r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1e997bec759570aa0db03e31bf013cc2
948fd8263ab0b40f75eaf9495f76a7f39f39d5f9
853f97990fe10ccb34066b1e73e93dac45794f42fb745b266b6a46b9e26d52e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "853F97990FE10CCB34066B1E73E93DAC45794F42FB745B266B6A46B9E26D52E9"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14645
Expires: Fri, 28 Oct 2022 00:47:12 GMT
Date: Thu, 27 Oct 2022 20:43:07 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 221b3fe9a6458de64d8bbfcd4a8e2f36
988c93428ff15108d46a11865e1c7e2782fbae34
a5ff1b60b9ef85086d0c6617d9d39cf17ae45855bf7b0ee24ec49ad5a863c18e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5997
Cache-Control: max-age=138479
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 20:43:07 GMT
Etag: "635a4fdd-1d7"
Expires: Sat, 29 Oct 2022 11:11:06 GMT
Last-Modified: Thu, 27 Oct 2022 09:31:09 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 221b3fe9a6458de64d8bbfcd4a8e2f36
988c93428ff15108d46a11865e1c7e2782fbae34
a5ff1b60b9ef85086d0c6617d9d39cf17ae45855bf7b0ee24ec49ad5a863c18e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5997
Cache-Control: max-age=138479
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 20:43:07 GMT
Etag: "635a4fdd-1d7"
Expires: Sat, 29 Oct 2022 11:11:06 GMT
Last-Modified: Thu, 27 Oct 2022 09:31:09 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 22eebb819dc140cc288474d9891526b4
45c18772664e9e3efb6a44d7da93699c81f71827
ce6a96e470dbfb48ff42fdaf5eaa464a87dc60b495e3e2767086ec0b6564fdd7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE6A96E470DBFB48FF42FDAF5EAA464A87DC60B495E3E2767086EC0B6564FDD7"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8861
Expires: Thu, 27 Oct 2022 23:10:48 GMT
Date: Thu, 27 Oct 2022 20:43:07 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: D7VjgxJCFDeOA+AESqHUmHpzbMp0Iz2vNdlqlJOAedr+FOlGUCeM0AcI9e4wXWbOiyydr4hQIBE=
x-amz-request-id: BSB24378S3CMJAA0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 27 Oct 2022 20:09:58 GMT
age: 1989
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
joseaguirremusic.com/uio/qakbot.zip
144.217.96.200301 Moved Permanently 0 B URL HTTP/1.1 joseaguirremusic.com/uio/qakbot.zip
IP 144.217.96.200:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uio/qakbot.zip HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 27 Oct 2022 20:43:08 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
x-powered-by: PHP/7.4.32
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://joseaguirremusic.com/uio/qakbot.zip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d72d2f5d05f03753594e43fd34398221
ac6795c1c33f3fa2139e7f8dc601c3e6de6029a5
036c965156cf07faecc342cb2e30b7a20def68ad4a10423951ce871a7a3a6777
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1928
Cache-Control: max-age=129349
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 20:43:08 GMT
Etag: "635a3c19-1d7"
Expires: Sat, 29 Oct 2022 08:38:57 GMT
Last-Modified: Thu, 27 Oct 2022 08:06:49 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e67d898087928301741d004512a5e6b7
c63e981fbad011d645e13048938dc7947261edea
c4ae9db2473b73b541c527244edfd391d7fae68f3c61330ff133cb87fa9def19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C4AE9DB2473B73B541C527244EDFD391D7FAE68F3C61330FF133CB87FA9DEF19"
Last-Modified: Thu, 27 Oct 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21588
Expires: Fri, 28 Oct 2022 02:42:56 GMT
Date: Thu, 27 Oct 2022 20:43:08 GMT
Connection: keep-alive
push.services.mozilla.com/
52.13.69.101101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.13.69.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MXq02JtM//Q/OAzgx2eEhg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TuU3+PKXGo0OnqHU2y6VE+w7xBE=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2372
Expires: Thu, 27 Oct 2022 21:22:41 GMT
Date: Thu, 27 Oct 2022 20:43:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2372
Expires: Thu, 27 Oct 2022 21:22:41 GMT
Date: Thu, 27 Oct 2022 20:43:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2372
Expires: Thu, 27 Oct 2022 21:22:41 GMT
Date: Thu, 27 Oct 2022 20:43:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 262ee317a7d41424cef3f541f6e538d3
1c298c901f93a95e99bdc63259f415ab84a13783
c263ddf8d0a398b0b7e11f7efa9cb901bf877d939f388eb6089a236bbbdc2be4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C263DDF8D0A398B0B7E11F7EFA9CB901BF877D939F388EB6089A236BBBDC2BE4"
Last-Modified: Wed, 26 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2372
Expires: Thu, 27 Oct 2022 21:22:41 GMT
Date: Thu, 27 Oct 2022 20:43:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2193431d88baf9af6829421cd13743ff
a192ab139ad0dc5cf206986eb06028ddad224e46
c535e09fb4a53ca580f5f5926d1494c50b6ad6c7c9ec78df6b7015213852b737
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5dac341-2b9d-4d07-ab3f-dafe74f88664.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9720
