firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 04:47:04 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8ZnGlRf-iQtHS0ZBCAgpvqNh2j_c_uFtbptnKMyFXnTMb1mNw5P8Cw==
Age: 672
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a31cba8d086d3581b75ddd30772598f7
44c06f83ee20f47d63da15f8903730a96524d2a0
6db7cb58db4002665cbf8ff9070df95efd26a7fcf2733c62b47266f80bd7cc85
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6DB7CB58DB4002665CBF8FF9070DF95EFD26A7FCF2733C62B47266F80BD7CC85"
Last-Modified: Tue, 04 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21560
Expires: Tue, 04 Oct 2022 10:57:36 GMT
Date: Tue, 04 Oct 2022 04:58:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13840
Expires: Tue, 04 Oct 2022 08:48:56 GMT
Date: Tue, 04 Oct 2022 04:58:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 03 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: YmTJk_RejQdDZYBHnmKgNk9WhRJdehQGP6mFKaMtSz8pR3psQ1NS8w==
age: 84589
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 04:58:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
4coresvisual.com.br/ii/matluul
216.172.172.64301 Moved Permanently 0 B URL HTTP/2 4coresvisual.com.br/ii/matluul
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /ii/matluul HTTP/1.1
Host: 4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://www.4coresvisual.com.br/ii/matluul
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 04 Oct 2022 04:58:16 GMT
server: Apache
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 04 Oct 2022 04:29:33 GMT
Expires: Tue, 04 Oct 2022 05:11:15 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HStsHEoZtBJkJVMlBuFxDNt--wVUVb4uMoaqFckBGJ3Oq_yPSMYt8w==
Age: 1724
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 321fa9a78e31dcb66601ac5890bfba73
c325580db79bde6fd00d2d0c7e3f675e4c0046bb
83029b324b4c36522ae47eef9614c124b0ad2994de412d7ea82f990ad8ae9d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4130
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 04:58:17 GMT
Last-Modified: Tue, 04 Oct 2022 03:49:27 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.215.56.181101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.215.56.181:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lh9jrEixooQzYdJR3CttPw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mI2NhGSE2Axg6jaI6xT0yDcfDAQ=
www.4coresvisual.com.br/ii/matluul
216.172.172.64404 Not Found 15 kB URL HTTP/2 www.4coresvisual.com.br/ii/matluul
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18070), with CRLF, LF line terminators
Hash 510f60e31317bfb0d8a3d5f9b731e74e
de02ca79a79b297f0c9a39e2d21f1e2e06543297
85a1c8f25bfeb17e39447107d76dab2b8eb916273bd6cae6bfe8b3281edf28f3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /ii/matluul HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.4coresvisual.com.br/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 15363
content-type: text/html; charset=UTF-8
date: Tue, 04 Oct 2022 04:58:17 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 04:58:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-187231437-1
142.250.74.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-187231437-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash dcf041702c6db9d118e5859454cc6947
93bdd2b3c1b77f03e8af85022e7608af0d7f6074
0f5a3dc2168c6200f57f99e99caaed113290158cf2f9d0c7a16edac7d1970d3f
GET /gtag/js?id=UA-187231437-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Oct 2022 04:58:17 GMT
expires: Tue, 04 Oct 2022 04:58:17 GMT
cache-control: private, max-age=900
last-modified: Tue, 04 Oct 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42378
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7.min.css?ver=2.6.2
216.172.172.64409 Conflict 83 B URL HTTP/2 www.4coresvisual.com.br/wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7.min.css?ver=2.6.2
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7.min.css?ver=2.6.2 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 04 Oct 2022 04:58:17 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/themes/astra/assets/css/minified/menu-animation.min.css?ver=2.6.2
216.172.172.64200 OK 468 B URL HTTP/2 www.4coresvisual.com.br/wp-content/themes/astra/assets/css/minified/menu-animation.min.css?ver=2.6.2
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3412), with no line terminators
Hash f88a6a529851c8ed1ffe2bd83219e490
597ff167b702900ee4473e31e390808b8de95664
ae20c6ea52a0534fdda58a7ae13839ac66194434406e00a3bb5f4538f9909886
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/css/minified/menu-animation.min.css?ver=2.6.2 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 26 Dec 2020 11:47:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 468
content-type: text/css
date: Tue, 04 Oct 2022 04:58:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.4
216.172.172.64409 Conflict 83 B URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.4
