r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13356
Expires: Sun, 05 Feb 2023 04:12:09 GMT
Date: Sun, 05 Feb 2023 00:29:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9034
Expires: Sun, 05 Feb 2023 03:00:07 GMT
Date: Sun, 05 Feb 2023 00:29:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 23:43:39 GMT
content-type: application/json
age: 2755
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20962
Expires: Sun, 05 Feb 2023 06:18:56 GMT
Date: Sun, 05 Feb 2023 00:29:34 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +k5nsWFBoyqd6Ms59AweGMTneiVD2HQLWWW+m5AeuJxxGc/OTYu/0gZAWBG6VUBTXz/88MEZGD0=
x-amz-request-id: 08RD74767PR75EE1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 00:24:14 GMT
age: 320
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 00:29:34 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
aquaairfl.com/s/cadastro/sinbc/mobile/security.php
192.185.232.169301 Moved Permanently 0 B URL HTTP/1.1 aquaairfl.com/s/cadastro/sinbc/mobile/security.php
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /s/cadastro/sinbc/mobile/security.php HTTP/1.1
Host: aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2023 00:29:33 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Set-Cookie: PHPSESSID=r6oto9ojqppg1mcbfath9f11s2; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 00:07:19 GMT
age: 1335
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4000
Expires: Sun, 05 Feb 2023 01:36:14 GMT
Date: Sun, 05 Feb 2023 00:29:34 GMT
Connection: keep-alive
push.services.mozilla.com/
54.218.23.125101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.218.23.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aiA4/sC33yXEOiuVFbrKbA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NJI67m7L87JRE7D/0EXMvBfLl3Y=
www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
192.185.232.169404 Not Found 13 kB URL HTTP/1.1 www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash fddc3eebe95eb96db4739ee8f593cd47
eada2ed1c858515530b04632f2c91ce23903d6e8
c1989cd75b312662bf5f567a88220603e84b1726efaf2dd4efebcd6d7c72310a
Analyzer Verdict Alert fortinet Phishing
GET /s/cadastro/sinbc/mobile/security.php HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 404 Not Found
Date: Sun, 05 Feb 2023 00:29:34 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.aquaairfl.com/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12556
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
fonts.googleapis.com/css?family=Open+Sans:400,600
142.250.74.106200 OK 639 B URL HTTP/1.1 fonts.googleapis.com/css?family=Open+Sans:400,600
IP 142.250.74.106:0
Hash 8ff9bf0da080c656b619be4929a8437f
296c9051db5e3ae848ea6d805738f31a7ace5059
9a63cb1251a9d76eb31d20b0e02bbd97ef14c9c8006c251e008d64933f68c160
GET /css?family=Open+Sans:400,600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 05 Feb 2023 00:29:35 GMT
Date: Sun, 05 Feb 2023 00:29:35 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
www.aquaairfl.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
192.185.232.169200 OK 18 kB URL HTTP/1.1 www.aquaairfl.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (47826)
Hash 9415c9562591af7a582c29139621505f
0b12eecf36a48b871a3198550f4f65bb4a6d9b1b
06c70d3232c2ae3ed2aa259eb7a1beb329b654926813935fffa8902cd5ebaa4a
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Last-Modified: Tue, 06 Dec 2022 21:48:17 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
www.aquaairfl.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
192.185.232.169200 OK 3.2 kB URL HTTP/1.1 www.aquaairfl.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11256), with no line terminators
Hash 1054d0d53548e8bae51665b11acc6413
2eea6a05fe18db61fff58c431d34a86b3e0b7ade
cb8b0f0f3f871d9776da32ee6d9e1af9277a211be61e97a831c7f8c98fbebfae
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 06 Dec 2022 21:48:15 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3239
Keep-Alive: timeout=5, max=75
Content-Type: text/css
www.aquaairfl.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1
192.185.232.169200 OK 1.3 kB URL HTTP/1.1 www.aquaairfl.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (4186), with no line terminators
Hash 91bab39b98d7e5c1632717b9ebe349e4
e639a447d06fc7827be5b5b35d603ff16b5f7bb1
47ff151faeb23a5654f6ec58b404e51193f6714849a69de241c2ee79662f74c6
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 06 Dec 2022 21:48:15 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1298