x-amzn-requestid: 6b4749ca-bcb9-4274-a309-e6d463851a6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aV_n6FOSIAMFroA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63524632-56186f1f2a0bf68f6dba843b;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 07:11:46 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: awGcZ7hlJqQCVCFg5Xf_UnpmIlGPQrziJaMIzu5iB4kDTnAcxABX9Q==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 17:28:58 GMT
age: 11651
etag: "a192ab139ad0dc5cf206986eb06028ddad224e46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F577b3c1d-3b6e-4105-8d19-8557bacffa02.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F577b3c1d-3b6e-4105-8d19-8557bacffa02.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ded5eb41644bfe7ea87cff5ab0d79f0
9b13eca2d768277b92c05a8a82743018489783a6
3de7fcc3e9c8a107e4c5d6e59506ec71e68129a8351e47af63930873775ac3f9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F577b3c1d-3b6e-4105-8d19-8557bacffa02.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15768
x-amzn-requestid: ab678277-5d12-4ae2-9af7-f15fab294657
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aRoclEbBoAMFz9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63508783-344a14d17bfcd6b12ffe02b0;Sampled=0
x-amzn-remapped-date: Wed, 19 Oct 2022 23:25:55 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: AgS3Yq-WCRRnFvCxMcwq13lQz8cGvvdwZ51C3H0szmB0iyZLb9mf-A==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:51:09 GMT
age: 82320
etag: "9b13eca2d768277b92c05a8a82743018489783a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91ee720c15dc69de45080d0c951353af
5292b31a99d90bcb7071f327b93d52034bdf9dcb
7fbe9f0f6db08fd539f2e8d4ac22e3b4d5ca14f7cde69f8424cce8b361d026e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fadc5382d-fbb1-4d8e-8ee0-d7dcda16508e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4524
x-amzn-requestid: a493efe7-11c7-4032-b36b-7f838f8180bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aljicH_6IAMFqpQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63587fa9-0f15eae7680ea7b15e5e47ec;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 00:30:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NQJHFIbLMzw0aGwCkVGIEIHOMHprTpvLkLQRKgrGeVj35sk7sW4IUg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 00:35:15 GMT
age: 72474
etag: "5292b31a99d90bcb7071f327b93d52034bdf9dcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5a9dae4-226e-42f6-b38d-d6f3f560ed69.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5a9dae4-226e-42f6-b38d-d6f3f560ed69.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8240214ef7bc82b09de023cde217beb9
0f432e521fc4392f528042c711139dc0becc5598
2d5f1a426441536086c8278651808dc6e3e819ec18b48048520a4dedbc8a08ce
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5a9dae4-226e-42f6-b38d-d6f3f560ed69.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6806
x-amzn-requestid: bdf4f489-b474-4143-881f-521ad5dee74b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aocwUGb9oAMFRGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359a801-2a1e822f6b1dd3304c8f0527;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:34:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: oxLrpXYZuUBO5qEKrFYAkh3lx2ZE7Jph8tcq0b4dWIHxUODXP3FDDQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:52:49 GMT
etag: "0f432e521fc4392f528042c711139dc0becc5598"
content-type: image/jpeg
age: 82220
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fe841-b0a7-4f17-8713-d982fcedd316.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fe841-b0a7-4f17-8713-d982fcedd316.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27838ba1a0dc8484cc39e787b1e35c24
317f858e36816c2605e0ca91fd7ba60896bc082d
f5b148a13cdcdf31e83ba5db3da139f581778d8b843b8f59ab0c9f08990d0374
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F898fe841-b0a7-4f17-8713-d982fcedd316.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6306
x-amzn-requestid: c5a693a2-df65-4c7a-a755-133e0dbf14e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apW_tHDGoAMFp2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a0531-72afd432100cd0117ec18934;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 04:12:33 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9A1adf9pl0pRkrNB7jSKlF5tX-suPU-VxAP1upGgJEOnLC_aQcEb6g==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Thu, 27 Oct 2022 04:38:55 GMT
age: 57854
etag: "317f858e36816c2605e0ca91fd7ba60896bc082d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c92c49279a7704d715e50836676d1abb
3092b4dbd87f7e5a2eff65c463da9c5103ff748a
6941145d63e68abf0f20081517faa4082eed3c59f8b8a69066f70b29d90fd355
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F529195e0-f6ac-4fd1-b685-62456b469ad7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4709
