Overview

URL lightad.com.br/G5i4hhrx/jql.exe
IP69.164.207.43
ASNAS36351 SoftLayer Technologies Inc.
Location United States
Report completed2019-05-22 11:26:47 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-05-22 11:26:14 CEST 2 Client IP  69.164.207.43 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-05-22 2 lightad.com.br/G5i4hhrx/jql.exe Malware
2019-05-22 2 lightad.com.br/G5i4hhrx/jql.exe Malware
2019-05-22 2 lightad.com.br/wp-content/cache/caos-analytics/analytics.js Malware
2019-05-22 2 lightad.com.br/wp-content/cache/autoptimize/autoptimize_550fa4d890bbbad9280 (...) Malware
2019-05-22 2 lightad.com.br/wp-includes/js/jquery/jquery.js Malware
2019-05-22 2 lightad.com.br/wp-content/cache/autoptimize/autoptimize_68fa512ce236d1bfc1f (...) Malware
2019-05-22 2 lightad.com.br/wp-content/themes/Divi/core/admin/fonts/modules.ttf Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 2 reports on IP: 69.164.207.43

Date UQ / IDS / BL URL IP
2019-06-06 22:04:23 +0200
0 - 1 - 7 lightad.com.br/G5i4hhrx/jql.exe 69.164.207.43
2019-02-09 11:08:09 +0100
0 - 0 - 21 lightad.com.br/G5i4hhrx/jql.exe 69.164.207.43

Last 10 reports on ASN: AS36351 SoftLayer Technologies Inc.

Date UQ / IDS / BL URL IP
2019-07-01 07:04:06 +0200
0 - 0 - 0 freepaypalmoney.micro.blog/ 104.200.22.214
2019-06-30 01:23:43 +0200
0 - 0 - 0 lasvegasrealtyllc.com/agyuslvf/evps3b0s7oc 173.193.64.139
2019-06-30 01:01:37 +0200
0 - 0 - 0 openx.org 208.43.79.58
2019-06-30 00:55:43 +0200
0 - 0 - 0 www.sharehairdressers.com/ 159.8.24.77
2019-06-30 00:52:05 +0200
0 - 0 - 0 www.sharehairdressers.com/ 159.8.24.77
2019-06-30 00:43:05 +0200
0 - 1 - 0 p237431.cdaz.icu/bati/sa?cid=TOTALSPORTEK_ADB (...) 108.168.193.185
2019-06-30 00:40:37 +0200
0 - 0 - 0 https://www.mg-webs.com/ 198.252.100.133
2019-06-30 00:31:20 +0200
0 - 0 - 0 https://rumble.com/v7vfkx-abc.watchmarvels-ag (...) 169.50.62.153
2019-06-30 00:30:00 +0200
0 - 0 - 0 https://rumble.com/v7vfot-putlockerwatch-marv (...) 169.50.62.153
2019-06-27 17:16:37 +0200
0 - 0 - 0 spiritenv.com 75.126.220.28

Last 3 reports on domain: lightad.com.br

Date UQ / IDS / BL URL IP
2019-06-06 22:04:23 +0200
0 - 1 - 7 lightad.com.br/G5i4hhrx/jql.exe 69.164.207.43
2019-02-09 11:08:09 +0100
0 - 0 - 21 lightad.com.br/G5i4hhrx/jql.exe 69.164.207.43
2018-12-30 19:17:28 +0100
0 - 0 - 2 lightad.com.br/G5i4hhrx/jql.exe 162.144.65.160


JavaScript

Executed Scripts (8)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (23)


Request Response
                                        
                                            GET /G5i4hhrx/jql.exe HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         69.164.207.43
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 22 May 2019 09:26:14 GMT
Content-Length: 154
Connection: keep-alive
Location: https://lightad.com.br/G5i4hhrx/jql.exe


--- Additional Info ---
Magic:  HTML document text
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "D472910FB4889F70651A2DCFED59387916F0EFB4CFEEE36CAB2A7EA1B7F045D9"
Last-Modified: Tue, 21 May 2019 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=43149
Expires: Wed, 22 May 2019 21:25:24 GMT
Date: Wed, 22 May 2019 09:26:15 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    dd2f3cf47880b009eea1908030b1d4c3
Sha1:   85b8561f9c09af55efa0c911a1541c80ec0563c5
Sha256: d472910fb4889f70651a2dcfed59387916f0efb4cfeee36cab2a7ea1b7f045d9
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.26
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Content-Transfer-Encoding: Binary
Last-Modified: Sat, 18 May 2019 23:21:14 GMT
Etag: "53eb4eb526983d12f4d0e7d5d6f97583e4a83622"
Content-Length: 1398
Cache-Control: public, no-transform, must-revalidate, max-age=27768
Expires: Wed, 22 May 2019 17:09:03 GMT
Date: Wed, 22 May 2019 09:26:15 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1398
Md5:    a87123bd1d322afc5990a4ccce594576
Sha1:   53eb4eb526983d12f4d0e7d5d6f97583e4a83622
Sha256: 0b50c846dbb78c92885c681139cfa3da783969b6950912985a438080b0916303
                                        