Keep-Alive: timeout=5, max=75
Content-Type: text/css
www.aquaairfl.com/wp-includes/css/classic-themes.min.css?ver=1
192.185.232.169200 OK 189 B URL HTTP/1.1 www.aquaairfl.com/wp-includes/css/classic-themes.min.css?ver=1
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 06 Dec 2022 21:48:16 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 189
Keep-Alive: timeout=5, max=75
Content-Type: text/css
www.aquaairfl.com/wp-content/themes/enfold/css/base.css?ver=2
192.185.232.169200 OK 4.7 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/themes/enfold/css/base.css?ver=2
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (492)
Hash 924f7084f99c79bf1121200227583315
7281b1c7cf6d9e843b1ffa1cdcd003eb96349302
620dc8f758d0935bf9365a0ffcda69fd1ee8f9962f2e5e950020999b61e73cd7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/enfold/css/base.css?ver=2 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 11 Aug 2016 18:46:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4703
Keep-Alive: timeout=5, max=75
Content-Type: text/css
www.aquaairfl.com/wp-content/themes/enfold/css/grid.css?ver=2
192.185.232.169200 OK 2.5 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/themes/enfold/css/grid.css?ver=2
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 342fb26506daf0f54823300c1b527d4d
7aacdc5fd481cb0f8dcedc08a1b96ce3141f10b9
6e2a98ba0b7e4a49f3cef443f1fb153041379b13bf7e11b34e764aa43f797680
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/enfold/css/grid.css?ver=2 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 11 Aug 2016 18:46:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2451
Keep-Alive: timeout=5, max=75
Content-Type: text/css
www.aquaairfl.com/wp-content/themes/enfold/css/layout.css?ver=2
192.185.232.169200 OK 30 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/themes/enfold/css/layout.css?ver=2
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (320)
Hash c482f9e0933fd30dcdce9ba3558a7f34
c821c3e90bfc758f2a016c6e0dafcf024026b8b3
9834daa3da176976c0fb725c5e920bc29dc87aab80c39c0b3f2d144864103c25
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/enfold/css/layout.css?ver=2 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2016 18:46:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 70000a3360d36edb8695664d3b9e2579
7c57257d7655a01d7ebdebd6f0f506fef7d26dea
39aa2efb34e981ac59680a8dcfe4bbb0beb532b71bf00381eb2f456e1a544b70
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39AA2EFB34E981AC59680A8DCFE4BBB0BEB532B71BF00381EB2F456E1A544B70"
Last-Modified: Thu, 02 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 05 Feb 2023 06:29:35 GMT
Date: Sun, 05 Feb 2023 00:29:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 81d0005c9f8690ab2d4e1f6366d0c72c
f5e5af588c6b4c3caa9a6b0c7b184cbc4654f419
09b0832ff15652529b42e4ad14050e93be0c03c8d822cb4c2104a59893aba04d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "09B0832FF15652529B42E4AD14050E93BE0C03C8D822CB4C2104A59893ABA04D"
Last-Modified: Sun, 05 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 05 Feb 2023 06:29:35 GMT
Date: Sun, 05 Feb 2023 00:29:35 GMT
Connection: keep-alive
www.aquaairfl.com/wp-content/themes/enfold/js/mediaelement/skin-1/mediaelementplayer.css?ver=1
192.185.232.169200 OK 4.9 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/themes/enfold/js/mediaelement/skin-1/mediaelementplayer.css?ver=1
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 3978e2e704f0f2548563c800ad47b56a
5988b67f59bd430f7bc854e45574cc5121253f53
f3d3a537cea3d86c36080eae7c211ae419eab3555df9d7b639e09c35ae4aefea
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/enfold/js/mediaelement/skin-1/mediaelementplayer.css?ver=1 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2016 18:46:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4896
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
www.aquaairfl.com/wp-content/themes/enfold/js/aviapopup/magnific-popup.css?ver=1
192.185.232.169200 OK 2.3 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/themes/enfold/js/aviapopup/magnific-popup.css?ver=1
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash ff34b1578d37d78f5749f88a66dd57c8
c69a3faba46cbddb1d69a04d5736bc2edc2856e9
5a1b9898841128d789a4d239c4be879a23c62213128044817c8fd907ed2461df
GET /wp-content/themes/enfold/js/aviapopup/magnific-popup.css?ver=1 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2016 18:46:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2314