x-amzn-requestid: c2923a57-57c4-4d62-83bc-e4c8b61aa2bd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aocuiGeeIAMF9Dg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359a7f6-7e47cfe804e333cc540f162a;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 21:34:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: M72Vjcyc06ihmWcqr2_Xrk8dGcC5pCoDidg5rhtRkVddavcUFE6G6w==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 26 Oct 2022 21:50:52 GMT
age: 82337
etag: "3092b4dbd87f7e5a2eff65c463da9c5103ff748a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ebf576a8883ec7320a5abfe95c1d2abb
11da08de468be30e4cf71bdfa66b0f6d32516476
6366a880d911a4445e2cd2d935836583f84ac79385961c3d9c747484ba373e1c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 20:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ebf576a8883ec7320a5abfe95c1d2abb
11da08de468be30e4cf71bdfa66b0f6d32516476
6366a880d911a4445e2cd2d935836583f84ac79385961c3d9c747484ba373e1c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 20:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4cdf16c5333628708fae7b304303fc48
23654b66838aa89e8b975a9e6c0251d2f8f18366
6f3935f102b0dcfee703eb07abcf04d9181fdfe13fae4d7566aed743a00beb9c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 20:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
joseaguirremusic.com/wp-content/themes/astra/assets/css/minified/style.min.css?ver=3.6.9
144.217.96.200200 OK 11 kB URL HTTP/2 joseaguirremusic.com/wp-content/themes/astra/assets/css/minified/style.min.css?ver=3.6.9
IP 144.217.96.200:0
File type ASCII text, with very long lines (63086), with CRLF line terminators
Hash f054954c1e8a2d6d33bd145a39d91cb1
adf8848cc7cfdb1a8034c81f50462b4c8c56555d
5af29debed266950322abdaae59c5c821231608dfbfbfa6e9319fd876ae8ae59
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/css/minified/style.min.css?ver=3.6.9 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 11139
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 07 Sep 2021 23:17:45 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-includes/css/dist/block-library/style.min.css?ver=3ff7ff87e3e9077cdb5c13a3a727dd68
144.217.96.200200 OK 11 kB URL HTTP/2 joseaguirremusic.com/wp-includes/css/dist/block-library/style.min.css?ver=3ff7ff87e3e9077cdb5c13a3a727dd68
IP 144.217.96.200:0
File type ASCII text, with very long lines (43771)
Hash d45207ee05c1f0c57dfa075e61405ccd
a8d35143a2d828a739ea0fdde75f97d33621e7ec
a9a4adbbcee31ec277f1bdd573eef97dc4341f29f2db3b5685a02dfe4d2fe9bb
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=3ff7ff87e3e9077cdb5c13a3a727dd68 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 10946
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Fri, 19 Aug 2022 23:51:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/uploads/astra-addon/astra-addon-6137f3378cb995-29946902.css?ver=3.5.9
144.217.96.200200 OK 1.5 kB URL HTTP/2 joseaguirremusic.com/wp-content/uploads/astra-addon/astra-addon-6137f3378cb995-29946902.css?ver=3.5.9
IP 144.217.96.200:0
File type ASCII text, with very long lines (10117), with no line terminators
Hash 8e307621513637f3d1ce190151c47ac6
799d2928835561a67166cdadfe61d265b33d84d1
4a8665c2eb7db91489d9e025b206bd6296e6e81d6164b7e6d7824fd213d9cb5c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/astra-addon/astra-addon-6137f3378cb995-29946902.css?ver=3.5.9 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 1495
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 07 Sep 2021 23:18:15 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-156280049-6
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-156280049-6
IP 142.250.74.168:0
File type ASCII text, with very long lines (1588)
Hash 2ef077abadc0054e476d0051e1c9bb22
51acf3936d78b14fcf7b7f1e67dad2e6bda13e56
012ed406b694ff496dc85a303a96f1075062c7afcaa19539a970f07cf566b0ad
GET /gtag/js?id=UA-156280049-6 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 27 Oct 2022 20:43:10 GMT
expires: Thu, 27 Oct 2022 20:43:10 GMT
cache-control: private, max-age=900
last-modified: Thu, 27 Oct 2022 19:15:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43616
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ebf576a8883ec7320a5abfe95c1d2abb
11da08de468be30e4cf71bdfa66b0f6d32516476
6366a880d911a4445e2cd2d935836583f84ac79385961c3d9c747484ba373e1c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 20:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4cdf16c5333628708fae7b304303fc48
23654b66838aa89e8b975a9e6c0251d2f8f18366
6f3935f102b0dcfee703eb07abcf04d9181fdfe13fae4d7566aed743a00beb9c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 20:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
joseaguirremusic.com/wp-content/plugins/jet-elements/assets/css/jet-elements.css?ver=2.5.9
144.217.96.200200 OK 21 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/jet-elements/assets/css/jet-elements.css?ver=2.5.9
IP 144.217.96.200:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5caa77f63591ce2ef4ad7ddbcb04aa58
dc735359b3caedf0637910c2918a25d2e22b9d0f