                                            GET /G5i4hhrx/jql.exe HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         69.164.207.43
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 22 May 2019 09:26:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://lightad.com.br/wp-json/>; rel="https://api.w.org/"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4043
Md5:    490c0cbc08758004deea8695d563260b
Sha1:   ca403fdc34d50c5f3cbd8d6995738f6e21a6e0e6
Sha256: 542ed05c258bf9fc19ab931ab583fb79a054a3990ac50792b771e9ab7f4e3e63

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         216.58.211.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 22 May 2019 09:26:16 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   471
Md5:    9960374e1ca2c6b5a9bac743d232e02a
Sha1:   78439f748818077cbde400fc645880baff526be0
Sha256: 9252a4fdf77c0af67001bb8a75e627daca0c836d8b1bf70f1bd6b59785c02d67
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.211.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 22 May 2019 09:26:16 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    5be872b3fe0bb6f31385f91f811e9586
Sha1:   1192231bcb9ee73e9f619d433cdb66dddd9ae7f7
Sha256: db0ad6191770bff9043482b68acf62a4e25d4390a03274cfbe413675dd8c9cf5
                                        
                                            GET /css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lightad.com.br/G5i4hhrx/jql.exe

                                         
                                         216.58.207.234
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Wed, 22 May 2019 09:26:16 GMT
Date: Wed, 22 May 2019 09:26:16 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   382
Md5:    2fbfe23c923e2b043347137838ec847e
Sha1:   d0768ca639325306ea4ee3a65721c248e5d8e88c
Sha256: 69c9008ae389929f52522ff2ab25843e1e04df903693f77313fc91a088f52b54
                                        
                                            GET /wp-content/cache/caos-analytics/analytics.js HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lightad.com.br/G5i4hhrx/jql.exe

                                         
                                         69.164.207.43
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 22 May 2019 09:26:16 GMT
Last-Modified: Tue, 21 May 2019 18:39:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5ce445f3-ada5"
Expires: Sun, 21 Jul 2019 09:26:16 GMT
Cache-Control: max-age=5184000
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   19490
Md5:    d9a89773610a1e5f7c9368840734ccc0
Sha1:   a5a480df0a81de93289cd997d63da49d8e6b833b
Sha256: 4d7719f5a3d17b11f1177dbb34eaf4997965b1270ace39c6283f46c0b2ff98c2

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/cache/autoptimize/autoptimize_550fa4d890bbbad9280191c2719fd092.php HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lightad.com.br/G5i4hhrx/jql.exe

                                         
                                         69.164.207.43
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Server: nginx
Date: Wed, 22 May 2019 09:26:16 GMT
Content-Length: 73492
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding
Cache-Control: max-age=30672000, public, immutable
Expires: Mon, 11 May 2020 09:26:16 GMT
Etag: 837b26b98694b68900bd27b523426409
Last-Modified: Wed, 22 May 2019 09:01:45 GMT


--- Additional Info ---
Magic:  gzip compressed data, from Unix, max compression
Size:   73492
Md5:    837b26b98694b68900bd27b523426409
Sha1:   b1e5574f95c0bebf171ea9fa0f72627929ea10ab
Sha256: 3d6707ec003367488fb94276cadff15c6587c603ff9e38b65d8e1f7a5ec66e5a

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2018/01/light-logo-5.png HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lightad.com.br/G5i4hhrx/jql.exe

                                         
                                         69.164.207.43
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 22 May 2019 09:26:17 GMT
Content-Length: 6308
Last-Modified: Thu, 07 Feb 2019 13:16:15 GMT
Connection: keep-alive
Etag: "5c5c2f9f-18a4"
Expires: Sun, 21 Jul 2019 09:26:17 GMT
Cache-Control: max-age=5184000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 708 x 120, 8-bit colormap, non-interlaced
Size:   6308
Md5:    a9f9588f0a9d9d44a2fcd1bbc52e9508
Sha1:   e716d7287788e772c6716d2c29815ae10676e568
Sha256: 1636e2ebeddff084b1450cb33231c16f95815c2cd92a7d92a519bd9de623dc08
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         216.58.211.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 22 May 2019 09:26:17 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   471
Md5:    6bffd8e33fed04ba82241f1247785801
Sha1:   19cad4d11d8f18243c0ea68878d553d4e9542de8
Sha256: 6beb3e94d3fdbecab6fc17dd006e780a42e79f8f2d262c1177719c747a2949b6
                                        