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.4 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 04 Oct 2022 04:58:17 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 04:58:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.4coresvisual.com.br/wp-includes/css/dist/block-library/style.min.css?ver=5.8.5
216.172.172.64200 OK 15 kB URL HTTP/2 www.4coresvisual.com.br/wp-includes/css/dist/block-library/style.min.css?ver=5.8.5
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (33376)
Hash 6ebc7a4d773cb1f29a93f605933fba76
b113ca39afc5fd44cbc06dca58945bb5e9fb771e
7a12133f8cb48c1b5b4631ee9e9a0eebe36bbf2bbe1eb792b0f9fc630c18bd76
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.8.5 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 31 Oct 2021 19:37:41 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 14560
content-type: text/css
date: Tue, 04 Oct 2022 04:58:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/creame-whatsapp-me/public/css/joinchat-btn.min.css?ver=4.5.10
216.172.172.64200 OK 2.5 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/creame-whatsapp-me/public/css/joinchat-btn.min.css?ver=4.5.10
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (6021), with no line terminators
Hash 551e7026086fdcb28d300175aa8c7693
24eceb9f59705dfeb90fe92cb59c1dd370de56ff
1562188078829f3f5d710b46ec8ad9cd17b895d1f7b598c5906fa4d26fc15e3c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/creame-whatsapp-me/public/css/joinchat-btn.min.css?ver=4.5.10 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 16:38:34 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2462
content-type: text/css
date: Tue, 04 Oct 2022 04:58:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=2.7.0
216.172.172.64200 OK 4.4 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=2.7.0
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (30283), with no line terminators
Hash c2c381b76f533a3992b1060b1e8275ed
8441603d412df07e265d70d72569bd3ed90c51ee
6b1c02e5f7f5a04d0320c0a69a67651c6c322b81dfcf1ad9ca29e0f7374cf613
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=2.7.0 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 16:38:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4436
content-type: text/css
date: Tue, 04 Oct 2022 04:58:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ekiticons.css?ver=2.7.0
216.172.172.64200 OK 12 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ekiticons.css?ver=2.7.0
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9c3f1faefbd8031a9cfd4b9c7b718779
6d9ef394433f1ed1cfaf9081a2396ae2d9413dc2
b01d2495d5c65226bd18c6abbaad74ae34a021682225c1c9f9fab5b1f85c753a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ekiticons.css?ver=2.7.0 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 16:38:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 12538
content-type: text/css
date: Tue, 04 Oct 2022 04:58:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.4
216.172.172.64409 Conflict 83 B URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.4
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.4 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/NavMenu-Plugin/assets/css/frontend.min.css?ver=1.1.6
216.172.172.64200 OK 4.9 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/NavMenu-Plugin/assets/css/frontend.min.css?ver=1.1.6
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash bed92fedbd698c11023abc4ac693ca88
df95e3ed37d01841b28aea907b15f2c4ccec02b6
426fb18ea25b2b66e6dac7e9140b9268d04191d8d4f3355419e11aacb34b9e1c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/NavMenu-Plugin/assets/css/frontend.min.css?ver=1.1.6 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 25 Oct 2020 01:59:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4904
content-type: text/css
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.0
216.172.172.64200 OK 3.9 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.0
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1577)
Hash 0de3f234bf5adf709c64d6a81701e107
ec76e30709d2ac94c86121529768c54b84943872
c67075988b28f06061348cebb275f465c608e141f9a00b50c5e4824f57ed10f3
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.0 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 16:38:32 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3861
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=2.7.0
216.172.172.64200 OK 40 B URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=2.7.0
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with no line terminators
Hash 94d041d462db321cdb888066586f2068
717d2f9da7fb9f9e2bf2058a8177a0344f8a8647
b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=2.7.0 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 16:38:20 GMT
accept-ranges: bytes
content-length: 40