b77167b7167af9d5dc7288c489db7df29bab9f150453eed7d492d9ea76ce456f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/jet-elements/assets/css/jet-elements.css?ver=2.5.9 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 21082
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 31 Aug 2021 02:55:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/jet-elements/assets/css/jet-elements-skin.css?ver=2.5.9
144.217.96.200200 OK 2.7 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/jet-elements/assets/css/jet-elements-skin.css?ver=2.5.9
IP 144.217.96.200:0
File type ASCII text, with very long lines (17381)
Hash 8e41c939e2ad1b9c38425a0467a6fa0c
d5161fa976cd90bfd7b62c6d944901ba00ad12c4
0d2cefe7b60fb36fa6c4a5df4d95019d834bfdabfb15ba0c8901ab3e5a5e8629
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/jet-elements/assets/css/jet-elements-skin.css?ver=2.5.9 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 2651
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 31 Aug 2021 02:55:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.12.0
144.217.96.200200 OK 3.4 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.12.0
IP 144.217.96.200:0
File type ASCII text, with very long lines (17633)
Hash 80f0e0e19feab011140c8ba9b08fc4ed
16aff641c49d27e541036cf59f7f58735e7ec992
97c3ccfcb1af7ff7f86d92d893b619054863f322b5687187f1366c6356bfc9d8
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.12.0 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 3386
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.4.4
144.217.96.200200 OK 445 B URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.4.4
IP 144.217.96.200:0
File type ASCII text, with very long lines (3815)
Hash 29eb5e0c72e5b3bfb4bebd2e33f27899
be61d9787178388ba514565a1a656070462d9c99
2a0b41793d0bbdb12e19f7db5e79c2ddad0897a024a5dd33b23fc2827d4ea953
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.4.4 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 445
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.4.4
144.217.96.200200 OK 16 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.4.4
IP 144.217.96.200:0
File type ASCII text, with very long lines (65497)
Hash ecb45c1be858c8711e2b8d54279e37a9
59242c2fa00bbaab6340de6054f5cd10f86fa6e0
f7c35e23e09a863f07a2616c86c194a4c8f053201b7403ff5c41466e2f2096bd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.4.4 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 16492
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/uploads/elementor/css/post-8.css?ver=1631585816
144.217.96.200200 OK 313 B URL HTTP/2 joseaguirremusic.com/wp-content/uploads/elementor/css/post-8.css?ver=1631585816
IP 144.217.96.200:0
File type ASCII text, with very long lines (1021), with no line terminators
Hash 79412e65efcd2461753c70ab7835257a
027efffeb7b2364b9864af0ee2c6fa4db117f1f5
96c2775406e130c8aa9bf8b2b0f1fc50b81948f75da1f0adbc8107fb90bc6e88
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-8.css?ver=1631585816 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 313
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:16:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.4.1
144.217.96.200200 OK 27 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.4.1
IP 144.217.96.200:0
File type ASCII text, with very long lines (65493)
Hash 4982e24d8f9ba42c19924706b0f779c6
e080eb9ab3a29e363d45dbb1e35196a6b44b961a
bea5fd9fc68a9ba8546a2d80776ae4a6546fd4ca5f7679a8c8cfa5085f7be219
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.4.1 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 26597
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 07 Sep 2021 22:43:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/uploads/elementor/css/post-55.css?ver=1666824840
144.217.96.200200 OK 1.2 kB URL HTTP/2 joseaguirremusic.com/wp-content/uploads/elementor/css/post-55.css?ver=1666824840
IP 144.217.96.200:0
File type ASCII text, with very long lines (6505)
Hash 56aa935e45d2ca706b7e7fe9a8fc5e2a
63e41308ead19f2ba3e0822f53d238769c5fcea4
c34313cd25c18cc718e1eb3f13fecd773680587e45835814d41e7d74ea704276
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-55.css?ver=1666824840 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 1249
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Wed, 26 Oct 2022 22:54:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
144.217.96.200200 OK 286 B URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
IP 144.217.96.200:0
File type ASCII text, with very long lines (483)
Hash 8828fa3c5bdcfa66615714a2b8c9d807
4f556d0b005ac7754af607418df445f8cf98e8b1
16950dcce60bc3ee2613b60439c99e7ed74d10245f59fe6f68346b7e72dd95e7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 286
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/themes/joweb-child/style.css?ver=2.0
144.217.96.200200 OK 307 B URL HTTP/2 joseaguirremusic.com/wp-content/themes/joweb-child/style.css?ver=2.0
IP 144.217.96.200:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 40e5a72f13881ad97ddaa6f0568580fb
