What was the Server header for the malicious domain from the previous question?
Right-click on the packet from the previous task and follow the HTTP stream. The answer is from the malicious server is in blue and we can see the "Server:" couple lines down.
Previous step Fifteenth task
Next step Seventeenth task