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
www.aquaairfl.com/wp-content/themes/enfold/css/custom.css?ver=2
192.185.232.169200 OK 325 B URL HTTP/1.1 www.aquaairfl.com/wp-content/themes/enfold/css/custom.css?ver=2
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 712b456a13d44b811d2d1717a9f5612a
7c1756c1ac2cde779cffbea1402e4c7a28bbaaaf
4d123778016ce146032d877b9e58d279b9afc18ded2106f49d6cff8d218084b3
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/enfold/css/custom.css?ver=2 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2016 18:46:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 325
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
www.aquaairfl.com/wp-content/plugins/css-hero/assets/js/prefixfree.min.js?ver=6.1.1
192.185.232.169200 OK 4.1 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/plugins/css-hero/assets/js/prefixfree.min.js?ver=6.1.1
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (6094)
Hash b56865b5fdd752c84f13f40b5c6fbad8
04310ffdb4e59bbc41be14f30c250ae0a17ebc1a
05bc5f09891be63301607f20fdce08852993cea1861641323ecf75ca7a69d134
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/css-hero/assets/js/prefixfree.min.js?ver=6.1.1 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Last-Modified: Wed, 10 Jun 2015 17:28:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4130
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
www.aquaairfl.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
192.185.232.169200 OK 6.0 kB URL HTTP/1.1 www.aquaairfl.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11126)
Hash 6cea32981648b2a71bfd585298bdfbee
65798005e2e8b5f6ab12ea90df200cbe255d6d26
a6e159ec4cad094727a09d7c8d8fb360d90b73846382c59b60243ba79d4b1a84
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Last-Modified: Tue, 06 Dec 2022 21:48:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5988
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7659
Expires: Sun, 05 Feb 2023 02:37:15 GMT
Date: Sun, 05 Feb 2023 00:29:36 GMT
Connection: keep-alive
www.aquaairfl.com/wp-content/themes/enfold/js/avia-compat.js?ver=2
192.185.232.169200 OK 2.3 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/themes/enfold/js/avia-compat.js?ver=2
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 65ec89d3ecb46e4794a4c3e0dea06b28
33c52c02b659a609133a7c8b6757201a7faccfd0
56ef978266551329b019bc5a6db8d02cb8d3de67dbfe9e9941d6d59ae5a30717
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/enfold/js/avia-compat.js?ver=2 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2016 18:46:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2311
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7659
Expires: Sun, 05 Feb 2023 02:37:15 GMT
Date: Sun, 05 Feb 2023 00:29:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7659
Expires: Sun, 05 Feb 2023 02:37:15 GMT
Date: Sun, 05 Feb 2023 00:29:36 GMT
Connection: keep-alive
www.aquaairfl.com/wp-content/themes/enfold/js/avia.js?ver=3
192.185.232.169200 OK 41 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/themes/enfold/js/avia.js?ver=3
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (2488)
Hash 4adb9544ace204a37303211c0acfa51a
8626f42bc3ba8261d202b6fbfab066969481db16
c58600f0bad32123c03aacd5a7ea216fec19429a60559b857fb73202eb1b2ced
GET /wp-content/themes/enfold/js/avia.js?ver=3 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2016 18:46:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
www.aquaairfl.com/wp-content/plugins/jetpack/css/jetpack.css?ver=11.7.1
192.185.232.169200 OK 24 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/plugins/jetpack/css/jetpack.css?ver=11.7.1
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 0995cb3e717ca024aabc543a877bc8de
6a81281567c577c6562f52701e54d2d0c3446bad
203f84bccfa30ca5added47c5e1a308b16d8cec71d93703bb64a30382327f36f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/jetpack/css/jetpack.css?ver=11.7.1 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Last-Modified: Tue, 17 Jan 2023 04:01:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7b596a8e984911df703e15c72d25d513
a1fa1355f4de6f246d35bed9f128e13fc9dc4e72
aba708124199ec6b0ce86ac14c6c18d233ff405071a7f22522217c2fcb0aa9b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13557
x-amzn-requestid: 981a0f31-e874-4392-a81d-12d667020700