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/sticky-header-effects-for-elementor/assets/js/she-header.js?ver=1.5.3
216.172.172.64200 OK 1.9 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/sticky-header-effects-for-elementor/assets/js/she-header.js?ver=1.5.3
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 6e5f89bd8a4df07524ba6c6239a56e0c
b861d11b9897ea05a206eb3481b82dd3f885de20
95438bfd71801aadd66418a017d427b8357559c622758d8d39b3bf1d5ebaa09a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/sticky-header-effects-for-elementor/assets/js/she-header.js?ver=1.5.3 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 20 Jul 2022 13:38:59 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1910
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
216.172.172.64200 OK 6.9 kB URL HTTP/2 www.4coresvisual.com.br/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (16323)
Hash 122fe79a1d53d10946cded540d2e219f
6271fdf889afe8a13d7c69efea9b40cbd0d81939
94cb1b0ca86f7f0bb7bcc81b42a06b6199bd37ff77ca88dccf3acc92683f3e24
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 31 Oct 2021 19:37:40 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 6935
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/creame-whatsapp-me/public/js/joinchat.min.js?ver=4.5.10
216.172.172.64200 OK 3.2 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/creame-whatsapp-me/public/js/joinchat.min.js?ver=4.5.10
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (8029), with no line terminators
Hash 3869ce537714e83b37c997801651d389
76a99ced82576cbc7c9c671a2d982aafc7c2b3ec
5904864fb36b5d949dd95c46dc7248b9c6205a7859af0cad5b3a99378b7fb98b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/creame-whatsapp-me/public/js/joinchat.min.js?ver=4.5.10 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 16:38:34 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3164
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/themes/astra/assets/js/minified/style.min.js?ver=2.6.2
216.172.172.64200 OK 3.6 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/themes/astra/assets/js/minified/style.min.js?ver=2.6.2
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (10594), with no line terminators
Hash 5c244ddd3d5b81f943cc06bb3d39eae0
937bc56733f05985e8b6bad6e6ccd11e106c59eb
7f4883c7ab2bb307c921ae27ce4821017e907b8361b421883f61495c40cf9965
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/js/minified/style.min.js?ver=2.6.2 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 26 Dec 2020 11:47:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3642
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
216.172.172.64200 OK 4.6 kB URL HTTP/2 www.4coresvisual.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11126)
Hash acdb97105af28a7066790c6748ae2e1e
65794d2c5a9d04f747faf370bc8bacd330e69e5a
dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 26 Dec 2020 11:46:31 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4618
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7
216.172.172.64200 OK 2.6 kB URL HTTP/2 www.4coresvisual.com.br/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (6406), with no line terminators
Hash 340db4973d1ee14c5348599f661a3220
d4cf31e2af7774c276d7a883733a8392e232df49
85d0de0d6dbe1f487407829c52413d7e81c7c9ed28bc3ae9079c19303e91f678
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 31 Oct 2021 19:37:40 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2635
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.3.1
216.172.172.64200 OK 2.9 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.3.1
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (8016), with no line terminators
Hash 3fb911c81f788558bc6d1107199f3531
6dc32db62563450febea4e0f43b7da34defbb99a
7ac7ac2450edf5bb80788a92c271b0a0e806aacbfd4cced63e941a3035cf43c1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.3.1 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 16:38:23 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2938
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.3.1
216.172.172.64200 OK 900 B URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.3.1
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3432)
Hash 1e0ef5b4ebd931aecd01564980628978
e618b92e03a6c4bd4abffed22abb1e835c05a601
1deef467f6db854d82e8c6288086664c7cf60a41b18bb7216d63bb83061ba878
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.3.1 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 16:38:23 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 900
content-type: text/css
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-includes/js/wp-emoji-release.min.js?ver=5.8.5
216.172.172.64200 OK 5.2 kB URL HTTP/2 www.4coresvisual.com.br/wp-includes/js/wp-emoji-release.min.js?ver=5.8.5
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (15224)
Hash 00af0ddf324f69fcb25f0d2e5d08910a
df0379ab0e1b2902957c8aba77f89d88e1239b59