75dbe16db1cd9272e06e0a4d24fb3d52ed31003d
55a9bce23f5d5b8b8b9bd751034dc6c095ec6a23dab49eed4e992b6ecfa3013f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/joweb-child/style.css?ver=2.0 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 307
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Thu, 21 May 2020 01:10:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
144.217.96.200200 OK 284 B URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
IP 144.217.96.200:0
File type ASCII text, with very long lines (489)
Hash dc279c928e2924b07a4a7575f8070ee8
0196756cacdb61ef40483af7ea982b699b0933de
80b6d9e3f0304f4199350c6015fd96084646c2a0121332bcb5a46d3956b7df5c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 284
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
144.217.96.200200 OK 30 kB URL HTTP/2 joseaguirremusic.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 144.217.96.200:0
File type ASCII text, with very long lines (65447)
Hash 34f918ada1fe4f01c5a4b90065bbc37a
a731f6ce2d413805e39ae45994012b1bd5ea1e2b
eba158d5ab26a5a54a3dcfcea1072c636f44e92fc2eb30a3f27cd5be3f891dfc
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 30273
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 31 Aug 2021 01:57:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/uploads/custom-css-js/224.css?v=9633
144.217.96.200200 OK 277 B URL HTTP/2 joseaguirremusic.com/wp-content/uploads/custom-css-js/224.css?v=9633
IP 144.217.96.200:0
File type ASCII text, with CRLF, LF line terminators
Hash dd725eb80561038ff2ff474a2d75d31c
8a05a718126f06eba2e9ebd35b7f5d91d213b4f5
575160a6052341932f5c33ea452344dd3d542e0b24cb6768bec9275b6d190b66
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/custom-css-js/224.css?v=9633 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 277
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Fri, 17 Jul 2020 00:50:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
144.217.96.200200 OK 283 B URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
IP 144.217.96.200:0
File type ASCII text, with very long lines (491)
Hash 453a93dc816be89f942ebb253ff199fb
01563d6019803e3ff2a94c5397e7e771ee6f440d
36beebcd3778e04c8973faa581d07c7e7dc0bac2a77f637379e7d110383ab5d7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 283
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
144.217.96.200200 OK 4.0 kB URL HTTP/2 joseaguirremusic.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 144.217.96.200:0
File type ASCII text, with very long lines (11126)
Hash 7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 3995
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 31 Aug 2021 01:57:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/connect-polylang-elementor/assets/css/plsfe-frontend.min.css?ver=1.0.6
144.217.96.200200 OK 479 B URL HTTP/2 joseaguirremusic.com/wp-content/plugins/connect-polylang-elementor/assets/css/plsfe-frontend.min.css?ver=1.0.6
IP 144.217.96.200:0
File type ASCII text, with very long lines (4453), with no line terminators
Hash 5e0ef05570b95601dd0ac8f02a6ced4e
4b0b3b8fc389c75900e64a38baec7effceba88a3
1dcc2648a1533fab3c6f133b34d30ebd07f4fdbcdcbcfdf68476e0fb605f94af
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/connect-polylang-elementor/assets/css/plsfe-frontend.min.css?ver=1.0.6 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 479
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 31 Aug 2021 02:56:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/polylang/flags/us.png
144.217.96.200200 OK 350 B URL HTTP/2 joseaguirremusic.com/wp-content/plugins/polylang/flags/us.png
IP 144.217.96.200:0
File type PNG image data, 16 x 11, 8-bit colormap, non-interlaced\012- data
Hash d090a14ba53d52439ad53c855e731246
8330526cdcb51bfaf1b5c196c00e4efeb5785eb1
7bdc4fd1b52f88617553782da88299fc8551f6921d5a30c5a29b96cb8b4c3eae
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/polylang/flags/us.png HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: image/png
content-length: 350
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 31 Aug 2021 02:56:00 GMT
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/uploads/astra-addon/astra-addon-6137f33790aa48-89739682.js?ver=3.5.9
144.217.96.200200 OK 1.6 kB URL HTTP/2 joseaguirremusic.com/wp-content/uploads/astra-addon/astra-addon-6137f33790aa48-89739682.js?ver=3.5.9
IP 144.217.96.200:0
File type ASCII text, with very long lines (6163), with no line terminators
Hash 8b50946a68901ef26d61b40c7a103f4e
87c090fa7a3cbe7c32d0fd8f6c828247d85299fe
aed8b98ab4b5440828ef4ac900e826b9e4ee68e2906ff47df547d0df6da2a965
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/astra-addon/astra-addon-6137f33790aa48-89739682.js?ver=3.5.9 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 1580
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 07 Sep 2021 23:18:15 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/uio/qakbot.zip
144.217.96.200404 Not Found 26 kB URL HTTP/2 joseaguirremusic.com/uio/qakbot.zip
