	2024-04-26
Pretty URL cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.1.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:24:31 Last Seen2024-04-26 05:04:06 Times Seen14390 Hash 4ffc462852340d9e6b5b7b29276fcb71 5e04050e09e3f7d8107ef3b9aa9313be618c460e 18336635cd5e9edf2aff3ae18b67250684311c2a459457091b063dafba57d526 Loading...

	cloudsoft.or.ke/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1	19 kB	2023-03-07	2024-04-26
Pretty URL cloudsoft.or.ke/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-26 21:27:40 Times Seen38069 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	cloudsoft.or.ke/wp-content/plugins/ParticleJs-WP-Plugin-master//includes/particles.js?ver=6.1.1	43 kB	2023-03-07	2023-04-01
Pretty URL cloudsoft.or.ke/wp-content/plugins/ParticleJs-WP-Plugin-master//includes/particles.js?ver=6.1.1 IP 144.91.69.83 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:33 Last Seen2023-04-01 10:53:00 Times Seen3 Hash 2b005b680fac969c1d428b62a3208b2d d8f746c0da89cb91375eeae96378d6da01c024f2 012509febb43770fc97e124d3b0496d71efcf76919aee181ae8825bfb37bb0e0 Loading...

	cloudsoft.or.ke/xpra/X/eakdZkYIo.zip	58 B	2023-03-07	2023-04-01
Pretty URL cloudsoft.or.ke/xpra/X/eakdZkYIo.zip IP 144.91.69.83 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:33 Last Seen2023-04-01 10:53:00 Times Seen3 Hash 4bebb9723c902e7332c2b37cf95dcc57 b0fcbe9eb8cac03e27281ff127afce9969735cb6 202805938653b8274267eead65a3ef5e5a43e8ab583093a381646f63b8d8c762 Loading...

	cloudsoft.or.ke/xpra/X/eakdZkYIo.zip	294 B	2023-03-07	2023-04-01
Pretty URL cloudsoft.or.ke/xpra/X/eakdZkYIo.zip IP 144.91.69.83 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:33 Last Seen2023-04-01 10:53:00 Times Seen3 Hash cf96c43899923b68dadb5658af36dced 3fed6dccb590320f546b61272ced421eea0f17b7 a6ef33e5558b6f9ee02e667f1f4441832b4cc08d67751ee3432f996eaddd935e Loading...

	cloudsoft.or.ke/wp-content/themes/zakra/assets/js/navigation.min.js?ver=20151215	4.3 kB	2023-03-07	2024-02-27
Pretty URL cloudsoft.or.ke/wp-content/themes/zakra/assets/js/navigation.min.js?ver=20151215 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:33 Last Seen2024-02-27 08:55:25 Times Seen38 Hash 9fa1f7fe7fa1d0d2a508a4231d851f28 e148e9070863996bb8de81247a99fa3fdecdc73d 288e3d7602e9ad7bfe61677c3f77d740920ff37142f7df55a44ade37fe95bdba Loading...

	cloudsoft.or.ke/xpra/X/eakdZkYIo.zip	2.0 kB	2023-03-07	2023-04-01
Pretty URL cloudsoft.or.ke/xpra/X/eakdZkYIo.zip IP 144.91.69.83 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:33 Last Seen2023-04-01 10:53:00 Times Seen3 Hash 6c471f47b9df3d456552db3a3378b181 cc485342d7ec905638fb3dbaee43f8cb07dcc543 fb4d537e48d281adb69785ae9bc2a96a9b3a1c08dddaab13cf8f4a843d19eb4c Loading...

	cloudsoft.or.ke/xpra/X/eakdZkYIo.zip	152 B	2023-03-07	2024-04-26
Pretty URL cloudsoft.or.ke/xpra/X/eakdZkYIo.zip IP 144.91.69.83 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-26 17:44:24 Times Seen19935 Hash b8c40bf7c92768058d743847cccdb147 4fbbbcb2dda4d05e2e58bf43330c559b4165fc0b 7872ff233c7b2bfa962f491d0575e71f0b0b487bc63899ff4c72c7c9d5197688 Loading...