f0a06ed3b8d3917b358def04d87668001cd1c6da31a5cb4bb452313feb64a2a7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.8.5 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 31 Oct 2021 19:37:40 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5243
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/clever-mega-menu-for-elementor/assets/frontend/js/cmm4e.min.js?ver=1.1.2
216.172.172.64200 OK 1.3 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/clever-mega-menu-for-elementor/assets/frontend/js/cmm4e.min.js?ver=1.1.2
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3375)
Hash dd586324689c1fad3eaf1e505a114fc6
4c1a680af19854574c983886689bb60730c6ba34
f2b8b0552a361c74f5112e03c6d6ff5fa65fda325ed47479a32115b3e9f631e1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/clever-mega-menu-for-elementor/assets/frontend/js/cmm4e.min.js?ver=1.1.2 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 22 Dec 2020 20:03:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1291
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-includes/js/wp-embed.min.js?ver=5.8.5
216.172.172.64200 OK 777 B URL HTTP/2 www.4coresvisual.com.br/wp-includes/js/wp-embed.min.js?ver=5.8.5
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1391)
Hash 06ece4d01ee88297957c9f4cdcaa4df5
2b3321654a8ead1e1493eac9b5f1fdfb65e2037f
0b17eb6ab02e69f50ac52ca157375bd69853ae4f4796eb48a35eb4a12fc7af8b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-embed.min.js?ver=5.8.5 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 04 Feb 2021 04:42:25 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 777
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.4
216.172.172.64409 Conflict 83 B URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.4
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.4 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/themes/astra/assets/fonts/astra.woff
216.172.172.64200 OK 3.3 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/themes/astra/assets/fonts/astra.woff
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 3304, version 1.0\012- data
Hash bfe0ed8503c926d68f58ed0408dfe0d0
0346d02d96ff7d2a0278bc10f4dfdf365c80eac3
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/fonts/astra.woff HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 26 Dec 2020 11:47:19 GMT
accept-ranges: bytes
content-length: 3304
content-type: font/woff
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 04 Oct 2022 04:41:09 GMT
expires: Tue, 04 Oct 2022 06:41:09 GMT
cache-control: public, max-age=7200
age: 1029
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/plugins/ua/linkid.js
142.250.74.174200 OK 859 B URL HTTP/2 www.google-analytics.com/plugins/ua/linkid.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1335)
Hash 904463ce35aee800847ab85ec948aaf6
904e4d2647466c7f7e0f7412019984e3b2ccfb24
057b4d29359dfe2536a2ec40243bdfa7b151222efcc1eb358608994a14c34237
GET /plugins/ua/linkid.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 859
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Oct 2022 04:19:06 GMT
expires: Tue, 04 Oct 2022 05:19:06 GMT
cache-control: public, max-age=3600
age: 2352
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/uploads/2021/10/cropped-LOgo-4-Cores-32x32.jpg
216.172.172.64200 OK 11 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/uploads/2021/10/cropped-LOgo-4-Cores-32x32.jpg
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 32x32, components 3\012- data
Hash 261a3e03e7b3998e11ff49a686df7b65
9ca4e76716a6cb5dbf96e9ef402465cac7f608f3
0a00a07011716d33f952fabca4e2607e13ea22e26dbf904896416705405cfb33
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2021/10/cropped-LOgo-4-Cores-32x32.jpg HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.1.1664859498.0.0.0; _ga=GA1.1.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 16 Oct 2021 12:09:50 GMT
accept-ranges: bytes
content-length: 11066
content-type: image/jpeg
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=2.7.0
216.172.172.64200 OK 70 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=2.7.0
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash eed7242d990c2749aa250098e7592fb0
18f725c966843e0df88d4080c992527855bbc7ac
a0f5ed60f247a91b3f8f99c51bc06f2618d734cbc685dfb8161ae5cc61114f78
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=2.7.0 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 16:38:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12916
Expires: Tue, 04 Oct 2022 08:33:34 GMT
Date: Tue, 04 Oct 2022 04:58:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12916
Expires: Tue, 04 Oct 2022 08:33:34 GMT
Date: Tue, 04 Oct 2022 04:58:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12916
Expires: Tue, 04 Oct 2022 08:33:34 GMT
Date: Tue, 04 Oct 2022 04:58:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12916
Expires: Tue, 04 Oct 2022 08:33:34 GMT
Date: Tue, 04 Oct 2022 04:58:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6c6882c60d7ca6f918c77104e3ad1d52
20ef861be49c652a938e0145e4ca3a60159367e2
861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ovm2wuk28PygH4EZNEUoPchoHQggWCyXbYHOjMV1tZmfyDrL6PjPZA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:29:19 GMT
age: 23339
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c459c91-b5cc-492c-9573-3101e5df6b51.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c459c91-b5cc-492c-9573-3101e5df6b51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 34f2dfb2faff276db1d4a57739db2450
f5ce815082043a4efce28fc790ae7d8b3a8531f8
e02ea92f0be524ccfe26eee61a77e39a13d852d1ba3696f729e0f61812028667
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c459c91-b5cc-492c-9573-3101e5df6b51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5083
x-amzn-requestid: ed99df03-5d15-4e09-9aea-bbf77a705323
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpI0HT0IAMFxvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b556b-422197147d76caac6e910664;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:35 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pddStyEpwVdYKSAUVcpupnWVPw6ALoYCouHQzixF_vTgXdpVF60ElA==
via: 1.1 946b9edb2009c5508a0fbbd636f95014.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
age: 24440
etag: "f5ce815082043a4efce28fc790ae7d8b3a8531f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0001afba-471a-49f7-bb38-3d4741a9581b.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0001afba-471a-49f7-bb38-3d4741a9581b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90fead0b9104991552ce689230661d48
dc7bc4a378c0ddcd81e51046d21ed02b8be11a92
94a1a4199f7cb7bc0b48b00aec745e89f2c65dadd905b27879d39347deb44496
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0001afba-471a-49f7-bb38-3d4741a9581b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9708
x-amzn-requestid: 7cfcaf0d-1663-47d7-b08e-be3d0c39e035
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqFjHB5IAMFjYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b56f0-04c5da1940a620507649b822;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V5EjIZq5-ifuD25S3kj8Bl3SbZH10tm6DII-oRZVci4ic7Za7btGFw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:45:44 GMT
age: 22355
etag: "dc7bc4a378c0ddcd81e51046d21ed02b8be11a92"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.5.0
216.172.172.64200 OK 25 kB URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.5.0
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 887d3cbde300f39c055498a7b0f37ae4
f88b3a0eac71a971e9987b576820ce2d2b6101d2
0c19a14ed128fd66e0651b698f09f156701ea27d562cfdd63854541c4b80f348
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.5.0 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 20 Jul 2022 15:19:02 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 04 Oct 2022 04:58:17 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6779181f9c06975f2a662da743893939
585e7146fd24cdc2496b05baafea04091dc541e2
8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MiSh_FjAciKCaOakY2mM_EHBN1Z6GIDYIP8mwS4ikkrToQN3Ktsv2g==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:56:46 GMT
age: 25293
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 04:42:53 GMT
age: 926
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/themes/astra/assets/css/minified/style.min.css?ver=2.6.2
216.172.172.64200 OK 0 B URL HTTP/2 www.4coresvisual.com.br/wp-content/themes/astra/assets/css/minified/style.min.css?ver=2.6.2
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/css/minified/style.min.css?ver=2.6.2 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 26 Dec 2020 11:47:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 04 Oct 2022 04:58:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=2.7.0
216.172.172.64200 OK 0 B URL HTTP/2 www.4coresvisual.com.br/wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=2.7.0
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=2.7.0 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 16:38:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 04 Oct 2022 04:58:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.4coresvisual.com.br/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
216.172.172.64200 OK 0 B URL HTTP/2 www.4coresvisual.com.br/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 216.172.172.64:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.4coresvisual.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.4coresvisual.com.br/ii/matluul
Cookie: _ga_B7B3NBP4HB=GS1.1.1664859473.1.0.1664859479.0.0.0; _ga=GA1.3.1429025374.1664859474; _gid=GA1.3.956781281.1664859474; _gat_gtag_UA_187231437_1=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 31 Oct 2021 19:37:40 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 04 Oct 2022 04:58:18 GMT
server: Apache
X-Firefox-Spdy: h2