Overview

URLwww.homabayassembly.go.ke/sq/ansdsudsemea
IP 170.10.162.193 (United States)
ASN#32748 STEADFAST
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-29 20:32:26 UTC
StatusLoading report..
IDS alerts0
Blocklist alert17
urlquery alerts No alerts detected
Tags None

Domain Summary (10)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-29 09:35:58 UTC 142.250.74.106
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 34.210.150.237
ocsp.pki.goog (2) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.131
r3.o.lencr.org (7) 344 No data No data 23.36.77.32
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-29 05:48:55 UTC 34.102.187.140
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-29 05:51:44 UTC 34.117.237.239
www.homabayassembly.go.ke (28) 0 2019-08-22 01:22:04 UTC 2021-02-04 05:03:20 UTC 170.10.162.193 Unknown ranking
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-29 2 www.homabayassembly.go.ke/sq/ansdsudsemea Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/plugins/download-manager/assets/fontaw (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/plugins/download-manager/assets/bootst (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/plugins/download-manager/assets/css/fr (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/plugins/piotnet-addons-for-elementor/a (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/plugins/revslider/public/assets/css/se (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/themes/oceanwp/assets/css/third/simple (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/plugins/tablepress/css/default.min.css (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/plugins/ocean-extra/assets/css/widgets (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/plugins/clever-mega-menu-for-elementor (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/plugins/clever-mega-menu-for-elementor (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/plugins/bsk-pdf-manager-pro/js/bsk_pdf (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/themes/oceanwp/assets/css/style.min.cs (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-content/plugins/elementor/assets/css/frontend. (...) Malware
2022-11-29 2 www.homabayassembly.go.ke/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Malware
2022-11-29 2 www.homabayassembly.go.ke/sq/ansdsudsemea Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 170.10.162.193
Date UQ / IDS / BL URL IP
2023-01-25 12:59:54 +0000 0 - 0 - 1 homabayassembly.go.ke/agriculture.zip 170.10.162.193
2023-01-25 12:59:54 +0000 0 - 0 - 1 homabayassembly.go.ke/BACKUPHOMA.zip 170.10.162.193
2022-11-29 20:32:26 +0000 0 - 0 - 17 www.homabayassembly.go.ke/sq/ansdsudsemea 170.10.162.193
2022-11-28 16:51:54 +0000 0 - 0 - 1 urimlimited.co.ke/wp-content/plugins/js_compo (...) 170.10.162.193
2022-11-12 23:38:51 +0000 0 - 0 - 6 primetelecoms.com/wp-content/fabrikoid/welt_u (...) 170.10.162.193


Last 5 reports on ASN: STEADFAST
Date UQ / IDS / BL URL IP
2023-02-06 23:55:46 +0000 0 - 0 - 2 a.fbf17cb842e16d4f41b597ad9da38d640f3bf9f526c (...) 208.100.26.245
2023-02-06 21:55:44 +0000 0 - 0 - 1 enfluxuate.org/ 69.162.190.194
2023-02-06 20:24:39 +0000 53 - 6 - 59 jaxbuysell.com/Bank%20of%20America%20Scampage (...) 69.162.186.127
2023-02-06 03:44:13 +0000 0 - 4 - 0 freehostia.com/ 198.23.57.7
2023-02-06 00:49:37 +0000 0 - 10 - 7 verificacionbncr.tk/ 162.210.101.112


Last 5 reports on domain: homabayassembly.go.ke
Date UQ / IDS / BL URL IP
2023-01-25 12:59:54 +0000 0 - 0 - 1 homabayassembly.go.ke/agriculture.zip 170.10.162.193
2023-01-25 12:59:54 +0000 0 - 0 - 1 homabayassembly.go.ke/BACKUPHOMA.zip 170.10.162.193
2022-11-29 20:32:26 +0000 0 - 0 - 17 www.homabayassembly.go.ke/sq/ansdsudsemea 170.10.162.193
2022-11-09 15:22:41 +0000 0 - 0 - 2 homabayassembly.go.ke/agriculture.zip 170.10.162.193
2022-11-09 15:22:40 +0000 0 - 0 - 2 homabayassembly.go.ke/BACKUPHOMA.zip 170.10.162.193