	cloudsoft.or.ke/xpra/X/eakdZkYIo.zip	250 B	2023-03-07	2023-04-01
Pretty URL cloudsoft.or.ke/xpra/X/eakdZkYIo.zip IP 144.91.69.83 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:33 Last Seen2023-04-01 10:53:00 Times Seen3 Hash 6ef35e8931315a09437c2b4f8462da05 b36499e21d86b4c096373cff5496ce733b7109a4 eccb785e043cb99fbc92635a93d581767e56f26ac8fbf83aaadf615f5ef625f9 Loading...

	cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.1.0	3.0 kB	2023-03-08	2024-04-26
Pretty URL cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.1.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:24:31 Last Seen2024-04-26 05:04:06 Times Seen11378 Hash f449e3e4a7c058f7c48f57e05c788fb0 e7b0c58a1a14c14a92e452cc544b312ed91fa52e bfd861dc2936299f52adca1da826c273dced7c77ad4c33d31916ad55ab354e89 Loading...

	cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.1.0	1.8 kB	2023-03-07	2024-04-26
Pretty URL cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.1.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:35 Last Seen2024-04-26 05:04:06 Times Seen21609 Hash d0a6d8547c66b0d7b0172466558d1208 ff93916519c7b9483251f609e4d29f38c30a66e3 3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612 Loading...

	cloudsoft.or.ke/wp-includes/js/jquery/jquery.min.js?ver=3.6.1	90 kB	2023-03-08	2024-04-26
Pretty URL cloudsoft.or.ke/wp-includes/js/jquery/jquery.min.js?ver=3.6.1 IP 144.91.69.83 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:46 Last Seen2024-04-26 21:27:40 Times Seen31835 Hash 17738318d61d394f1de8890d589afaec f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3 cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Loading...

	cloudsoft.or.ke/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	11 kB	2023-03-07	2024-04-26
Pretty URL cloudsoft.or.ke/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP 144.91.69.83 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-26 21:27:40 Times Seen68680 Hash 79b4956b7ec478ec10244b5e2d33ac7d a46025b9d05e3df30d610a8aef14f392c7058dc9 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Loading...

	cloudsoft.or.ke/xpra/X/eakdZkYIo.zip	130 B	2023-03-07	2024-04-02
Pretty URL cloudsoft.or.ke/xpra/X/eakdZkYIo.zip IP 144.91.69.83 ASN #51167 Contabo GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:39 Last Seen2024-04-02 01:58:54 Times Seen518 Hash b3ea79b734a4cd996cde38736d5f1347 a8d89ab9ebd6bd7e1287e35382449e1e759df078 0e284f72f2f8837a0155c664ddf8731d717f95d5baff0e547fef8a2d35413344 Loading...

	cloudsoft.or.ke/wp-content/themes/zakra/assets/js/zakra-custom.min.js?ver=6.1.1	4.7 kB	2023-03-07	2024-04-02
Pretty URL cloudsoft.or.ke/wp-content/themes/zakra/assets/js/zakra-custom.min.js?ver=6.1.1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:39 Last Seen2024-04-02 01:58:55 Times Seen60 Hash bff8b39c1c82c27f15cc63fe6a2211c3 3faa4bed1b078832c5bd85d5ced141cba5c9414b dcacba7bc2cd88af90643a62401488370319920d1f8081904e1f9a8e7a0fa385 Loading...

HTTP Transactions (37)

URL IP Response Size

cloudsoft.or.ke/xpra/X/eakdZkYIo.zip

144.91.69.83

301 Moved Permanently

707 B

URL HTTP/1.1
cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /xpra/X/eakdZkYIo.zip HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sat, 19 Nov 2022 01:25:37 GMT
server: LiteSpeed
location: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
30c30d01178fc74ac5266ee64c3ee85b
c0c2af8a864c00aa85a8775d55f85ab107150a3b
c15644f69fbfeb99074c7e9711dfc9452ee164fa78eb981b6bae4fb7e3585f2a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C15644F69FBFEB99074C7E9711DFC9452EE164FA78EB981B6BAE4FB7E3585F2A"
Last-Modified: Wed, 16 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19777
Expires: Sat, 19 Nov 2022 06:55:14 GMT
Date: Sat, 19 Nov 2022 01:25:37 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
67f53a639d57dd6237b5be86fe4f6c1b
287f09532dc331228d09c20b75f4160e91e9800a
41913a8af366685c42af59e9d8e02fccedbe68a3313d2d9fe353deb0c1019075