IP 144.217.96.200:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (27664), with CRLF, LF line terminators
Hash 50e0e943ab12c32420229c2d9a06512f
277b5c7d5b5a19572807e9374ecc27bfbb3dab78
5bc343d1ba4d954937782575e03f2e9e66be67af9a6f29a320109f96ebc20ff1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /uio/qakbot.zip HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
server: nginx
date: Thu, 27 Oct 2022 20:43:09 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.32
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://joseaguirremusic.com/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/flying-pages/flying-pages.min.js?ver=2.4.6
144.217.96.200200 OK 869 B URL HTTP/2 joseaguirremusic.com/wp-content/plugins/flying-pages/flying-pages.min.js?ver=2.4.6
IP 144.217.96.200:0
File type ASCII text, with very long lines (2476)
Hash b755879e9e32e4e54cd4f66afcd8fcc9
53e3a34e4a237e6914730d65e8207638597249d5
a192e21fa6986951f8fdd1ff30abcf3311ba3d8f80512e5332a446222b92d380
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/flying-pages/flying-pages.min.js?ver=2.4.6 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 869
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Fri, 19 Aug 2022 23:59:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.4.4
144.217.96.200200 OK 2.4 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.4.4
IP 144.217.96.200:0
File type ASCII text, with very long lines (10019)
Hash d2db71c82a8f672aea59a3e050cd8cd7
af626566f94b3164e4310288cfb142431e8349a6
bcd2c9c2ba22a48a8fabf9fbe5e947deb6404367e4be24f48326e302aead1180
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.4.4 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 2442
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1
144.217.96.200200 OK 6.9 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1
IP 144.217.96.200:0
File type ASCII text, with very long lines (25115)
Hash e8d8c6e4997a420abc51e5fa8c1caa8b
39ae930f057de725cff8549eed82f31f8d0816c1
730b8265b47a7f9bf014b64fb5c27f9f1cff1051dbf53e60ceb3cc16def732cc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 6935
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 07 Sep 2021 22:43:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.4.4
144.217.96.200200 OK 2.0 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.4.4
IP 144.217.96.200:0
File type ASCII text, with very long lines (4840)
Hash 18d061de369b43424ef28e8a2a76cb38
d2deccbb4e39263cf0b44cb499f8d018f547e4e0
f47db7751a6e26459276d6182cb1efe00b22d92cf50b60ef59aa25b956f37e02
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.4.4 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 2011
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.4.1
144.217.96.200200 OK 2.0 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.4.1
IP 144.217.96.200:0
File type ASCII text, with very long lines (4659)
Hash 51c5c16dff1e5a0a926bdc5ecfb8fb43
b6c587be05dd6ccb0f68c59a45fe07f3ce863a06
351583d61d0832c782254e8f117d12d39460e3451c4885afbbc488fa283348d0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.4.1 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 2012
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 07 Sep 2021 22:43:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.4.4
144.217.96.200200 OK 4.4 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.4.4
IP 144.217.96.200:0
File type ASCII text, with very long lines (13963)
Hash 57d16fd8f8ebfdee4e4f86c9240ba0d0
669ef732d2b54c44449a3b23e8172db7a84faa96
7ef0c20d5e55cd922188cdec6ceea896ee0684c7fc2241da7079776eebfac8b4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.4.4 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 4371
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.4.1
144.217.96.200200 OK 5.1 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.4.1
IP 144.217.96.200:0
File type ASCII text, with very long lines (19857)
Hash 0d666fe2be352b2aec89ff0365355457
5f36f1815ed1b1d75d5e672f34520f4fcf7234b7
53ae46ab018391173b6845c991d5dfaeefbb1caef9231661e6ba661b2fd66097
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.4.1 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 5118
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 07 Sep 2021 22:43:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
144.217.96.200200 OK 2.9 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
IP 144.217.96.200:0
File type ASCII text, with very long lines (12198), with no line terminators
Hash 869caa171b68cbec9fee5abbfb944ee8
f237e485e41f88b77384cfdb880f9d5a8f46eac8
25c2896e2790fb0e52f6b6ba1ce97bd87eb40463b4bb65ba16ad434c1d7a36dc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 2867
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/uploads/elementor/css/post-7.css?ver=1631585816
144.217.96.200200 OK 884 B URL HTTP/2 joseaguirremusic.com/wp-content/uploads/elementor/css/post-7.css?ver=1631585816
IP 144.217.96.200:0