No other reports with similar screenshot

JavaScript

Executed Scripts (38)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (51)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3760
Expires: Tue, 29 Nov 2022 21:34:55 GMT
Date: Tue, 29 Nov 2022 20:32:15 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4585
Cache-Control: 'max-age=158059'
Date: Tue, 29 Nov 2022 20:32:15 GMT
Last-Modified: Tue, 29 Nov 2022 19:15:50 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6745
Expires: Tue, 29 Nov 2022 22:24:40 GMT
Date: Tue, 29 Nov 2022 20:32:15 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 29 Nov 2022 20:17:55 GMT
cache-control: public,max-age=3600
age: 860
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: zmRe/B1mACZ9o/7asWW+0PFS/jPP+hLvxlqk9zT2sabDzZQr8PiEJpUWu4dkX5ASIysMgf5ZM3j7vyEgKQ+Bcg==
x-amz-request-id: N4MDGS8ZYE178WK9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 29 Nov 2022 19:45:35 GMT
age: 2800
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 29 Nov 2022 20:32:15 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 29 Nov 2022 20:11:13 GMT
cache-control: public,max-age=3600
age: 1262
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /sq/ansdsudsemea HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         170.10.162.193
HTTP/1.1 301 Moved Permanently
content-type: text/html; charset=UTF-8
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
set-cookie: __wpdm_client=a59f007fbf3384ccc33cc586d5d348f0; HttpOnly
x-ua-compatible: IE=edge
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://www.homabayassembly.go.ke/sq/ansdsudsemea
content-length: 0
date: Tue, 29 Nov 2022 20:32:16 GMT
server: LiteSpeed


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5450
Cache-Control: max-age=137122
Date: Tue, 29 Nov 2022 20:32:16 GMT
Etag: "6385cba8-1d7"
Expires: Thu, 01 Dec 2022 10:37:38 GMT
Last-Modified: Tue, 29 Nov 2022 09:06:48 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KdWg//vWNmOjbxC+4zgdyw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         34.210.150.237
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gwv77SQluJF2DaOWyyiKedBMnrU=

                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Mon, 04 Jul 2022 12:10:37 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10946
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   10946
Md5:    d45207ee05c1f0c57dfa075e61405ccd
Sha1:   a8d35143a2d828a739ea0fdde75f97d33621e7ec
Sha256: a9a4adbbcee31ec277f1bdd573eef97dc4341f29f2db3b5685a02dfe4d2fe9bb
                                        
                                            GET /wp-content/plugins/bsk-pdf-manager-pro/css/bsk-pdf-manager-pro.css?ver=1.9.4 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Wed, 18 Nov 2020 14:22:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 620
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   620
Md5:    558b401dfaf3539b7e5afcac3216bf41
Sha1:   e73cb7f7f2c42391d0a89caf18d26da73a675047
Sha256: aa6a53368a4944697101fd5895957bf537fdc613dce9603cd605d959944c8d2c
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Mon, 11 Oct 2021 09:40:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 848
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   848
Md5:    c962ba8e7d42ff9da18392b41dad5151
Sha1:   7b89bc5e6ad161df2e6d7f7fb3ad894aa04b827f
Sha256: 322a4949c5bdd82eb80c13bbbd407ce30a7ad226685c54270d246cb6960e524e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 20:32:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3818
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 20:32:17 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3818
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 20:32:17 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3818
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 20:32:17 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/plugins/download-manager/assets/fontawesome/css/all.min.css?ver=6.0.3 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Mon, 22 Aug 2022 02:23:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 20187
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65317)
Size:   20187
Md5:    98f370c7374fe831200dc07921d1ac5d
Sha1:   8d9dbb63510ec3bccfc44e52160c0e66c32d145a
Sha256: f4e76bb321b1135ec0c80c59d68bc3fe2b8007ef9fad7c45ca3b82a86527481f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3818
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 20:32:17 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/plugins/download-manager/assets/bootstrap/css/bootstrap.min.css?ver=6.0.3 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Mon, 16 Aug 2021 04:00:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8981
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (57835), with no line terminators
Size:   8981
Md5:    facb99baf7752b3e68995289f018e533
Sha1:   594e838584f82eb535b113aed8a42263126a1f9f
Sha256: 13c8ec13de2278e57f740e8e8506733f76b900742b35f7ad993fa9f8710b4c68

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3818
Expires: Tue, 29 Nov 2022 21:35:55 GMT
Date: Tue, 29 Nov 2022 20:32:17 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/plugins/download-manager/assets/css/front.css?ver=6.0.3 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Mon, 16 Aug 2021 04:00:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11363
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (482)
Size:   11363
Md5:    5eb37e7bb261b31e1b541d682fd26cf0
Sha1:   31ceb1922e7e44a403fad5d55235cab6c1f4b7de
Sha256: 85044b11b1b54a9a1ff72e6ab62212276b08dfacb5d1a453c7e0549032d16fd5