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1402
Cache-Control: max-age=120532
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 01:25:37 GMT
Etag: "63775eeb-1d7"
Expires: Sun, 20 Nov 2022 10:54:29 GMT
Last-Modified: Fri, 18 Nov 2022 10:31:07 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4e84f361a3c81abc5d665a5f441452a8
7aa4b9cb0a7ba1daa514dbb48fe8e74fdf09b60d
04d64920cc8e6b096841938b0c1140889f5d7a04eabd440934a31f1c7ab90352

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04D64920CC8E6B096841938B0C1140889F5D7A04EABD440934A31F1C7AB90352"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2668
Expires: Sat, 19 Nov 2022 02:10:05 GMT
Date: Sat, 19 Nov 2022 01:25:37 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 19 Nov 2022 00:45:04 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2433
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 4QJT2oIGknvaEifFpl2I7GgFOmZqlWTibnU6vxdscxKGMc+AQT2ljG/Y/crgVQ97yAaXLCxzX6E8Uh3/vLqs1g==
x-amz-request-id: WQ0VANMVHRVDRZ52
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 19 Nov 2022 01:15:49 GMT
age: 588
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 19 Nov 2022 01:25:37 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1

144.91.69.83

200 OK

12 kB

URL HTTP/2
cloudsoft.or.ke/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
ASCII text, with very long lines (47826)
Size
12 kB (11616 bytes)
Hash
c4d7cc056b49b00e05cc29cc59aa3d5a
48c426bec60099d2a8628df430ed682c72aab42a
8009c12f2674a8d38401f4b5faad1fef2cfcd18a8c927ed2561ae9d7de9b57b5

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 06:40:27 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11616
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5

144.91.69.83

200 OK

1.8 kB

URL HTTP/2
cloudsoft.or.ke/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
ASCII text, with very long lines (10435), with no line terminators
Size
1.8 kB (1754 bytes)
Hash
f7237084ac82ea6a4f5bf1448c3a2148
60457635a5e809ee1199c61090d8e33b91e8e1f2
18a1cb7f08c1ace52a79f46d73461ed03bf8cf5c9e8a3687eacc3e04f08e7a09

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.7.5 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: text/css
last-modified: Fri, 11 Nov 2022 18:40:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1754
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 01:25:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cloudsoft.or.ke/wp-includes/css/classic-themes.min.css?ver=1

144.91.69.83

200 OK

144 B

URL HTTP/2
cloudsoft.or.ke/wp-includes/css/classic-themes.min.css?ver=1
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
ASCII text
Size
144 B (144 bytes)
Hash
fcbd239f30d9a6dd1f3637f291143d37
2871bf7d98af3f43e42f7fa32808048e7134fabf
c2f98e9d71f782b7a3266cd337c61ae6c8dcbb7203669c07852aa2ab65ab6144

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: text/css
last-modified: Thu, 03 Nov 2022 18:42:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 144
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-content/plugins/everest-forms/assets/css/everest-forms.css?ver=1.9.6

144.91.69.83

200 OK

3.7 kB

URL HTTP/2
cloudsoft.or.ke/wp-content/plugins/everest-forms/assets/css/everest-forms.css?ver=1.9.6
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
ASCII text, with very long lines (31797), with no line terminators
Size
3.7 kB (3679 bytes)
Hash
83435a28b9a534cf4fd0e4547d37a53e
595342c0fac0cb7e7777d662c3e7fa7cb3e779ad
46cef38baec7407d71f72525f895ab106ca94607632cd6bdd5c2fef5c4fea964

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/everest-forms/assets/css/everest-forms.css?ver=1.9.6 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: text/css
last-modified: Thu, 17 Nov 2022 18:40:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3679
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5

144.91.69.83

200 OK

23 kB

URL HTTP/2
cloudsoft.or.ke/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Size
23 kB (22871 bytes)
Hash
0c6730c96c60030ddaf42fcf5daf3b17
feb4c0071f27718582e58d365022a1b559de5765
d996bec53b493bc579754f29f7d6d0b5332f3354c860a3787e2365a79c44f995

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.7.5 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: text/css
last-modified: Fri, 11 Nov 2022 18:40:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 22871
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 19 Nov 2022 01:25:01 GMT
cache-control: public,max-age=3600
age: 37
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-includes/css/dashicons.min.css?ver=6.1.1

