r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c7a8ba48383a0e56baca8c8c41b81a04
b04c1f1e730a71f17ff639c9db697c532d4e5421
7860552382285e6eddddc5226c6f6400caa3f6fc3cb4b8a2d550c6fc653f78bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7860552382285E6EDDDDC5226C6F6400CAA3F6FC3CB4B8A2D550C6FC653F78BB"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19764
Expires: Mon, 07 Nov 2022 00:22:11 GMT
Date: Sun, 06 Nov 2022 18:52:47 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 05978511215be8462d0b69e33b3a91a3
61535ba131d547f1c5108d9e7763ee3fc8d8c824
cfdbf0f9e88e3c1ae8eb03e46c352633a75d4b2edbfbd57c1c6b52ff1623a109
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6483
Cache-Control: max-age=149179
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 18:52:47 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 12:19:06 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 05978511215be8462d0b69e33b3a91a3
61535ba131d547f1c5108d9e7763ee3fc8d8c824
cfdbf0f9e88e3c1ae8eb03e46c352633a75d4b2edbfbd57c1c6b52ff1623a109
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5043
Cache-Control: max-age=147739
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 18:52:47 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 11:55:06 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d8c32b2fb818533a5b3fe5c69157bde9
93594fd3fc50d9d444c28660eabba1edbe4f0588
df8b8ce7a83d11fbe075c8780103c509654f288b5d757d64b696d861a11f3c7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF8B8CE7A83D11FBE075C8780103C509654F288B5D757D64B696D861A11F3C7F"
Last-Modified: Sun, 06 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12311
Expires: Sun, 06 Nov 2022 22:17:58 GMT
Date: Sun, 06 Nov 2022 18:52:47 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
Alt-Used: 0
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 06 Nov 2022 18:43:19 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 568
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: u0eV6JhUproQCdwZVhcuPnoE3UJWtOsxNPM6FCIPsIp13Mka2U4Bu7w4tH251PicDbr/LZeYTrw=
x-amz-request-id: 4S7KZN2TGBB4TFKH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 06 Nov 2022 18:47:44 GMT
age: 303
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5b9bfea319e07f7f45f5d5292cef3c1b
5662c01912c0c4bafd0a0afc8e00e6755ebee6e9
03143c56caaf3e2f6b5d21a21b6311881c1af655d7bd13b07961637dd1fe3d25
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03143C56CAAF3E2F6B5D21A21B6311881C1AF655D7BD13B07961637DD1FE3D25"
Last-Modified: Sun, 06 Nov 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 07 Nov 2022 00:52:47 GMT
Date: Sun, 06 Nov 2022 18:52:47 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d862f992e9902530594e7aca425f129b
25b414fe833d30b52928535d659a1ee281b82e3a
0c6286152fe8bb5fdf1505f2001d530a65ee53aa6d9601bbb1eecb683036071d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6568
Cache-Control: max-age=144211
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 18:52:48 GMT
Etag: "6367792b-1d7"
Expires: Tue, 08 Nov 2022 10:56:19 GMT
Last-Modified: Sun, 06 Nov 2022 09:06:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.189.35.180101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.35.180:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zCHDgSp3MHXJxuHBDiIIlw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: u54TVG4ITm+qT84tMyj3XC/4mU4=
assurancessdchemical.com/vlo/index.php?e=qbot.zip
185.185.85.130301 Moved Permanently 0 B URL HTTP/2 assurancessdchemical.com/vlo/index.php?e=qbot.zip
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vlo/index.php?e=qbot.zip HTTP/1.1
Host: assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
server: nginx
date: Sun, 06 Nov 2022 18:52:48 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/7.3.33
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12832
Expires: Sun, 06 Nov 2022 22:26:41 GMT
Date: Sun, 06 Nov 2022 18:52:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12832
Expires: Sun, 06 Nov 2022 22:26:41 GMT
Date: Sun, 06 Nov 2022 18:52:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12832
Expires: Sun, 06 Nov 2022 22:26:41 GMT
Date: Sun, 06 Nov 2022 18:52:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12832
Expires: Sun, 06 Nov 2022 22:26:41 GMT
Date: Sun, 06 Nov 2022 18:52:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12832
Expires: Sun, 06 Nov 2022 22:26:41 GMT
Date: Sun, 06 Nov 2022 18:52:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78f88d98-b52b-4ad1-8cfc-e60fd17b46e0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78f88d98-b52b-4ad1-8cfc-e60fd17b46e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b370c4e3b01be9fbbc3e310e6958cd55
cc22e90a0b476215f2fd864d84c9b00dded100a6
f54d90c5854b6f140b63dad3aa92bd858b8f360b8c77d50fdf344e813e9385c5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78f88d98-b52b-4ad1-8cfc-e60fd17b46e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11535
x-amzn-requestid: 0a1d9895-e2e3-4070-921a-736d8c6f254e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJatPGwjoAMFx8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d7ee-101a7f3a2b834d0b411c9de0;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: j0I2JcPIptLTJZlwg8QG7kkTE1eCvZiBDzi6j2YYqNwvawJ6k2CqHQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 21:48:50 GMT
age: 75839
etag: "cc22e90a0b476215f2fd864d84c9b00dded100a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7220419a-cf8c-4056-a522-11012e67cf32.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7220419a-cf8c-4056-a522-11012e67cf32.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa77f05b1af971db287607d9d9a30e0f
276f1493d6da74c8fa3ef83dee77bf48850ff4b4
005d0273b7fe7b68081d1db630df9444c4082140be87c34f3e9e5fb7db9a4160
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7220419a-cf8c-4056-a522-11012e67cf32.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14415
x-amzn-requestid: 9eadfbeb-38b2-483a-894a-375e00f646dd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJabgHcMoAMFTLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d77c-104fa5e61c64aaf230ffb045;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:37:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: zwi4Hg5iu5MB4zr0EFVhTRAvrnN2J1GnY31mOvlXJW0E_cgQu1gmgA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 22:12:38 GMT
age: 74411
etag: "276f1493d6da74c8fa3ef83dee77bf48850ff4b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5cee1982-fead-41ba-9720-19ae491d0af1.webp
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5cee1982-fead-41ba-9720-19ae491d0af1.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3929fb3c2f0dad9409e9b247ab891518
b8f906e9e3c3addf73e2d387c7238dc1ffe0bb28
64822bf90b140698a0043ea76542823a55daf3bb6ad1b6b3ba972c7fbb256bb5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5cee1982-fead-41ba-9720-19ae491d0af1.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8309
x-amzn-requestid: 377e4474-c2ee-4477-be4b-18d264ca9aa5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJbgwH23IAMF3kA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d937-7692bcd1131d9749085800b0;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:44:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JK-yLq7PeMFrcv4opjTjHprEUQ8IIBuHPzhz0ttxQx9GYdBY1EauBA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 22:17:07 GMT
age: 74142
etag: "b8f906e9e3c3addf73e2d387c7238dc1ffe0bb28"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff56714e2-704b-4327-92b2-54e71d0c4d40.webp
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff56714e2-704b-4327-92b2-54e71d0c4d40.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dcc79e66d1e21452efb26d26650f6739
1f727a7ea032082658944cf4041686446fb6b5f2
af1fe8de442a365a108d5c03f0d3ae8b0beb1abb4f267a46979f9c885ee026c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff56714e2-704b-4327-92b2-54e71d0c4d40.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8961
x-amzn-requestid: 3a50374d-d90e-452e-bb89-82ca14c94b52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJarpGtqIAMFkPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d7e3-55c356475fb64e6625a338c7;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:38:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Ry_OKFFZDdDoVya2hTxnFlDGtgoSw0JRqieDnCO4mSNFbgV-AuLE5Q==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 21:44:33 GMT
age: 76096
etag: "1f727a7ea032082658944cf4041686446fb6b5f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 6dc7dc5c-88e9-4550-abf0-f16965ab7cd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bF_38GKXoAMFwSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636579cc-28ea4125437c31cc34683fb7;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 20:45:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cLOqm36ioY751X1yA1WcQpaXiFYuvzFn8xLQ56MyDTpvi1J4Ruvc9Q==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 06:27:59 GMT
age: 44690
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8df47f1e-c13a-452f-b0e2-28c141dbb191.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8df47f1e-c13a-452f-b0e2-28c141dbb191.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b18a8c9f5539ce33476f843f5811e01d
11d1f2ce72d2aa6686c79f777cd0bdb4ddeb681b
fc20e507eedccb52078979f2132434b11b9d50d917cab512d8e0c99515b1236c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8df47f1e-c13a-452f-b0e2-28c141dbb191.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7573
x-amzn-requestid: d56e7b27-f2cb-4cd3-9f67-ba18d1bfe270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bDkhGHmjoAMFxxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364813a-3a1c18b13c41f38673890b00;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 03:04:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c-u9tBFoIve3sEwtbUvIFZoPu6eudy3ZFQi8j2m9mTPNEarihTvddw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 05:31:43 GMT
age: 48066
etag: "11d1f2ce72d2aa6686c79f777cd0bdb4ddeb681b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=7.2.1
185.185.85.130200 OK 4.9 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=7.2.1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (4933), with no line terminators
Hash e372df47bd19e1563b557d7bdb817188
4efdf4050a78bdbd88aa255955b7423105895dd0
4b7693154069c53a16468d09d89c9eba5da6c0dfc69cf4d7eb675e32ba663361
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=7.2.1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 4933
last-modified: Fri, 15 Apr 2022 06:36:52 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1
185.185.85.130200 OK 95 kB URL HTTP/2 www.assurancessdchemical.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (47826)
Hash 4cdcd4a2c77fccb74825eaf2d6733091
00d4ad404f681af9044bb4cc6ed5e2e9f641cc4a
187af6783dd59cd3b9dd90e77b3daa1509c1c3c18f5ce5d6fe2133f9bc3828df
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 94821
last-modified: Wed, 02 Nov 2022 05:35:44 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-includes/css/classic-themes.min.css?ver=1
185.185.85.130200 OK 217 B URL HTTP/2 www.assurancessdchemical.com/wp-includes/css/classic-themes.min.css?ver=1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 217
last-modified: Wed, 02 Nov 2022 05:35:43 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 3ebbd65a2bdd5c6f3dea5a6b99b25f0d
484be27b25b736a7e7e2b1d5ef9760aecdcec01b
5616e6c097b0b7680eeee193b58950faa38c9792e8793c16c315e2554a34cdd1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 18:52:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/fonts/flaticon-finbuzz/flaticon.css?ver=1.4
185.185.85.130200 OK 2.0 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/fonts/flaticon-finbuzz/flaticon.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Hash e94a5418f3f7431e0adf92938b691f5e
efc037a16947901960f2a1910ddee82422177346
9aedea08f14dbb7122e107c7ae90e40a34e35e35f5d5ae864c71f53648a1a731
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/fonts/flaticon-finbuzz/flaticon.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 1992
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/magnific-popup.css?ver=1.4
185.185.85.130200 OK 7.0 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/magnific-popup.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Hash 30b593b71d7672658f89bfea0ab360c9
d6963db6faa9294387bb3175813a61bc3f859437
45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/css/magnific-popup.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 6951
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.4.0
185.185.85.130200 OK 18 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (17809), with no line terminators
Hash 1ddf23fcfd1b2941c456ce01da8180a6
156ef5cc77061010e3f4123a47fa415c6391e5ff
dd18a408a35aa5d393458657eb24fb56ab754ece3f88bd78a038e5793d3f6991
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 17809
last-modified: Fri, 15 Apr 2022 06:36:52 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=6.4.0
185.185.85.130200 OK 63 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type Unicode text, UTF-8 text, with very long lines (62753), with no line terminators
Hash 979b8b56e801469d95453055366ef54c
cb8a0bb5f00fee130a289ea4dfafc00fa53e1c04
d3322ccb3912f7a9485eb1d75971fd5e1eb49c6575ff5ad985fb5496333e8c8b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 62755
last-modified: Fri, 15 Apr 2022 06:36:52 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/default.css?ver=1.4
185.185.85.130200 OK 14 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/default.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Hash 5e7c5dd2bd3b5ec1544edad1bf007225
d3be6650aa07d6f2230c12801d297415e78b0b21
1f3fbeeb21abdc1ac603c3ed09087df085746614d61f694ef2087539423e170e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/css/default.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 14339
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/font-awesome.min.css?ver=1.4
185.185.85.130200 OK 57 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/font-awesome.min.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (57150)
Hash e3b8b563e36cda2dda793d662396d56b
799e3b1aec0f18be7a1c695cc80f83341b85db42
f479c8026856fbe9aebc9234a1322f9eb81796a312b3c45944c4329f1fdbc52a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/css/font-awesome.min.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 57336
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=7.2.1
185.185.85.130200 OK 212 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=7.2.1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Size 212 kB (212343 bytes)
Hash 5dcf0b1b1a3d81ef28b5750cdc76c5f6
abfe501a8db645c8dbc11ac81d1d1cfbcf2919e7
a16126f4cfb8aa52abb2c0b12e588c84708da95e2426e16477dd8f42b61b96f4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=7.2.1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 212343
last-modified: Fri, 15 Apr 2022 06:36:52 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/bootstrap.min.css?ver=1.4
185.185.85.130200 OK 164 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/bootstrap.min.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type Unicode text, UTF-8 text, with very long lines (65306)
Size 164 kB (163873 bytes)
Hash 94994c66fec8c3468b269dc0cc242151
ec16bd19bf4ae9bc2e2336ac409a503bbbdaacad
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/css/bootstrap.min.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 163873
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/rt-animate.css?ver=1.4
185.185.85.130200 OK 2.7 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/rt-animate.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with CRLF line terminators
Hash cbeec5af233ff98a7904973f0ae7d1aa
4e5db649b501b95ac87a73c3b90a7c964c466fa0
9cf336b950eb6b2ba4e59f12236f67e057c1c0350036a2f552f7a923156385bf
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/css/rt-animate.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 2669
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/element/shape36.png
185.185.85.130200 OK 1.3 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/element/shape36.png
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type PNG image data, 24 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash b568edcb8208c56318f263d31bbbfcb9
29d4326979f2b29610be0bc1ccd2d17f70da0551
aedb7808d8a57164dbc1bd8049cc0fae4be10f6132908a0dd4d13addc5e914b0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/element/shape36.png HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: image/png
content-length: 1294
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1
185.185.85.130200 OK 19 kB URL HTTP/2 www.assurancessdchemical.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (15660)
Hash 32beb68a374e3aeac00abdf9e12b84ea
b5d18aa625e8696dd9d07cd0869337717b211ae0
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 18617
last-modified: Mon, 06 Jun 2022 13:22:35 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/element/figure78.png
185.185.85.130200 OK 785 B URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/element/figure78.png
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type PNG image data, 185 x 56, 8-bit colormap, non-interlaced\012- data
Hash 217eb5ae96622f42aa0ba9ad9c6cb544
30d62311b78d6b02d7ad1d0ea282df43248d334d
a302e62b2856cb41bec1f245bf663b9b487a2e602853d909df9a2c85c8cab5d5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/element/figure78.png HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: image/png
content-length: 785
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/uploads/2022/04/K-3.png
185.185.85.130200 OK 5.1 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/uploads/2022/04/K-3.png
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type PNG image data, 152 x 45, 8-bit colormap, non-interlaced\012- data
Hash 2d8c74de6b59b3149f459f6ff9de1807
77d50fbb24410b95e7a6bcd69dd2dedd6707350d
e86fd71cd0723268572c2807090a1d638e56e7b9097eed2d173d7b26b1293b62
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/04/K-3.png HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: image/png
content-length: 5054
last-modified: Fri, 15 Apr 2022 13:14:30 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/img/404.png
185.185.85.130200 OK 9.7 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/img/404.png
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type PNG image data, 684 x 327, 8-bit colormap, non-interlaced\012- data
Hash 7a336f9b3e3089503b5f91a899eab659
33b72695a86c3ae87778e95acc103b1f719fd564
14edb787a4be083c9be5a4fbc3033c1cddef5f6622c741b66b1b928b1b30f6b6
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/img/404.png HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: image/png
content-length: 9733
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.4.0
185.185.85.130200 OK 9.5 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (9139)
Hash 87c54edf7dad7dfdfde015f6eee45ff1
96ec1a06ea3093c47e1e2fc4444ada7f4456135d
ef22199864042b8ceeee3729f3254c140df7217364045737ca3aadf8434fb3da
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 9533
last-modified: Fri, 15 Apr 2022 06:36:53 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.4.0
185.185.85.130200 OK 3.0 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type HTML document, ASCII text, with very long lines (3037), with no line terminators
Hash 8bc2109ef48cabf7a26b73d7c3536c5f
0e0dfee3a3975eafc3dd55f190d1deb3c6c55d3b
8634aa7a3ac0bc6d359b458c8922e9d3269f64c1355b329bfe215beb12773af8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 3037
last-modified: Fri, 15 Apr 2022 06:36:53 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.4.0
185.185.85.130200 OK 1.8 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (1668)
Hash d0a6d8547c66b0d7b0172466558d1208
ff93916519c7b9483251f609e4d29f38c30a66e3
3b1384ff918d4b7f95f9ee5c8fc388203dedff7344d3d96598c9562162788612
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 1834
last-modified: Fri, 15 Apr 2022 06:36:53 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.4.0
185.185.85.130200 OK 2.1 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (2139), with no line terminators
Hash b72c1cbb1530a011a27bd9800f26765a
27b825c5d8255f33b8427a059d4545ebd65e1746
a256fccecac3b32ab73c91d79a18747519a1a18023be05465c933b03523a82e8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 2139
last-modified: Fri, 15 Apr 2022 06:36:53 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.4.0
185.185.85.130200 OK 2.9 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (2938), with no line terminators
Hash 0fd625c3991a4015814cffdc88e2fc82
d7c2f53e058210ff3ea773297641008bab71a5f3
2d022db650d194d935faea46a40e5512235b43bc3f8b181e32ce6d3dd745f4e1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 2938
last-modified: Fri, 15 Apr 2022 06:36:53 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/animate.min.css?ver=1.4
185.185.85.130200 OK 61 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/animate.min.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with CRLF line terminators
Hash 91787bc3178407a13b40e02d552d077b
ecfe33beace5cce63725e2f04393381069894caf
c075c209092b70f5f8a28931c580726d1c4f5be8b55faeed3e1d5fcbd77be531
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/css/animate.min.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 60833
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/element/figure79.png
185.185.85.130200 OK 1.1 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/element/figure79.png
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type PNG image data, 223 x 109, 8-bit colormap, non-interlaced\012- data
Hash f1a97f95b6bf19a961901214e787b9f1
b3574916d69ce4e46c78a5c413f6132dece99772
629c12c98f0833be2234e9bb5185240a8305eb0749d960fa676ed045deb6be12
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/element/figure79.png HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: image/png
content-length: 1077
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.9.1
185.185.85.130200 OK 5.4 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.9.1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (5357), with no line terminators
Hash ea2c0997db10af141fd67e9a5689892f
885d02d0adfdc9b216fe1fcc3a194bff0c0d707c
ae0edaba39248f48071235ee4eb4bfe7f48177465d492f35608c3165d4de82f9
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/click-to-chat-for-whatsapp/new/inc/assets/js/app.js?ver=3.9.1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 5357
last-modified: Fri, 15 Apr 2022 12:10:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/isotope.pkgd.min.js?ver=1.4
185.185.85.130200 OK 36 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/isotope.pkgd.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (32019), with CRLF line terminators
Hash 5fb7c19c9c51cfb99f5ff942629f0f21
14c7f59e73d2a99aa688c2443a9a9b24acbff43c
a931e5af561b1f0efaf6cdb96aeac4c035c30756dd6edd1091da1a68747d35bc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/js/isotope.pkgd.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 35456
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 3ebbd65a2bdd5c6f3dea5a6b99b25f0d
484be27b25b736a7e7e2b1d5ef9760aecdcec01b
5616e6c097b0b7680eeee193b58950faa38c9792e8793c16c315e2554a34cdd1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 18:52:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/bootstrap.min.js?ver=1.4
185.185.85.130200 OK 59 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/bootstrap.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (58940)
Hash 259e416ef6833be43801b8b68a93b008
19080c3b817985336aab5e1ce6925c99803f2efd
70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/js/bootstrap.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 59219
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
185.185.85.130200 OK 90 kB URL HTTP/2 www.assurancessdchemical.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (65447)
Hash 17738318d61d394f1de8890d589afaec
f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 89684
last-modified: Wed, 02 Nov 2022 05:35:41 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/rt-parallax.js?ver=1.4
185.185.85.130200 OK 1.9 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/rt-parallax.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Hash 24602a6d93cf57e1f1b64fb7123fee0a
38904f27b95d45daf4943fdf103cf11e05b5b23e
e0bf568dffb7867df64321aaa31d0a2d3800854b84976157852414accf394693
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/js/rt-parallax.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 1855
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/wow.min.js?ver=1.4
185.185.85.130200 OK 6.3 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/wow.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (6273)
Hash b69c9aab55bd732fef07d5bf21b0a761
8f25d4efc8103c5aaf4c6f1aebf3453b4ad0b085
0e758efeef1e7112e28bb08bbecb891bfda1a89c9ff4da69a09259418dd7d7ec
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/js/wow.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 6303
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/theia-sticky-sidebar.min.js?ver=1.4
185.185.85.130200 OK 5.4 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/theia-sticky-sidebar.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type HTML document, ASCII text, with very long lines (5370), with CRLF line terminators
Hash 9b7664fe260d1a57a13ca71507b43499
d07064a9d012bae3f256adfa7d021c40793c962c
fb242b5f299cd08ee579ad1b46e13cb235bb595dd10b03fab7dfadfc61103be6
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/js/theia-sticky-sidebar.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 5431
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
185.185.85.130200 OK 5.6 kB URL HTTP/2 www.assurancessdchemical.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (5477)
Hash 3a56752b736635bf69cb069b8818cbfd
42e0951fe74bb3f56a30f51291823bcd4a84d76e
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 5629
last-modified: Sat, 13 Jun 2020 23:23:28 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/main.js?ver=1.4
185.185.85.130200 OK 22 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/main.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with CRLF line terminators
Hash 0b19d6ce320d4856a75c1ceab11a92ab
0588263d0206cc6b723a1f51f1acc1a8ebc51d17
7f60f447e404345cf1c8b5deb25900f66d065c3ee5dbcecdfbee48eed6fe8e37
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/js/main.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 21629
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/jquery.easypiechart.min.js?ver=1.4
185.185.85.130200 OK 4.0 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/jquery.easypiechart.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (3765), with CRLF line terminators
Hash 8d29ed543ea77682ebfaa80d0539977c
fe0ec96dd91247856768db69e172ea2b530b1205
6a2507b941afb2782b6e7c7dc2eb3022e58745d98bd9ccb69116819ffc4af0c6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/js/jquery.easypiechart.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 3998
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/style.css?ver=1.4
185.185.85.130200 OK 204 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/style.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Size 204 kB (203926 bytes)
Hash fa9aaa5534db2876c4e422721153cfe0
dd52d4a0e0f7779b3ac2c7e73e46026c5baea896
b5e76b9c6ef7e64471dcefbf6ce666d9f83664af415d28a0b56057de674ad4b3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/css/style.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 203926
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/jquery.magnific-popup.min.js?ver=1.4
185.185.85.130200 OK 20 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/jquery.magnific-popup.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (20087), with CRLF line terminators
Hash b37d7edf99565d3858eaa1ad80df3cff
786a4343711e9af5e5dfcc493e7d2331b48875bb
b0a45cd5aed66e27bd8ee861d0e3b782c8e79849bde32f90f078b9f2451a36f2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/js/jquery.magnific-popup.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 20219
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-includes/js/masonry.min.js?ver=4.2.2
185.185.85.130200 OK 24 kB URL HTTP/2 www.assurancessdchemical.com/wp-includes/js/masonry.min.js?ver=4.2.2
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (23966)
Hash 3b3fc826e58fc554108e4a651c9c7848
76778fd446e2ff2377588a7b4ac4d79f258427c9
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 24138
last-modified: Sat, 13 Jun 2020 23:23:28 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/appear.min.js?ver=1.4
185.185.85.130200 OK 964 B URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/js/appear.min.js?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (964), with no line terminators
Hash 51abc4b947baae5e46545f0f0ada7eb4
348f8638545bf38e9f319652939bb0c9280d4501
94a8d6d2593de2028174575095e9fdf58a65aecbb4257c021bf11bb882e0254e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/js/appear.min.js?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 964
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/plugins/finbuzz-core/assets/js/tween-max.js?ver=1.20.2
185.185.85.130200 OK 194 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/plugins/finbuzz-core/assets/js/tween-max.js?ver=1.20.2
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (2474)
Size 194 kB (193966 bytes)
Hash 2bd182a93f7eb2ac9e70063c5bb1142a
7fb67a825ef7eea348cca3341e3edd8ff1cfdfb7
28209c3ee7daade032898ba4241760f9a192ceeb5af5befac6f6fca15651b173
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/finbuzz-core/assets/js/tween-max.js?ver=1.20.2 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: application/javascript
content-length: 193966
last-modified: Fri, 15 Apr 2022 07:13:50 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=6.4.0
185.185.85.130200 OK 7.0 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=6.4.0
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type ASCII text, with very long lines (7043), with no line terminators
Hash 456663a286a204386735fd775542a59e
0a61620b88f4ae0fa7d71e2c7a014ea2c3ab5749
a7a83e60e7e3b8cadeed69327ba498b4cd68605db6e408729fa1b946758e7501
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=6.4.0 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 7043
last-modified: Fri, 15 Apr 2022 06:36:52 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c1e4a79ea31678fba02875c75864eff5
6f3f38d7fb7af0eb8c627aef1f69b59198e909e7
f3d22153abaf152438ecb668ad2675e79ac7f7bfb3a346fb98acf067e458a00c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4875
Cache-Control: max-age=165221
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 18:52:50 GMT
Etag: "6367d1dc-117"
Expires: Tue, 08 Nov 2022 16:46:31 GMT
Last-Modified: Sun, 06 Nov 2022 15:25:16 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/img/preloader.gif
185.185.85.130200 OK 18 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/img/preloader.gif
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type GIF image data, version 89a, 90 x 90\012- data
Hash 102039caf835290a60ca6ca241a686f1
27bafbfc667cae7bcc6173a3da8b1d017dbde9b5
b0d4f32e52a0dbcaec99800999a5a134dc4cd20b6394245a6d088ca97ca2bcbf
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/img/preloader.gif HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: image/gif
content-length: 17956
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/img/footer-3-bg.jpg
185.185.85.130200 OK 196 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/img/footer-3-bg.jpg
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x590, components 3\012- data
Size 196 kB (196408 bytes)
Hash 63823ba01366591a8d0d4a4576ff8f77
a65bfad9f50ca5ad596aac414c5c36309e500948
493469e243dd0dbe5ac5909f8d28398f5e68eccb2ac176262a79f7a830d3ac8c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/img/footer-3-bg.jpg HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: image/jpeg
content-length: 196408
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 62a8ce6a2338913103618edb2f4a9dbe
0e0850b1aef6ed524d119a41145112b84c257687
51d11b07f58551b5864fb55d4560d8a2237c2351036de0af7e25c81816763b31
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 18:52:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/webfonts/fa-solid-900.woff2
185.185.85.130200 OK 80 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/webfonts/fa-solid-900.woff2
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type Web Open Font Format (Version 2), TrueType, length 79464, version 331.524\012- data
Hash b3e460fdd8d304a121b44183473d7522
7ad1ee10d7762fa348e20725cf5e669a36a4360c
15809710190c5c2edbf07f0db683ade85fb801f8ff08a2dbb93eea9d0d4e6df2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/font-awesome.min.css?ver=1.4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: font/woff2
content-length: 79464
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/webfonts/fa-brands-400.woff2
185.185.85.130200 OK 77 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/webfonts/fa-brands-400.woff2
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type Web Open Font Format (Version 2), TrueType, length 76576, version 331.524\012- data
Hash 925d825507f5236f25e8bd3b12cf4a8e
c6fd442e10f86c775e287ba2f9bf0c468640d866
cb3c124e6b9a35586f2eb1b20be4074dbca4d821bf52f7ad69e87981ef99a8fd
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/font-awesome.min.css?ver=1.4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: font/woff2
content-length: 76576
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/webfonts/fa-regular-400.woff2
185.185.85.130200 OK 14 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/webfonts/fa-regular-400.woff2
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type Web Open Font Format (Version 2), TrueType, length 13588, version 331.524\012- data
Hash fce8f91f337fd3c887d9279183939246
6e96a5152305607cd7ef195809da4e2a24d353df
021f51aca02ae25bb5e5c28b95ddc2a8149042820c843ded9099ff9e45b68c5c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/font-awesome.min.css?ver=1.4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: font/woff2
content-length: 13588
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:34:08 GMT
expires: Thu, 02 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 343122
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 6dba1915540598e77ae8d73ce49c4b3b
f9c34b678d814548946cafea65b20ff352fb501b
89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 18:52:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 6dba1915540598e77ae8d73ce49c4b3b
f9c34b678d814548946cafea65b20ff352fb501b
89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 18:52:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 62a8ce6a2338913103618edb2f4a9dbe
0e0850b1aef6ed524d119a41145112b84c257687
51d11b07f58551b5864fb55d4560d8a2237c2351036de0af7e25c81816763b31
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 18:52:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
216.58.207.195200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 13052, version 1.0\012- data
Hash 7cf79fbd1df848510d7352274efc2401
5540b5a26cc7dfe25294c4eabe011e2c6cd60143
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13052
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:26:57 GMT
expires: Thu, 02 Nov 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 343553
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 62a8ce6a2338913103618edb2f4a9dbe
0e0850b1aef6ed524d119a41145112b84c257687
51d11b07f58551b5864fb55d4560d8a2237c2351036de0af7e25c81816763b31
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 18:52:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 14:07:32 GMT
expires: Thu, 02 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 362718
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:34:08 GMT
expires: Thu, 02 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 343123
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
216.58.207.195200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 12924, version 1.0\012- data
Hash 4610010f425c140b99c88b6819ce1c02
a7e839aa0452ceeb6228de7c15062fe82cc6d1c3
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:26:57 GMT
expires: Thu, 02 Nov 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 343554
last-modified: Wed, 27 Apr 2022 16:02:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
216.58.207.195200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:26:57 GMT
expires: Thu, 02 Nov 2023 19:26:57 GMT
cache-control: public, max-age=31536000
age: 343554
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 62a8ce6a2338913103618edb2f4a9dbe
0e0850b1aef6ed524d119a41145112b84c257687
51d11b07f58551b5864fb55d4560d8a2237c2351036de0af7e25c81816763b31
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 18:52:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.assurancessdchemical.com/vlo/?e=qbot.zip
185.185.85.130404 Not Found 99 kB URL HTTP/2 www.assurancessdchemical.com/vlo/?e=qbot.zip
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (39996), with CRLF, LF line terminators
Hash 1af7cc3a91e72081a54252918758b446
fa82a468a9e89645197155c1aa162a634cfca0cf
8b6f38d12d9796f957e63b847c00c2a25173700c1fe75e6d61a20521e00bb0c5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vlo/?e=qbot.zip HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sun, 06 Nov 2022 18:52:49 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.33
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.assurancessdchemical.com/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/uploads/2021/09/cropped-logo_1-300x300.png
185.185.85.130200 OK 18 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/uploads/2021/09/cropped-logo_1-300x300.png
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 3f686d38acdfbc86373bd3124fe5cfc5
4c09c18f76d0b344f453db15560909afdc73dbdc
6e2da0e5ce7701c610fcabd7149c7282e8144dedb4d92f7862d6c7f6aa42b803
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2021/09/cropped-logo_1-300x300.png HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:51 GMT
content-type: image/png
content-length: 17748
last-modified: Fri, 15 Apr 2022 07:30:32 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/uploads/2021/09/cropped-logo_1-100x98.png
185.185.85.130200 OK 9.8 kB URL HTTP/2 www.assurancessdchemical.com/wp-content/uploads/2021/09/cropped-logo_1-100x98.png
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
File type PNG image data, 100 x 98, 8-bit/color RGBA, non-interlaced\012- data
Hash 204d2cb2f6ba4b6daa9b2c5ba48e4702
cecbad22f79893752c0104e7902339d494f874c0
ec348823aca70cbee4a71ad444bf966b3c331af70eea3a81c8939b1a3e770084
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2021/09/cropped-logo_1-100x98.png HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:51 GMT
content-type: image/png
content-length: 9849
last-modified: Fri, 15 Apr 2022 07:30:31 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js
151.101.85.229200 OK 57 kB URL HTTP/2 cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js
IP 151.101.85.229:0
Hash 3697af41f9789a58f4bb02c550bc0890
047333fe2e7d26bf3bb08b56282264679e54a3da
5e55620a52245db1b4d55b4ef83f3e7f13f68a82038ef1ad92f976aeffde4d80
GET /emojione/2.2.7/lib/js/emojione.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"49dda-cp9vjKV4fYl0Ow7X6yf9dkBr+YU"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 06 Nov 2022 18:52:52 GMT
age: 19907129
x-served-by: cache-fra19156-FRA, cache-bma1621-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 53889
X-Firefox-Spdy: h2
vsb116.tawk.to/s/?k=636802843f52a35ac5bc56a6&cver=0&pop=false&asver=4&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI2MjYxNjc2NjdiOTY3YjExNzk4YmQ0NDgiLCJ2aWQiOiI2MjYxNjc2NjdiOTY3YjExNzk4YmQ0NDgtUE9PNkxDUU9EWEQyQ28ydWlxVjlZIiwic2lkIjoiNjM2ODAyODQzZjUyYTM1YWM1YmM1NmE2IiwiaWF0IjoxNjY3NzYwNzcyLCJleHAiOjE2Njc3NjI1NzIsImp0aSI6InZONFRKWkFaOUpBR1RBZ1hGZjktbiJ9.vBDauOahZqUJNTnLJh3Bwv06zjqdsFjLY4MZ5ho9A61rKJKe49LpRfMtwE1YoYbAjEhDXHytPrLe7lOFgmXv1w&EIO=3&transport=websocket&__t=OHEISt5
104.22.25.131101 Switching Protocols 7.4 kB URL HTTP/1.1 vsb116.tawk.to/s/?k=636802843f52a35ac5bc56a6&cver=0&pop=false&asver=4&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI2MjYxNjc2NjdiOTY3YjExNzk4YmQ0NDgiLCJ2aWQiOiI2MjYxNjc2NjdiOTY3YjExNzk4YmQ0NDgtUE9PNkxDUU9EWEQyQ28ydWlxVjlZIiwic2lkIjoiNjM2ODAyODQzZjUyYTM1YWM1YmM1NmE2IiwiaWF0IjoxNjY3NzYwNzcyLCJleHAiOjE2Njc3NjI1NzIsImp0aSI6InZONFRKWkFaOUpBR1RBZ1hGZjktbiJ9.vBDauOahZqUJNTnLJh3Bwv06zjqdsFjLY4MZ5ho9A61rKJKe49LpRfMtwE1YoYbAjEhDXHytPrLe7lOFgmXv1w&EIO=3&transport=websocket&__t=OHEISt5
IP 104.22.25.131:0
Hash bbf7840699f8ae52befcc6ab2ad15296
6c63bcbf95ddb8c321f5ec57b8fda63166475535
c65a19fec6c8323731db50c92e824447fec058a1989cebd9b589a5484f3abe91
GET /s/?k=636802843f52a35ac5bc56a6&cver=0&pop=false&asver=4&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI2MjYxNjc2NjdiOTY3YjExNzk4YmQ0NDgiLCJ2aWQiOiI2MjYxNjc2NjdiOTY3YjExNzk4YmQ0NDgtUE9PNkxDUU9EWEQyQ28ydWlxVjlZIiwic2lkIjoiNjM2ODAyODQzZjUyYTM1YWM1YmM1NmE2IiwiaWF0IjoxNjY3NzYwNzcyLCJleHAiOjE2Njc3NjI1NzIsImp0aSI6InZONFRKWkFaOUpBR1RBZ1hGZjktbiJ9.vBDauOahZqUJNTnLJh3Bwv06zjqdsFjLY4MZ5ho9A61rKJKe49LpRfMtwE1YoYbAjEhDXHytPrLe7lOFgmXv1w&EIO=3&transport=websocket&__t=OHEISt5 HTTP/1.1
Host: vsb116.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://www.assurancessdchemical.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tAOmEeAWCPCdcbjIEB96yw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sun, 06 Nov 2022 18:52:53 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: NM4s+x/jiLuX9qRRk5FgGr9V/Zk=
sec-websocket-extensions: permessage-deflate
strict-transport-security: max-age=0; includeSubDomains; preload
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 7660075cdb140b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-runtime.js
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-runtime.js
IP 104.22.24.131:0
GET /_s/v4/app/635a92a45e8/js/twk-runtime.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 06 Nov 2022 18:52:51 GMT
content-type: application/javascript
last-modified: Thu, 27 Oct 2022 14:17:55 GMT
etag: W/"28824857224eeeac7394f7755fa2d3ed"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 766007552a0ab4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-app.js
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-app.js
IP 104.22.24.131:0
GET /_s/v4/app/635a92a45e8/js/twk-app.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 06 Nov 2022 18:52:51 GMT
content-type: application/javascript
last-modified: Thu, 27 Oct 2022 14:17:55 GMT
etag: W/"e736e189edb5d0d9d5b8e7f23dd9114a"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 766007552a0cb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-vendor.js
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-vendor.js
IP 104.22.24.131:0
GET /_s/v4/app/635a92a45e8/js/twk-vendor.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 06 Nov 2022 18:52:51 GMT
content-type: application/javascript
last-modified: Thu, 27 Oct 2022 14:17:55 GMT
etag: W/"7dcb496e4882926f93f2e73fa87062c0"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 766007552a01b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-chunk-common.js
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-chunk-common.js
IP 104.22.24.131:0
GET /_s/v4/app/635a92a45e8/js/twk-chunk-common.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 06 Nov 2022 18:52:51 GMT
content-type: application/javascript
last-modified: Thu, 27 Oct 2022 14:17:55 GMT
etag: W/"37e555e4ffba86d238c6b19fb69bad9e"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 766007552a09b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/elementor.css?ver=1.4
185.185.85.130200 OK 0 B URL HTTP/2 www.assurancessdchemical.com/wp-content/themes/finbuzz/assets/css/elementor.css?ver=1.4
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/finbuzz/assets/css/elementor.css?ver=1.4 HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:50 GMT
content-type: text/css
content-length: 308041
last-modified: Fri, 15 Apr 2022 07:13:01 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-chunk-vendors.js
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-chunk-vendors.js
IP 104.22.24.131:0
GET /_s/v4/app/635a92a45e8/js/twk-chunk-vendors.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 06 Nov 2022 18:52:51 GMT
content-type: application/javascript
last-modified: Thu, 27 Oct 2022 14:17:55 GMT
etag: W/"70dac54eca3bb2143032bc4db3237623"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 766007552a08b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/626167667b967b11798bd448/1g167nqud
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/626167667b967b11798bd448/1g167nqud
IP 104.22.24.131:0
GET /626167667b967b11798bd448/1g167nqud HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 06 Nov 2022 18:52:51 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, s-maxage=3600
etag: W/"stable-v4-635a92a45e8"
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
cf-ray: 766007516b41b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A400%2C500%2C700%2C400%7CSource+Sans+Pro%3A400%2C500%2C600%2C700%2C700&subset=latin&display=fallback&ver=1.4
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A400%2C500%2C700%2C400%7CSource+Sans+Pro%3A400%2C500%2C600%2C700%2C700&subset=latin&display=fallback&ver=1.4
IP 142.250.74.10:0
GET /css?family=Roboto%3A400%2C500%2C700%2C400%7CSource+Sans+Pro%3A400%2C500%2C600%2C700%2C700&subset=latin&display=fallback&ver=1.4 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 06 Nov 2022 18:52:50 GMT
date: Sun, 06 Nov 2022 18:52:50 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-main.js
104.22.24.131200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/635a92a45e8/js/twk-main.js
IP 104.22.24.131:0
GET /_s/v4/app/635a92a45e8/js/twk-main.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 06 Nov 2022 18:52:51 GMT
content-type: application/javascript
last-modified: Thu, 27 Oct 2022 14:17:56 GMT
etag: W/"da5bb1dc647470204df0e49f5afac2de"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: MISS
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 766007552a00b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.assurancessdchemical.com/?wc-ajax=get_refreshed_fragments
185.185.85.130200 OK 0 B URL HTTP/2 www.assurancessdchemical.com/?wc-ajax=get_refreshed_fragments
IP 185.185.85.130:0
ASN #58040 Host Lincoln Limited
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: www.assurancessdchemical.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: https://www.assurancessdchemical.com
Connection: keep-alive
Referer: https://www.assurancessdchemical.com/vlo/?e=qbot.zip
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 18:52:51 GMT
content-type: application/json; charset=UTF-8
x-powered-by: PHP/7.3.33
access-control-allow-origin: https://www.assurancessdchemical.com
access-control-allow-credentials: true
x-content-type-options: nosniff
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
X-Firefox-Spdy: h2