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fH8-JGEsoAMFhZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cca85a-7398031f2676734c65447e5b;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 03:07:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3dw5Oj2su-_kCvpC1jDJsyAEUPzaexgTzhAC9yAYSyXTFRVge2FR6Q==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:10:43 GMT
age: 8333
etag: "a1fa1355f4de6f246d35bed9f128e13fc9dc4e72"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 13:05:46 GMT
age: 41030
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61ef2f28-06d6-4c28-b598-e80a6c49ef77.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61ef2f28-06d6-4c28-b598-e80a6c49ef77.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f4a8749b09484bfc2a8fe4b33c69624
299d7514cf29c2dbd919581883239ef44c0984dd
22a61b6e7b48eeb44339469a353efdef0dc089be670fb490627dd33adc59168b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61ef2f28-06d6-4c28-b598-e80a6c49ef77.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4526
x-amzn-requestid: 0942d90f-c9a6-40e6-9439-5da97a42cd35
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fye2wEngoAMFmGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddab5e-5d3234d519561b4040eff4c3;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 00:48:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WqipgPOkYYXuD4D0MYHUEn4Gusno3xTQyHrwq-XlF9mwiPP0BtQGWg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 09:56:11 GMT
age: 52405
etag: "299d7514cf29c2dbd919581883239ef44c0984dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01d9feca-e9dc-4ee4-9694-bcc983e3a7c1.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01d9feca-e9dc-4ee4-9694-bcc983e3a7c1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d632f8be93820b9746f76146fe3ff0e
7e5e9b16819af678ba84ddb6f45c073e659e2f4e
26ad66cf5e4fe4de99ad31b5c4f0fa3d05c085be04610de8ad80989528c100bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01d9feca-e9dc-4ee4-9694-bcc983e3a7c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6434
x-amzn-requestid: ccf74c35-c654-4a9a-8121-ab27fc4cd862
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WWYFbJoAMFgSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f5-10dedb6a287acd2b10cdfdb4;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3bv0yNuzTWh742AZFesuU0caKmg0nMFc3P0bLYkhGd-TAeg5R9W_vQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:10:24 GMT
age: 8352
etag: "7e5e9b16819af678ba84ddb6f45c073e659e2f4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bbb38d805862a1b3081eebf256e0dae0
4a5cb01390d897be8721cd4551c74d0452aff640
02443891d0533f37fe38b16febafc86fa64c457dc1827b97ec535d623486d549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8691
x-amzn-requestid: 51bb839e-c32c-4be9-9f38-7f8044160e70
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsLgFPqIAMFfww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d22716-3794126b47a79aed27e1aac4;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:09:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9du1ien5j1WSLplBzT5AAV-xIPKNgg4-8tdjux_iEGXNGaCcj29Xog==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 03:37:50 GMT
age: 75106
etag: "4a5cb01390d897be8721cd4551c74d0452aff640"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 062e186a259eda97173695240a492c63
9b476a4ec219667f560b88199a3a4e4b0a93b579
d18570d3c4ada689b5c2a99b0783ce41c629bd125e6683cf225e01b7032f14a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12256
x-amzn-requestid: 1b959eb9-cf69-414c-b57b-4a63277d709c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvgx-EhgoAMF2wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc7b3f-2c58e8ac2aee8a8f409a93a0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 03:10:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dvxlk1iSyNfjmNRI_8HcmhG9_xe0ZlaZ0Pzj0H9EBR6wwXKg0L7YVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 05:55:27 GMT
age: 66849
etag: "9b476a4ec219667f560b88199a3a4e4b0a93b579"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.aquaairfl.com/wp-content/themes/enfold/css/shortcodes.css?ver=2
192.185.232.169200 OK 46 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/themes/enfold/css/shortcodes.css?ver=2
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1454)
Hash d3407c4e2fa176436b3811b28f440ff0
196f962253b3510f5d63b37f372b56924fa49dae
73876f4482ac8e2b094d86980424feb020a129d0bc8edbc66a665f0ff3386b1c
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/enfold/css/shortcodes.css?ver=2 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2016 18:46:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