144.91.69.83

200 OK

35 kB

URL HTTP/2
cloudsoft.or.ke/wp-includes/css/dashicons.min.css?ver=6.1.1
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
ASCII text, with very long lines (58981)
Size
35 kB (35110 bytes)
Hash
54c5bfb8a890d87139d9abfe01662c83
f9eddf5b8a3269e6d6fa40b4f13083705e6267c6
9685e5cabe4efc8c85e986725af8009b306416aad3ecc9086ca5bb12b84ce4ef

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-includes/css/dashicons.min.css?ver=6.1.1 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: text/css
last-modified: Wed, 03 Mar 2021 23:46:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 35110
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.1.0

144.91.69.83

200 OK

8.4 kB

URL HTTP/2
cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.1.0
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
Unicode text, UTF-8 text, with very long lines (62781), with no line terminators
Size
8.4 kB (8434 bytes)
Hash
6688cf6da7f8e77fce4b23ecd4fa64d4
b787949222758071c1a6221f698cad9bf9b1db2e
1b0db771c94b550d2e2eb123523a8357529aa8ec8869be9e8aabb2595055f438

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.1.0 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: text/css
last-modified: Fri, 11 Nov 2022 18:40:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8434
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.1.0

144.91.69.83

200 OK

2.3 kB

URL HTTP/2
cloudsoft.or.ke/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.1.0
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
ASCII text, with very long lines (17809), with no line terminators
Size
2.3 kB (2329 bytes)
Hash
09d93f4de720fc11a2944fea38fcafcd
e46cf6a8d3373c7fa5feba0b30cd9b9983f719b2
cf900721be13309b96cf6c6f56b1c0a40194e8aea1b0a0361739219c9c0f9998

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.1.0 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: text/css
last-modified: Fri, 11 Nov 2022 18:40:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2329
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-content/themes/zakra/style.css?ver=6.1.1

144.91.69.83

200 OK

9.4 kB

URL HTTP/2
cloudsoft.or.ke/wp-content/themes/zakra/style.css?ver=6.1.1
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
ASCII text, with very long lines (1208)
Size
9.4 kB (9419 bytes)
Hash
f6dda8f28e405ce74a86852861072006
75f057314e5476f19b07e36d5d503a783f1caa6a
bb874681e82ff48cca08a47478a5441c7a80897e7be9fb0d280a893c6477b680

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/zakra/style.css?ver=6.1.1 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: text/css
last-modified: Tue, 08 Mar 2022 11:44:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 9419
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0

144.91.69.83

200 OK

6.7 kB

URL HTTP/2
cloudsoft.or.ke/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
ASCII text, with very long lines (30837)
Size
6.7 kB (6657 bytes)
Hash
5dbbe85d6a3308dceb97d91b740b0f11
3f70abf9963371962665167f98ba52365481496d
751d4fdd16bd33cc9c93bcaadcd316922ca9bbd74cb6a9e1705c8bef4330dabf

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: text/css
last-modified: Sun, 13 Nov 2022 18:40:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6657
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

144.91.69.83

200 OK

30 kB

URL HTTP/2
cloudsoft.or.ke/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
ASCII text, with very long lines (65447)
Size
30 kB (30324 bytes)
Hash
3a1740685bd5c0bbd5f2b812e1eb7fb4
488e07695da787fed18361c50292aef35abb5e81
4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 18:42:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30324
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-content/themes/zakra/assets/css/woocommerce.css?ver=2.0.9

144.91.69.83

200 OK

1.4 kB

URL HTTP/2
cloudsoft.or.ke/wp-content/themes/zakra/assets/css/woocommerce.css?ver=2.0.9
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
ASCII text
Size
1.4 kB (1354 bytes)
Hash
e8c22b055fcf5951b578dee5b08f3d98
c01d88b4ebcdc1915b4dc19b9463313c9067286c
47bb921dd08acd98f5ba19ffb9e5bffdeb00f90d5935d4c1a50791a94c5c70f5

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/themes/zakra/assets/css/woocommerce.css?ver=2.0.9 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: text/css
last-modified: Tue, 08 Mar 2022 11:44:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1354
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-content/plugins/ParticleJs-WP-Plugin-master//includes/particles.js?ver=6.1.1