                                            GET /r/collect?v=1&_v=j75&a=1372647739&t=pageview&_s=1&dl=https%3A%2F%2Flightad.com.br%2FG5i4hhrx%2Fjql.exe&ul=en-us&de=UTF-8&dt=P%C3%A1gina%20n%C3%A3o%20encontrada%20-%20Light%20Cria%C3%A7%C3%A3o%20e%20Comunica%C3%A7%C3%A3o&sd=24-bit&sr=1176x885&vp=1176x754&je=1&fl=10.0%20r45&_u=IEBAAAQ~&jid=807586007&gjid=1639069980&cid=1299648068.1558517177&tid=UA-134081783-1&_gid=118744276.1558517177&_r=1&z=1694958158 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lightad.com.br/G5i4hhrx/jql.exe

                                         
                                         216.58.211.14
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Wed, 22 May 2019 09:26:17 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /wp-includes/css/dashicons.min.css HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lightad.com.br/G5i4hhrx/jql.exe

                                         
                                         69.164.207.43
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 22 May 2019 09:26:17 GMT
Last-Modified: Wed, 22 May 2019 06:10:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5ce4e7cb-b9c6"
Expires: Sun, 21 Jul 2019 09:26:17 GMT
Cache-Control: max-age=5184000
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   29791
Md5:    46e8fec9d23325b65ef8bf6b1946f95c
Sha1:   bc92b3327276177b584910cb79d866ff806508ec
Sha256: f97432882d461798488355b8f8fdb446a36b42c50084006f613fbc93ead18d2f
                                        
                                            GET /wp-includes/js/jquery/jquery.js HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lightad.com.br/G5i4hhrx/jql.exe

                                         
                                         69.164.207.43
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 22 May 2019 09:26:17 GMT
Last-Modified: Wed, 22 May 2019 06:10:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Etag: W/"5ce4e7cb-17a69"
Expires: Sun, 21 Jul 2019 09:26:17 GMT
Cache-Control: max-age=5184000
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   37990
Md5:    320e1fd1177a9f4f6fcd30c17de1fe61
Sha1:   73bb95a77fd9369a32c934b65a2813b7f3403c93
Sha256: 4202d996ecae76bf0c3706285accacd0da5f6473ca8dd6769a52442d3aaf596b

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/cache/autoptimize/autoptimize_68fa512ce236d1bfc1fd852db552219c.php HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lightad.com.br/G5i4hhrx/jql.exe

                                         
                                         69.164.207.43
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Server: nginx
Date: Wed, 22 May 2019 09:26:17 GMT
Content-Length: 66555
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding
Cache-Control: max-age=30672000, public, immutable
Expires: Mon, 11 May 2020 09:26:17 GMT
Etag: 04528b0f63d045b2f20b7791fb2df783
Last-Modified: Wed, 22 May 2019 09:01:45 GMT


--- Additional Info ---
Magic:  gzip compressed data, from Unix, max compression
Size:   66555
Md5:    04528b0f63d045b2f20b7791fb2df783
Sha1:   6baa10aa4b582136f6b88fdd9ca8bb5973311fab
Sha256: 4a87dc90a1f3450084adbf069b5d290d340f62ae8262f1ab43e66f4d7f2925e2

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         216.58.211.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 22 May 2019 09:26:18 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   471
Md5:    a25baae9a950a4d272cd94954c7103c2
Sha1:   6c36cdf0af42f2c7cde7f9e86bc37ca49e005972
Sha256: 0222b03a4d881a4cbc7a152cb86c2b9fe95559138aecbbe8b0b52548307fbea7
                                        
                                            GET /wp-content/uploads/fbrfg/favicon.ico HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: caosLocalGa=GA1.3.1299648068.1558517177; caosLocalGa_gid=GA1.3.118744276.1558517177; _gat=1

                                         
                                         69.164.207.43
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Wed, 22 May 2019 09:26:17 GMT
Content-Length: 15086
Last-Modified: Thu, 07 Feb 2019 19:15:59 GMT
Connection: keep-alive
Etag: "5c5c83ef-3aee"
Expires: Sun, 21 Jul 2019 09:26:17 GMT
Cache-Control: max-age=5184000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  MS Windows icon resource - 3 icons, 48x48, 256-colors
Size:   15086
Md5:    ee503e863c0dca6063e9d98adf69af51
Sha1:   253ef4cb0071c0d3d1588506f482d70ac870ae9a
Sha256: c282ee710db28f42f97577099576045ff7d387f1b6539fc87d4a170ffa2c682d
                                        