File type ASCII text, with very long lines (3218)
Hash 20e344efa6fbfb2e7d50589f9d9652a4
8a88104b3f229b3945f624bf3b95f41e1f5f51a7
830ceb24a7859f463dec1b1f2cbe44a3c851f9d3347f62b7b5ef35eef4bc3f1d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-7.css?ver=1631585816 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 884
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:16:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
144.217.96.200200 OK 12 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
IP 144.217.96.200:0
File type ASCII text, with very long lines (57726)
Hash f463afd8661ddc733305df1f0cbdaff2
77262f0209e75e340eb7014aba9cd8d69966032f
c4b6541be58a0ca61549cd4562850315077880c459c019f01e835cf2d7b764de
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: text/css
content-length: 12133
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
144.217.96.200200 OK 6.6 kB URL HTTP/2 joseaguirremusic.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
IP 144.217.96.200:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 139a41f01d192d239e7dce15ca307983
62a3e7c0c77209832dc649bc5583e5e0b4918bf5
d796462a5d212cd93b315b43dafb6e77dbe1c3aa567964dc40c1ab0e2c28f405
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 6637
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Fri, 19 Aug 2022 23:52:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
144.217.96.200200 OK 34 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
IP 144.217.96.200:0
File type ASCII text, with very long lines (65280)
Hash 83a90323ac82b98062b4b2c8ac8c5051
d7d376677e3546b756b4fec6219be72b85c4f8f5
7fd68e9ea0ebd35958da46d7373113d1a3646a671217cf2cf471c65c3d710613
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 34004
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.4.4
144.217.96.200200 OK 1.0 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.4.4
IP 144.217.96.200:0
File type ASCII text, with very long lines (2577)
Hash f5c8273175207966436fe071db580974
643680fc9a1703cb3bc469bfbb3dbcbf6425e38a
8b0897055f6baa5de94adb95e824af4afd1dced496711c905c8b7c09738aa4de
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.4.4 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 1023
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1
144.217.96.200200 OK 3.3 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1
IP 144.217.96.200:0
File type ASCII text, with very long lines (10725)
Hash 8c5a95ea30259ea6dc50f9f1357dc31a
be1fd6dc96f6ba018bbfa49a058390700ead5bf0
914c938c132cd311967ed71676397704bf8d95abf2c51c79937f43be35030a70
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.8.1 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 3331
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/jet-elements/assets/js/jet-elements.min.js?ver=2.5.9
144.217.96.200200 OK 20 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/jet-elements/assets/js/jet-elements.min.js?ver=2.5.9
IP 144.217.96.200:0
File type ASCII text, with very long lines (65092), with no line terminators
Hash 87eafa070f982ae166fa38a9b64627c1
e350e8d308e59cbb80518ccb77434b44a112dc80
1544a7133ada6363edccabf137fdd04448bb0858807a81dce4c62908813ad12f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/jet-elements/assets/js/jet-elements.min.js?ver=2.5.9 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 20359
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 31 Aug 2021 02:55:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.4.4
144.217.96.200200 OK 8.7 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.4.4
IP 144.217.96.200:0
File type ASCII text, with very long lines (32055)
Hash 3f18888d57ef439d09668e7e28568255
cb733135a7aee691314f4d6024b34a21e5f9cba8
b3c383898db5bd79c6943719243380ba139dec70436ed3b3fa35adcfb4518dab
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.4.4 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 8711
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.4.1
144.217.96.200200 OK 1.8 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.4.1
IP 144.217.96.200:0
File type ASCII text, with very long lines (6595), with no line terminators
Hash bc7ad49bba8c6fece75cf20e318bde6d
329866570ac3995fb33f1f6b55e6ea3d3c85d25b
479c4099528678e6689805bc618a02c300d62a0f5b41800672c57fb1a458a50e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.4.1 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 1767
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 07 Sep 2021 22:43:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-includes/js/wp-emoji-release.min.js?ver=3ff7ff87e3e9077cdb5c13a3a727dd68
144.217.96.200200 OK 4.6 kB URL HTTP/2 joseaguirremusic.com/wp-includes/js/wp-emoji-release.min.js?ver=3ff7ff87e3e9077cdb5c13a3a727dd68
IP 144.217.96.200:0
File type ASCII text, with very long lines (15660)
Hash 0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=3ff7ff87e3e9077cdb5c13a3a727dd68 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 4619
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Fri, 19 Aug 2022 23:52:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.4.1
144.217.96.200200 OK 26 kB URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.4.1
IP 144.217.96.200:0
File type ASCII text, with very long lines (65493)
Hash 2919202fff6749e71cff193ebf9b0bcf
34b744fc152dfa583a8a204bdbad5cd354c18fe5
8e8d8c295b36d7620ec2d57d2a9e224efd856c1474096e2eaa5b78860ee1a436
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.4.1 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 26178
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 07 Sep 2021 22:43:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e63a6e99afc26edeaa6e0ec14ea98868
6909f81a74cb2479794f87397c2c9f7bbe759721
af5090a668f3b5293473c111761ca086d6e77a40cd9b5022d669327736034a4c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 20:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e63a6e99afc26edeaa6e0ec14ea98868
6909f81a74cb2479794f87397c2c9f7bbe759721
af5090a668f3b5293473c111761ca086d6e77a40cd9b5022d669327736034a4c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 20:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://joseaguirremusic.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Oct 2022 16:40:18 GMT
expires: Fri, 27 Oct 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 14572
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e63a6e99afc26edeaa6e0ec14ea98868
6909f81a74cb2479794f87397c2c9f7bbe759721
af5090a668f3b5293473c111761ca086d6e77a40cd9b5022d669327736034a4c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 27 Oct 2022 20:43:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 27 Oct 2022 20:41:09 GMT
expires: Thu, 27 Oct 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 122
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j98&aip=1&a=1861667134&t=pageview&_s=1&dl=https%3A%2F%2Fjoseaguirremusic.com%2Fuio%2Fqakbot.zip&ul=en-us&de=UTF-8&dt=P%C3%A1gina%20no%20encontrada%20-%20Jos%C3%A9%20Aguirre&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YGBACUABBAAAACAAI~&jid=1151618627&gjid=918212407&cid=1030253886.1666903390&tid=UA-156280049-6&_gid=306176822.1666903390&_r=1>m=2ouaq0&did=dZTNiMT&gdid=dZTNiMT&z=252054089
142.250.74.174200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&aip=1&a=1861667134&t=pageview&_s=1&dl=https%3A%2F%2Fjoseaguirremusic.com%2Fuio%2Fqakbot.zip&ul=en-us&de=UTF-8&dt=P%C3%A1gina%20no%20encontrada%20-%20Jos%C3%A9%20Aguirre&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YGBACUABBAAAACAAI~&jid=1151618627&gjid=918212407&cid=1030253886.1666903390&tid=UA-156280049-6&_gid=306176822.1666903390&_r=1>m=2ouaq0&did=dZTNiMT&gdid=dZTNiMT&z=252054089
IP 142.250.74.174:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&aip=1&a=1861667134&t=pageview&_s=1&dl=https%3A%2F%2Fjoseaguirremusic.com%2Fuio%2Fqakbot.zip&ul=en-us&de=UTF-8&dt=P%C3%A1gina%20no%20encontrada%20-%20Jos%C3%A9%20Aguirre&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YGBACUABBAAAACAAI~&jid=1151618627&gjid=918212407&cid=1030253886.1666903390&tid=UA-156280049-6&_gid=306176822.1666903390&_r=1>m=2ouaq0&did=dZTNiMT&gdid=dZTNiMT&z=252054089 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://joseaguirremusic.com
Connection: keep-alive
Referer: https://joseaguirremusic.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://joseaguirremusic.com
date: Thu, 27 Oct 2022 20:43:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=3ff7ff87e3e9077cdb5c13a3a727dd68
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=3ff7ff87e3e9077cdb5c13a3a727dd68
IP 142.250.74.10:0
GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=3ff7ff87e3e9077cdb5c13a3a727dd68 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 27 Oct 2022 20:43:10 GMT
date: Thu, 27 Oct 2022 20:43:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
joseaguirremusic.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.4.4
144.217.96.200200 OK 0 B URL HTTP/2 joseaguirremusic.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.4.4
IP 144.217.96.200:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.4.4 HTTP/1.1
Host: joseaguirremusic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/uio/qakbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 27 Oct 2022 20:43:10 GMT
content-type: application/javascript
content-length: 10286
cache-control: public, max-age=604800
expires: Thu, 03 Nov 2022 20:43:10 GMT
last-modified: Tue, 14 Sep 2021 02:13:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat%3A400%2C%2C700&display=fallback&ver=3.6.9
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat%3A400%2C%2C700&display=fallback&ver=3.6.9
IP 142.250.74.10:0
GET /css?family=Montserrat%3A400%2C%2C700&display=fallback&ver=3.6.9 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://joseaguirremusic.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 27 Oct 2022 20:43:10 GMT
date: Thu, 27 Oct 2022 20:43:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2