www.aquaairfl.com/wp-content/uploads/2015/05/Aqua-Air-Full-Color.png
192.185.232.169200 OK 33 kB URL HTTP/2 www.aquaairfl.com/wp-content/uploads/2015/05/Aqua-Air-Full-Color.png
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 333 x 151, 8-bit/color RGBA, non-interlaced\012- data
Hash 14daf14109b87657d84c5be222632b87
e82f106f529523b466466aeb764c2e6571a2b5d6
22b2ba9d4422887c433611560bebafdc865859335dd20dda80727b181e279618
GET /wp-content/uploads/2015/05/Aqua-Air-Full-Color.png HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.aquaairfl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 10 Jun 2015 17:28:22 GMT
accept-ranges: bytes
content-length: 33110
content-type: image/png
date: Sun, 05 Feb 2023 00:29:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.aquaairfl.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
192.185.232.169200 OK 40 kB URL HTTP/1.1 www.aquaairfl.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65447)
Hash 5531ade409a23efef1d69042ae3c9f8a
d7fa60ed35a04bd03d77e9fb205fb6b453c685aa
ba5d15e6844d9db050b0305fd31336f6407daf266d4d3e7d3deea23fffb61c0a
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:35 GMT
Server: Apache
Last-Modified: Tue, 06 Dec 2022 21:48:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
www.aquaairfl.com/wp-content/themes/enfold/js/aviapopup/jquery.magnific-popup.min.js?ver=2
192.185.232.169200 OK 11 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/themes/enfold/js/aviapopup/jquery.magnific-popup.min.js?ver=2
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (20840)
Hash 7937fdf4d4add8b5b1770c3ead252397
addbb86c1d8b93eb0058cc2734f726a27a2c8657
328f149808ae4dc37e6ef3b5d17acd382f0240a86c034625770eaf9c4628ecf5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/enfold/js/aviapopup/jquery.magnific-popup.min.js?ver=2 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:36 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2016 18:46:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10858
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
www.aquaairfl.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1
192.185.232.169200 OK 1.9 kB URL HTTP/1.1 www.aquaairfl.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1213)
Hash cd661872734702b19f48c44d69bc50df
aa89605f93bb917c3ff6e2008561b02dbd1fc3a3
9c2e681f6bfe321473f1402150ffd5c7b2f456bdf264378b010bffc1a18a4586
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:36 GMT
Server: Apache
Last-Modified: Tue, 06 Dec 2022 21:48:15 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1881
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
www.aquaairfl.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17
192.185.232.169200 OK 58 kB URL HTTP/1.1 www.aquaairfl.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65266)
Hash 59cea98169ab22c5a5de0dec1e617843
657c42bd7895fa9dff822187f0172d35ec518ffb
1bf81565b8c4c5eebaebd4c75b1466fdf8abb051a861a8363128907253d23779
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:36 GMT
Server: Apache
Last-Modified: Tue, 06 Dec 2022 21:48:15 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
www.aquaairfl.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1
192.185.232.169200 OK 1.8 kB URL HTTP/1.1 www.aquaairfl.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (928)
Hash 405e5962bc60fa0cb69322fadec1f676
90ec5d81ff81ead43f272b818efe36f4f146f9e4
749626b66a5898c4db9ad7c071e89a77a63f19ecd7ab610dcd6de21b4b52d659
GET /wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:36 GMT
Server: Apache
Last-Modified: Tue, 06 Dec 2022 21:48:15 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1828
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
www.aquaairfl.com/?wpcss_action=show_css
192.185.232.169200 OK 111 B URL HTTP/2 www.aquaairfl.com/?wpcss_action=show_css
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash e379c1f799a0cbdaffda7f992be73863
226ffe8f06b2d35033b990fab49f56f4a0c835f0
4588d54c8a7311366a927b43d0242071ee630b41e4fb637d011beb9355c08dd1
Analyzer Verdict Alert fortinet Malware
GET /?wpcss_action=show_css HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.aquaairfl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=u5esa3t9m4lkh64qmiefodl6l1; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 111
content-type: text/css;charset=UTF-8
date: Sun, 05 Feb 2023 00:29:35 GMT
server: Apache
X-Firefox-Spdy: h2
stats.wp.com/e-202305.js
192.0.76.3200 OK 9.7 kB IP 192.0.76.3:0
File type ASCII text, with very long lines (2690)
Hash 168b161c2f3f364232e506ecd9321840
129bc6a9a1a8482a200037dd11dc799d375e6a7b
c8d3c6fd696ac093abe05a590762313d6c9420e09e650fab94f0dc22e35fb8c0
GET /e-202305.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.aquaairfl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 00:29:35 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"62f6b688-3508"
content-encoding: br
expires: Wed, 24 Jan 2024 05:54:37 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/1.1 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.aquaairfl.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 44856
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 02 Feb 2023 00:41:24 GMT
Expires: Fri, 02 Feb 2024 00:41:24 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 15 Aug 2022 18:20:18 GMT
Content-Type: font/woff2
Age: 258492
www.aquaairfl.com/wp-content/themes/enfold/js/shortcodes.js?ver=3
192.185.232.169200 OK 48 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/themes/enfold/js/shortcodes.js?ver=3
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 4f51e415c9730bf6329b467aeb5b3d9a
77ad678a9c66188cd28412e070eb44d4c3d997f4
b8fa07f72a6159ee38555f80d92020e9765e8330110750810ede1ac0ce60d472
GET /wp-content/themes/enfold/js/shortcodes.js?ver=3 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=k78ne3d3br3pkqjm2gpbd50oj6
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:36 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2016 18:46:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
www.aquaairfl.com/wp-content/themes/enfold/images/background-images/gradient-top-light.png
192.185.232.169200 OK 498 B URL HTTP/2 www.aquaairfl.com/wp-content/themes/enfold/images/background-images/gradient-top-light.png
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 100 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 2e04d1734cd9fcde17e102fd4cf2aa37
ed61e9943861e00977e1c11edd37e08335108e1d
56c820f21ad99a66c969f62b49fae5d29a9165cf321018e847c68b0b4c27035f
GET /wp-content/themes/enfold/images/background-images/gradient-top-light.png HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.aquaairfl.com/wp-content/uploads/dynamic_avia/enfold.css?ver=5cd9a4dfa6bc2
Cookie: PHPSESSID=u5esa3t9m4lkh64qmiefodl6l1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 11 Aug 2016 18:46:48 GMT
accept-ranges: bytes
content-length: 498
content-type: image/png
date: Sun, 05 Feb 2023 00:29:36 GMT
server: Apache
X-Firefox-Spdy: h2
www.aquaairfl.com/wp-content/uploads/2015/05/diagonal-lines.jpg
192.185.232.169200 OK 6.7 kB URL HTTP/2 www.aquaairfl.com/wp-content/uploads/2015/05/diagonal-lines.jpg
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x100, components 3\012- data
Hash 327c672e98f6412fee2b6aaba3eab8d6
f2d4d9b3a1527d7904007d01c557605011ef0f3a
24d785dbe620c94ca56938c940b8095bafe6acd39416384892ae4f745104835c
GET /wp-content/uploads/2015/05/diagonal-lines.jpg HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.aquaairfl.com/wp-content/uploads/dynamic_avia/enfold.css?ver=5cd9a4dfa6bc2
Cookie: PHPSESSID=u5esa3t9m4lkh64qmiefodl6l1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 10 Jun 2015 17:28:21 GMT
accept-ranges: bytes
content-length: 6653
content-type: image/jpeg
date: Sun, 05 Feb 2023 00:29:36 GMT
server: Apache
X-Firefox-Spdy: h2
www.aquaairfl.com/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff?v=3
192.185.232.169200 OK 31 kB URL HTTP/1.1 www.aquaairfl.com/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff?v=3
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 30804, version 1.0\012- data
Hash a1aeb367498d7280cd2246f4974e988a
57058b69ea614e2bdee874e882a92c4f32058c4d
75e801b453bd677c68d4af036055b3036b8fc0390a76bf4661ab50e22b1137ee
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff?v=3 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.aquaairfl.com/s/cadastro/sinbc/mobile/security.php
Cookie: PHPSESSID=u5esa3t9m4lkh64qmiefodl6l1
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:29:36 GMT
Server: Apache
Last-Modified: Thu, 11 Aug 2016 18:46:48 GMT
Accept-Ranges: bytes
Content-Length: 30804
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: font/woff
pixel.wp.com/g.gif?v=ext&blog=93462382&post=0&tz=0&srv=www.aquaairfl.com&j=1%3A11.7.1&host=www.aquaairfl.com&ref=&fcp=2807&rand=0.9869301265842603
192.0.76.3200 OK 50 B URL HTTP/1.1 pixel.wp.com/g.gif?v=ext&blog=93462382&post=0&tz=0&srv=www.aquaairfl.com&j=1%3A11.7.1&host=www.aquaairfl.com&ref=&fcp=2807&rand=0.9869301265842603
IP 192.0.76.3:0
File type GIF image data, version 89a, 6 x 5\012- data
Hash e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?v=ext&blog=93462382&post=0&tz=0&srv=www.aquaairfl.com&j=1%3A11.7.1&host=www.aquaairfl.com&ref=&fcp=2807&rand=0.9869301265842603 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.aquaairfl.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2023 00:29:36 GMT
Content-Type: image/gif
Content-Length: 50
Connection: keep-alive
Cache-Control: no-cache
Access-Control-Allow-Origin: *
www.aquaairfl.com/wp-content/uploads/2015/06/check-light-bak.jpg
192.185.232.169404 Not Found 12 kB URL HTTP/2 www.aquaairfl.com/wp-content/uploads/2015/06/check-light-bak.jpg
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash 060985a68e397ad735f7fcafe6594cc5
652b382445026f71eadcc4b4198de1ac1f8e9434
c9a40c005459f49e86ac0511a385f5516373bf94d13ca1d0e8d801326155f96e
GET /wp-content/uploads/2015/06/check-light-bak.jpg HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.aquaairfl.com/wp-content/uploads/dynamic_avia/enfold.css?ver=5cd9a4dfa6bc2
Cookie: PHPSESSID=u5esa3t9m4lkh64qmiefodl6l1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
pragma: no-cache
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.aquaairfl.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 12541
content-type: text/html; charset=UTF-8
date: Sun, 05 Feb 2023 00:29:36 GMT
server: Apache
X-Firefox-Spdy: h2
www.aquaairfl.com/?wpcss_action=show_css
192.185.232.169200 OK 111 B URL HTTP/2 www.aquaairfl.com/?wpcss_action=show_css
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash e379c1f799a0cbdaffda7f992be73863
226ffe8f06b2d35033b990fab49f56f4a0c835f0
4588d54c8a7311366a927b43d0242071ee630b41e4fb637d011beb9355c08dd1
Analyzer Verdict Alert fortinet Malware
GET /?wpcss_action=show_css HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.aquaairfl.com
Connection: keep-alive
Referer: http://www.aquaairfl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=e3qaf3v9hqi4c52jj8ids4t0o1; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 111
content-type: text/css;charset=UTF-8
date: Sun, 05 Feb 2023 00:29:36 GMT
server: Apache
X-Firefox-Spdy: h2
www.aquaairfl.com/?wpcss_action=show_css
192.185.232.169200 OK 111 B URL HTTP/2 www.aquaairfl.com/?wpcss_action=show_css
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash e379c1f799a0cbdaffda7f992be73863
226ffe8f06b2d35033b990fab49f56f4a0c835f0
4588d54c8a7311366a927b43d0242071ee630b41e4fb637d011beb9355c08dd1
Analyzer Verdict Alert fortinet Malware
GET /?wpcss_action=show_css HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.aquaairfl.com
Connection: keep-alive
Referer: http://www.aquaairfl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=7fen3rbrudn5rdro6hpsd0smv5; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 111
content-type: text/css;charset=UTF-8
date: Sun, 05 Feb 2023 00:29:36 GMT
server: Apache
X-Firefox-Spdy: h2
www.aquaairfl.com/wp-content/uploads/2015/06/Aqua-Air-Favicon-300x300.jpg
192.185.232.169200 OK 14 kB URL HTTP/2 www.aquaairfl.com/wp-content/uploads/2015/06/Aqua-Air-Favicon-300x300.jpg
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 2823b7bbe2b1afc295c662ce5ffa7f18
6dc2cbaed04204dd63388db3a41e899e708dd9ef
2b2e790a2e9013d49bd490435c4d892fdb21c5108f4fd4a14aceeec72da63ca2
GET /wp-content/uploads/2015/06/Aqua-Air-Favicon-300x300.jpg HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.aquaairfl.com/
Cookie: PHPSESSID=u5esa3t9m4lkh64qmiefodl6l1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 10 Jun 2015 18:43:41 GMT
accept-ranges: bytes
content-length: 14329
content-type: image/jpeg
date: Sun, 05 Feb 2023 00:29:37 GMT
server: Apache
X-Firefox-Spdy: h2
www.aquaairfl.com/wp-content/uploads/dynamic_avia/enfold.css?ver=5cd9a4dfa6bc2
192.185.232.169200 OK 0 B URL HTTP/2 www.aquaairfl.com/wp-content/uploads/dynamic_avia/enfold.css?ver=5cd9a4dfa6bc2
IP 192.185.232.169:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/dynamic_avia/enfold.css?ver=5cd9a4dfa6bc2 HTTP/1.1
Host: www.aquaairfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.aquaairfl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 13 May 2019 17:09:51 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Sun, 05 Feb 2023 00:29:35 GMT
server: Apache
X-Firefox-Spdy: h2