                                            GET /s/opensans/v16/mem8YaGs126MiZpBA-UFW50d.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext
Origin: https://lightad.com.br

                                         
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 24364
Date: Fri, 19 Apr 2019 15:17:34 GMT
Expires: Sat, 18 Apr 2020 15:17:34 GMT
Last-Modified: Mon, 25 Mar 2019 20:13:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=31536000
Age: 2830124
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  data
Size:   24364
Md5:    b7b7c77b83e9d67f6756aa2716f35eba
Sha1:   67fe3dc0a0c49f305d6b3bd63f4f8a10ceb6a38f
Sha256: 191dbba54729aa43f2c5c2f118971963758d7f0df2cc2f28f91b86a03dee83ec
                                        
                                            GET /s/opensans/v16/mem5YaGs126MiZpBA-UNirkOXOhv.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext
Origin: https://lightad.com.br

                                         
                                         216.58.211.3
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 25196
Date: Fri, 19 Apr 2019 15:20:57 GMT
Expires: Sat, 18 Apr 2020 15:20:57 GMT
Last-Modified: Mon, 25 Mar 2019 20:12:02 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=31536000
Age: 2829921
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  data
Size:   25196
Md5:    8d1f96760ca156600e72d529483660a8
Sha1:   823c161b9eaa9d8e22d3c08cd4262b287fecaac5
Sha256: 556c8b5155eed68886afa6f1e535f88fa70b2c090d935ba9affb300a34f76de0
                                        
                                            GET /wp-content/themes/Divi/core/admin/fonts/modules.ttf HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://lightad.com.br/wp-content/cache/autoptimize/autoptimize_550fa4d890bbbad9280191c2719fd092.php
Cookie: caosLocalGa=GA1.3.1299648068.1558517177; caosLocalGa_gid=GA1.3.118744276.1558517177; _gat=1

                                         
                                         69.164.207.43
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Server: nginx
Date: Wed, 22 May 2019 09:26:18 GMT
Content-Length: 92400
Last-Modified: Sun, 05 May 2019 14:47:29 GMT
Connection: keep-alive
Etag: "5ccef781-168f0"
Expires: Sun, 21 Jul 2019 09:26:18 GMT
Cache-Control: max-age=5184000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  TrueType font data\012 raw G3 data, byte-padded
Size:   92400
Md5:    de27b3e66b2f8017e000aa9d8d24d60e
Sha1:   e6d716de8f35ba6daf55d57e7fe0ed8d8e50f1f7
Sha256: d201a2c3118a00c82cc48e89815f5139f23956bbe248107dcf522acc77b97c09

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/fbrfg/favicon-16x16.png HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: caosLocalGa=GA1.3.1299648068.1558517177; caosLocalGa_gid=GA1.3.118744276.1558517177; _gat=1

                                         
                                         69.164.207.43
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 22 May 2019 09:26:20 GMT
Content-Length: 459
Last-Modified: Thu, 07 Feb 2019 19:15:59 GMT
Connection: keep-alive
Etag: "5c5c83ef-1cb"
Expires: Sun, 21 Jul 2019 09:26:20 GMT
Cache-Control: max-age=5184000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 16 x 16, 8-bit colormap, non-interlaced
Size:   459
Md5:    010c9380af59b6e6d161e363ece3815d
Sha1:   2adf7c211cbc999a3985ea2234da5708ab9e868f
Sha256: 7536491e6a2dbd61179aed2c691afe47e03d5dc94128687eaf5735e85601450f
                                        
                                            GET /wp-content/uploads/fbrfg/favicon-32x32.png HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: caosLocalGa=GA1.3.1299648068.1558517177; caosLocalGa_gid=GA1.3.118744276.1558517177; _gat=1

                                         
                                         69.164.207.43
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 22 May 2019 09:26:20 GMT
Content-Length: 654
Last-Modified: Thu, 07 Feb 2019 19:15:59 GMT
Connection: keep-alive
Etag: "5c5c83ef-28e"
Expires: Sun, 21 Jul 2019 09:26:20 GMT
Cache-Control: max-age=5184000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 32 x 32, 8-bit colormap, non-interlaced
Size:   654
Md5:    ab0a2e1e18096916ce9d88faebcdacf6
Sha1:   14afceb600e285edc248b0a27a405a00f3611ff1
Sha256: 47774da4aa5da86e0a6788c8569425c1989a67da6c78a7aa9ca21b5a3bff9205
                                        
                                            GET /wp-content/uploads/fbrfg/favicon-32x32.png HTTP/1.1 
Host: lightad.com.br
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: caosLocalGa=GA1.3.1299648068.1558517177; caosLocalGa_gid=GA1.3.118744276.1558517177; _gat=1

                                         
                                         0.0.0.0
                                        


--- Additional Info ---