144.91.69.83

200 OK

8.8 kB

URL HTTP/2
cloudsoft.or.ke/wp-content/plugins/ParticleJs-WP-Plugin-master//includes/particles.js?ver=6.1.1
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
ASCII text
Size
8.8 kB (8757 bytes)
Hash
e616185a3adf94b449dc5bfc89ec02b0
d392f36c4ff97a18016b49c5cafa9033cd10daba
5c98985db619b7ce8dcd6a644e5dcc37c000b5052fe1d7615c119358df1dbd64

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /wp-content/plugins/ParticleJs-WP-Plugin-master//includes/particles.js?ver=6.1.1 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: application/javascript
last-modified: Fri, 11 Mar 2022 17:36:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8757
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

cloudsoft.or.ke/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

144.91.69.83

200 OK

4.0 kB

URL HTTP/2
cloudsoft.or.ke/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type
ASCII text, with very long lines (11126)
Size
4.0 kB (3995 bytes)
Hash
7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 26 Nov 2022 01:25:38 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 11:36:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3995
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fe40cc6ea871d80382b6082111393fbe
281f75d0a35dc8ef908bb0500e57abd86bd5388e
6d15422cdf7a6d72d06497188f27af893682314e82ac8a189a0ee2d798cb62d7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5489
Cache-Control: max-age=119567
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 01:25:38 GMT
Etag: "63774b30-1d7"
Expires: Sun, 20 Nov 2022 10:38:25 GMT
Last-Modified: Fri, 18 Nov 2022 09:06:56 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
feaeba711c7421b074e726f89ff34e0b
c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb
ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 19 Nov 2022 01:25:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

54.148.69.31

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.69.31:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qFadlmeXShb6uswSf9ATpw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: sJRQ6ifoc3bvwtgHTWTBdqRlvmo=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19148
Expires: Sat, 19 Nov 2022 06:44:48 GMT
Date: Sat, 19 Nov 2022 01:25:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19148
Expires: Sat, 19 Nov 2022 06:44:48 GMT
Date: Sat, 19 Nov 2022 01:25:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7c5da16d7c4384a4c2454d6b0d84710
69fd80fdf2f1ce27b25617589c867cd1c6e5d2ab
a80d1b813523e44d2e59d7c2edd6919c0354873637bb15bccc88f66f5c24e05d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A80D1B813523E44D2E59D7C2EDD6919C0354873637BB15BCCC88F66F5C24E05D"
Last-Modified: Thu, 17 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19148
Expires: Sat, 19 Nov 2022 06:44:48 GMT
Date: Sat, 19 Nov 2022 01:25:40 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5730155a-f68f-483a-a61b-7d881a44a39b.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5730155a-f68f-483a-a61b-7d881a44a39b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12472 bytes)
Hash
58c1f2de229260cce98461e5c7d4d282
136e095a89fb0a5aae3e5d653906865da15df7b6
1d623baac44dce6d882e161ccf7dae4e7689fedf5904a12a8bedc2b4c6daa46b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5730155a-f68f-483a-a61b-7d881a44a39b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12472
x-amzn-requestid: 1291abd8-15e9-463f-a106-927785f93e5d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: byQ_nGwwoAMF3nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63772eca-3164b923612df3841423a11c;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 07:05:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: y-bL5D-Q2Bsjq35e-T5f84btCk1ch09dHfd_CQ7re3NN8VWRlMWzSA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 07:32:04 GMT
age: 64416
etag: "136e095a89fb0a5aae3e5d653906865da15df7b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0d2467c-b158-442b-92be-e4cb236d17fa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.0 kB (3035 bytes)
Hash
d6b026c34985bbf2ebf89a62d0724c66
72369ebeccf447fa91ef77711d6297063c99777e
e5598ada634274ab9995dedda8c1fd18344abcfdd49b3a1aaede0a86fafc0f40

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0d2467c-b158-442b-92be-e4cb236d17fa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3035
x-amzn-requestid: 3e3f3a7f-9a1d-4b37-b932-22c6e3e638f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QRcFOuoAMF_fQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6f-09dc20ea5620dd167e3f7265;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: pLsLyVnqWVp3c5Z5IavS9Xumx3cYUsungYuOLojzKNtOoRQx7-rEOQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:48:36 GMT
etag: "72369ebeccf447fa91ef77711d6297063c99777e"
content-type: image/jpeg
age: 13024
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8089 bytes)
Hash
c8f6118fc03f31862ff68fef8a2b9a7f
318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73
cdd4d44f05cc524d7f2b1d6d792ecd8a9a933e52ecb7685a7d7ea786a510ef39