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabddece8-6c4f-4cb5-9041-4d427b16b826.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4417
x-amzn-requestid: 01de83c2-51d2-4329-98f6-09a0edf46942
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnGEcRIAMFaXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852960-34583b6c588a0e937fcfaa46;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wqEe45jzMOryT-E-vThc39-cLiZudKF4gn6cS3LBmeaJ2amJF5GPIA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:46:54 GMT
age: 81923
etag: "e2b4d2e15bb7c086333c0da438873e4c139ba931"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4417
Md5:    a2a5c8d4113d282600462749315f2c4f
Sha1:   e2b4d2e15bb7c086333c0da438873e4c139ba931
Sha256: 9b5d0e5dd11d4cbf1c78a71730cd63544170c91ab635bf3cf917827ac84874e6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5e6403-f1a3-4b44-a62d-0e47d56bb08e.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4916
x-amzn-requestid: b8c80a6c-e3f1-4f20-beb8-27b0af760692
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cPYcrELFoAMFaeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6382d450-155cfb365525173c0ede8adb;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 03:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Twtw6dO3pjTB9OLi0HliKKCDgCuHRqgtx4PFTczrZQ9f8JztgXZoSg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 03:18:11 GMT
age: 62046
etag: "2e3f7326aeea6be8a34bf2c39b34862c07bfdc41"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4916
Md5:    83c1fedec73299637cc7dc47c48af758
Sha1:   2e3f7326aeea6be8a34bf2c39b34862c07bfdc41
Sha256: 1fea143e23bb0156062f4c06569824900a67ed83cb99fd635d4c4ab968dc65e9
                                        
                                            GET /wp-content/plugins/piotnet-addons-for-elementor/assets/css/minify/extension.min.css?ver=2.4.20 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Fri, 16 Sep 2022 09:16:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 307
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1115), with no line terminators
Size:   307
Md5:    12219dec8d30c07b04286dcd3a786d39
Sha1:   a7187cbab8a655f52c87c5ed3673d040afb9c5eb
Sha256: 4a81c2ee0b76abbc46dd7a5cb95620ac3c6caa4f2123a3ef6598963bdc2276d1

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.6.4 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Wed, 18 Nov 2020 14:22:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 9182
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (5178), with CRLF line terminators
Size:   9182
Md5:    ca1bf7af523e8f67174471206052065b
Sha1:   b1c7b802424c420557f0d2402d18f5102597bb5a
Sha256: 1180fc8cf713f1ce658d42c93be46ed41c0a948c9d3104c0bbf1f121fdc19ce4

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/oceanwp/assets/fonts/fontawesome/css/all.min.css?ver=5.15.1 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Wed, 01 Sep 2021 09:06:47 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12380
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (59158)
Size:   12380
Md5:    7dce648d28c2ca91d5543f1657432fbc
Sha1:   1ebcc78e1d7806dab610a4b3d47dadbcd0215e3c
Sha256: 8b2199af0476ad851316120a11948ccff52a19600ae5c4f95d859b929a0e0729
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F955ba04e-80cb-43a1-bc6a-3e502a79144e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9546
x-amzn-requestid: 60e352b5-ab38-4975-bf26-500f0a639a2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFfulExwIAMFzQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637edff6-1364912f7fd292da6453a83e;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 03:07:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qtRAIXoswvTgNWZzaQE1WHZQXoJRtK9nKpusFtXH3pDRHH_DZtsLFw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 07:16:35 GMT
age: 47742
etag: "373c96c2e0006d70954d4b4ebd850f62f558e92c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9546
Md5:    9a6e5f60b87d3879606a6707feb37a73
Sha1:   373c96c2e0006d70954d4b4ebd850f62f558e92c
Sha256: 1ae48f692f44d357e21eec708b46f22c36a3de21be8d0f1c2035d197e0aa89de
                                        
                                            GET /wp-content/themes/oceanwp/assets/css/third/simple-line-icons.min.css?ver=2.4.0 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Wed, 01 Sep 2021 09:06:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2313
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10927), with no line terminators
Size:   2313
Md5:    64f6237567e3cf8796295343039a352e
Sha1:   e4af3e6ae53c4c41828057b729b443dd158111ec
Sha256: c558229bb9505d28966ba3ad6daa109310112c4fa01997291aea288abf2e5573

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10176
x-amzn-requestid: c2231955-5c78-4073-8399-b8b90f1add78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMo3oHpSoAMF5Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bb63-55a1cb004ac73c8b02f2fb8d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:08:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uGocx-Lv8ieJVvICjnTGQZyzaQzjVdICX2RZaNyBTQvUKeIcNxaCJQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 04:49:50 GMT
age: 56547
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10176
Md5:    03014221d7f49b50ffc2d1b0a0e75457
Sha1:   772d86ad983042a728ee3490630a9cf1134ad0dd
Sha256: 81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 22:01:55 GMT
age: 81022
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9430
Md5:    1f434933b5bd6377d299ada22d1ae7ef
Sha1:   075531f525e625b117b2497f31139c9824d0e9c5
Sha256: b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe059c7ce-454d-453b-aead-18fae338f84c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4871
x-amzn-requestid: e2dfa7b8-ded7-4104-a913-1b84746a3c6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLDUUEy_oAMFgSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638118e8-0b229e0f60ff019d26800dd9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 19:35:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qh3WqWdBmMG3fzchn3OvxbEpwm2wl_CXi105CL4uJda47N9ZX3CyLA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 09:01:36 GMT
age: 41441
etag: "d0dff35eb78f129b5da407043037bcf9c27e55c0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4871
Md5:    a4058fd62595d15c58b3d3266de9865a
Sha1:   d0dff35eb78f129b5da407043037bcf9c27e55c0
Sha256: ab996c23d58871a2ad53f0c34688c87f0d7c0eac5d0c1d8265b86951248449fe
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 29 Nov 2022 20:32:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/tablepress/css/default.min.css?ver=1.14 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Tue, 31 Mar 2020 14:36:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2016
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5092), with no line terminators
Size:   2016
Md5:    f13e1637411c99de7b2ffd9f9a0d4556
Sha1:   f7b837efa8147941b89a06978a3a918c1feb90a2
Sha256: 19891fc9eeecce9fef6583a72ccb9f3bc2d213a67b9bc4ae481b69d2e4206ec3

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.7 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Tue, 20 Sep 2022 14:50:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 741
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (13766)
Size:   741
Md5:    77fd2796ca14b11a4dede61cfa34609e
Sha1:   8296a2cebbdac0347b509c3e1d7246526a06bd3a
Sha256: 5d3b09a1871a41d1210bf06dfb2c0c38ab0e68f2ef7cbfca8b5776b1eda22575
                                        
                                            GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.3.2 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Tue, 14 Jun 2022 06:21:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 708
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3432)
Size:   708
Md5:    f3ca6b9879df2ed966ae1150f3353baa
Sha1:   03c9aa5c941faad5f1efb4aa66ff623220f697ab
Sha256: f33030c0a254c90f0fc701442b0468c882d105c44f20923696747cc09e7709cd
                                        
                                            GET /wp-content/plugins/ocean-extra/assets/css/widgets.css?ver=6.0.3 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Tue, 09 Aug 2022 08:01:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6210
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (51619), with no line terminators
Size:   6210
Md5:    20db916d10cfc8745d24a4d19a0f73aa
Sha1:   06e047ebe7c9ac50d2fd0f71a9e8388539e308db
Sha256: 9f11208676a929159b38acfb84e7ddd9b2dc01b359d5f4207be745cb3abb16b1

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/clever-mega-menu-for-elementor/assets/vendor/font-awesome/font-awesome.min.css?ver=4.7.0 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Wed, 18 Nov 2020 14:22:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6656
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (30819)
Size:   6656
Md5:    4a3a99f3bbc11138c5e078e4f78893b1
Sha1:   540385f21ed3dfba9444b04c55a44ed5f0027caf
Sha256: 182faef2e0c0f081207e8eebf656ee9a738bc5463fd04abc7821407b0e46446c

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/clever-mega-menu-for-elementor/assets/vendor/cleverfont/style.min.css?ver=1.9 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Wed, 18 Nov 2020 14:22:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2445
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15520)
Size:   2445
Md5:    5f204acaa375639149ba6ff1097de15f
Sha1:   697038b591def8bae3928407bf5a0592756e4d13
Sha256: 30b892209ac1ab42ce1e7a35b3ecfc3ffd7117ba2e30f916c6b3d9252edddf68

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/clever-mega-menu-for-elementor/assets/frontend/css/default-skin.min.css?ver=1.1.2 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Wed, 18 Nov 2020 14:22:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2615
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (20540)
Size:   2615
Md5:    3b95051a440880c2789491795d0c8d88
Sha1:   beceee381cce23e708fc144a179e70e074ca3b96
Sha256: b01fd885f801a23d903847061b757b0ead78197e5013a7a1f8d29bf7e9c9a909
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3995
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   3995
Md5:    7e058b51f939eacfa31cdface14dded5
Sha1:   9d732e5afdeb42edef9e1b9631b7e95e054787cc
Sha256: 4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/bsk-pdf-manager-pro/js/bsk_pdf_manager_pro.js?ver=1.9.4 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Wed, 18 Nov 2020 14:22:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2946
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2946
Md5:    6c0e5221e5ac6568de39c1310f4b0a8f
Sha1:   9a5f88b5b4990b686a15e9932d609ca5d1e9c96c
Sha256: ca544c58a56cb46cc9d9a84957d5ae8f80b1ee804f0d1dd04f5de91b47a3ae91

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/download-manager/assets/bootstrap/js/popper.min.js?ver=6.0.3 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Sun, 04 Jul 2021 08:09:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8512
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21084)
Size:   8512
Md5:    e1e57dce1086ad3cd1b0218b2d8121b9
Sha1:   bbb4b164484d5be83d4054e0f3c9e77f1763ebde
Sha256: 26207d198ce9965d637cf22833fe59c336aa6817192c3e1c5576546c0681b5d4
                                        
                                            GET /wp-content/plugins/download-manager/assets/bootstrap/js/bootstrap.min.js?ver=6.0.3 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Thu, 09 Dec 2021 07:00:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 16035
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (62161)
Size:   16035
Md5:    ce7c35c419259185f083c2639a81dee1
Sha1:   b6ab44a1a3f03c9e6f90ab4b67223def96e13353
Sha256: 1777941dce72825dc5bcb33793ec85128c1cb872a29197c1cead46836997b761
                                        
                                            GET /wp-content/plugins/download-manager/assets/js/front.js?ver=3.2.57 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Mon, 16 Aug 2021 04:00:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11500
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4122)
Size:   11500
Md5:    03601cdd930c2cd580b1db55a4c0a556
Sha1:   e1c08f6c697250b3e19646c48ccfed8f01fae456
Sha256: 62f16d3b877cf266f832752deb246a7e9f0eb2508b4a71edec9252e83727db4b
                                        
                                            GET /wp-content/plugins/piotnet-addons-for-elementor/assets/js/minify/extension.min.js?ver=2.4.20 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Fri, 16 Sep 2022 09:16:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 21826
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   21826
Md5:    7bbf2819adfa5c6dd0abb260048f9a73
Sha1:   09fc5d9874b16c8d05936d5241bc81bc8799cb12
Sha256: e9cd209c58f7ca9cf6b0f088ff76d603cbddeeb8350e0260980242446715e70a
                                        
                                            GET /wp-content/themes/oceanwp/assets/css/style.min.css?ver=3.0.5 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Wed, 01 Sep 2021 09:06:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 25248
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (65531), with no line terminators
Size:   25248
Md5:    77b953e04729ed7e63624a17c8ac1f9a
Sha1:   a556f8770bd6d51313eba2de2fa4894672e8497a
Sha256: 4c7e8c020ce4ebd7f627af4175663a2df019ea5225fe15f572ac275c1f9f9ba0

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.7 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Tue, 20 Sep 2022 14:50:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18716
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65497)
Size:   18716
Md5:    278d9eebcf978a3873f8852c777e0007
Sha1:   04645a5b1d5c0c50c52845c77ada20c1b8f1128a
Sha256: f0de59c1b368c69da14f817050951ffb233915f4fcb172c1f07ec3b0dd2cccd4

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/sq/ansdsudsemea
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         170.10.162.193
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 06 Dec 2022 20:32:17 GMT
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30273
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /sq/ansdsudsemea HTTP/1.1 
Host: www.homabayassembly.go.ke
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         170.10.162.193
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
set-cookie: __wpdm_client=a59f007fbf3384ccc33cc586d5d348f0; secure; HttpOnly
x-ua-compatible: IE=edge
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.homabayassembly.go.ke/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding
date: Tue, 29 Nov 2022 20:32:17 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /css?family=Rubik HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.homabayassembly.go.ke/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 29 Nov 2022 20:32:17 GMT
date: Tue, 29 Nov 2022 20:32:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---