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8089
x-amzn-requestid: f3c55266-9b03-4b7f-b076-fdf56704318e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QQyECioAMFzdQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6b-3e10cef6117a10a4115cfce7;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: l3euSue3hLTcBU1OSLRCDuBDeXXM2mAIz0LhADeJV-30r-dW_TFV0w==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 21:48:36 GMT
etag: "318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73"
content-type: image/jpeg
age: 13024
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141ee43e-4742-4784-a9a2-359cfa7ac9a3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9681 bytes)
Hash
859348e84041e7934b7f959f087a3679
583310946175391015cb46fcfa476cca96ebb9a9
7fba6813b2d8f06a6098b2c628580190b094c79e300744506344a3febc5f06de

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141ee43e-4742-4784-a9a2-359cfa7ac9a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9681
x-amzn-requestid: c786a64b-40d2-4de1-adee-3a6ee4d791ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brlnQGuWoAMF_Wg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637482fb-02471a5a3d5f299d33f7b026;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 06:28:11 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Vaw_JJDie7z-IE1-40wBV8wW2dlZi8TKXbf3I0ZWw4NrtWZkHT2yCg==
via: 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 16:42:12 GMT
age: 31408
etag: "583310946175391015cb46fcfa476cca96ebb9a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ca9564d-7ca4-4217-8162-042e0f55563e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6103 bytes)
Hash
84839dd7a1d5d50d40a848e92d3ae6ca
150c83236b3518afce551ef94e2c3dddc275ce3f
fb9fffd5dafa855d3f16aefcdf31f656ea5219547a91b336ab41a998ead28050

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ca9564d-7ca4-4217-8162-042e0f55563e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6103
x-amzn-requestid: 4f0d1ea8-611c-48cf-be66-dd26b6d56a93
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bubTBFxDoAMFfYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375a5ac-4222e7656cb7a56b557d5b13;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 03:08:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YM0BFDOdbIGTHNyKQWEyo2iBlYCd7FqHVuMp9zeFC-4tiGYKTI4qIg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 03:41:36 GMT
age: 78244
etag: "150c83236b3518afce551ef94e2c3dddc275ce3f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57d03484-7ccd-4a2d-81a2-0205f032f99d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6365 bytes)
Hash
f5af431deee2fb28fcc08b25f5162944
6dac89954db5946b9ac1fdca3196d8b6bb3f54c3
b22d9111361ebce06d55d14d05f4a5206ca7097b059bbe6bc02b10391b61f458

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57d03484-7ccd-4a2d-81a2-0205f032f99d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6365
x-amzn-requestid: 60bd00c0-6808-4bc5-a0cb-e4390d353d65
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: befxSFJOIAMF6Lw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636f466e-514b3be121f077d559acdb86;Sampled=0
x-amzn-remapped-date: Sat, 12 Nov 2022 07:08:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IQiCXdikH067-EmFBDjg6HCQ-ZNTCBRBhWDaScbj-U2z8aNW3Ia7zQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 18 Nov 2022 07:20:29 GMT
age: 65111
etag: "6dac89954db5946b9ac1fdca3196d8b6bb3f54c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cloudsoft.or.ke/xpra/X/eakdZkYIo.zip

144.91.69.83

404 Not Found

0 B

URL HTTP/2
cloudsoft.or.ke/xpra/X/eakdZkYIo.zip
IP
144.91.69.83:0
ASN
#51167 Contabo GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /xpra/X/eakdZkYIo.zip HTTP/1.1
Host: cloudsoft.or.ke
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-type: text/html; charset=UTF-8
link: <https://cloudsoft.or.ke/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding
date: Sat, 19 Nov 2022 01:25:38 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=-apple-system%3A400&1&display=swap&ver=2.0.9

142.250.74.10

400 Bad Request

0 B

URL HTTP/2
fonts.googleapis.com/css?family=-apple-system%3A400&1&display=swap&ver=2.0.9
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=-apple-system%3A400&1&display=swap&ver=2.0.9 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cloudsoft.or.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 400 Bad Request
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 19 Nov 2022 01:25:38 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations