r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9e164a845d32db8fa51fdb5b1aa218d9
169099b4d2f8e119ab6cf6fca279b6fb535b1759
402ffbf1404cf05c0516c5a8cd5344bd53537ac5150d387730a90c81c17dc9e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "402FFBF1404CF05C0516C5A8CD5344BD53537AC5150D387730A90C81C17DC9E4"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4601
Expires: Mon, 07 Nov 2022 07:58:54 GMT
Date: Mon, 07 Nov 2022 06:42:13 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 05978511215be8462d0b69e33b3a91a3
61535ba131d547f1c5108d9e7763ee3fc8d8c824
cfdbf0f9e88e3c1ae8eb03e46c352633a75d4b2edbfbd57c1c6b52ff1623a109
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4468
Cache-Control: max-age=104598
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 06:42:13 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 11:45:31 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 05978511215be8462d0b69e33b3a91a3
61535ba131d547f1c5108d9e7763ee3fc8d8c824
cfdbf0f9e88e3c1ae8eb03e46c352633a75d4b2edbfbd57c1c6b52ff1623a109
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4468
Cache-Control: max-age=104598
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 06:42:13 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 11:45:31 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d8c32b2fb818533a5b3fe5c69157bde9
93594fd3fc50d9d444c28660eabba1edbe4f0588
df8b8ce7a83d11fbe075c8780103c509654f288b5d757d64b696d861a11f3c7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF8B8CE7A83D11FBE075C8780103C509654F288B5D757D64B696D861A11F3C7F"
Last-Modified: Sun, 06 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10831
Expires: Mon, 07 Nov 2022 09:42:44 GMT
Date: Mon, 07 Nov 2022 06:42:13 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: diQ6kwTrS6tCRbgzwgdAMa5exGqKOvvd1NegKsv30vpKGyeJvkLbyutCLDBDtPKhKiron/h9eD0=
x-amz-request-id: 87ZSMBGE0Z8PMJ8W
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 07 Nov 2022 06:10:46 GMT
age: 1887
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 06:42:13 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d862f992e9902530594e7aca425f129b
25b414fe833d30b52928535d659a1ee281b82e3a
0c6286152fe8bb5fdf1505f2001d530a65ee53aa6d9601bbb1eecb683036071d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4156
Cache-Control: max-age=99233
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 06:42:14 GMT
Etag: "6367792b-1d7"
Expires: Tue, 08 Nov 2022 10:16:07 GMT
Last-Modified: Sun, 06 Nov 2022 09:06:51 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.240.207.158101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.207.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 11Q/YeqrvmN7Fm9dI2Y4zg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: T73OHFCmBWF+K/+QSNWn/buu7L4=
aiuabafm.com.br/ri/liftsaiec
147.135.10.43301 Moved Permanently 0 B URL HTTP/1.1 aiuabafm.com.br/ri/liftsaiec
IP 147.135.10.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /ri/liftsaiec HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: Pyxsoft Pxshield
Date: Mon, 07 Nov 2022 06:42:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-LiteSpeed-Tag: 65a_HTTP.200,65a_HTTP.301
X-Redirect-By: WordPress
Location: https://aiuabafm.com.br/ri/liftsaiec
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
X-Origin-Time-Delay: 1.343376238s
X-Server-Mode: proxied
Keep-Alive: timeout=5, max=100
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d851b96107b461755a102d8e0237a06b
56a045646303b6a8f6631dc7e3a066c6f2ea9954
6acd81dafe1f83c86e39d4dc9b7e34071bef001971744e1b5a419480a3896185
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6ACD81DAFE1F83C86E39D4DC9B7E34071BEF001971744E1B5A419480A3896185"
Last-Modified: Sat, 05 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21553
Expires: Mon, 07 Nov 2022 12:41:27 GMT
Date: Mon, 07 Nov 2022 06:42:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e37c89a5a7f608a21ac42b87ee0f7fc
55132fb03671e178b7e186da48ac7e02d6e96e23
6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16894
Expires: Mon, 07 Nov 2022 11:23:49 GMT
Date: Mon, 07 Nov 2022 06:42:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e37c89a5a7f608a21ac42b87ee0f7fc
55132fb03671e178b7e186da48ac7e02d6e96e23
6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16894
Expires: Mon, 07 Nov 2022 11:23:49 GMT
Date: Mon, 07 Nov 2022 06:42:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e37c89a5a7f608a21ac42b87ee0f7fc
55132fb03671e178b7e186da48ac7e02d6e96e23
6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16894
Expires: Mon, 07 Nov 2022 11:23:49 GMT
Date: Mon, 07 Nov 2022 06:42:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e37c89a5a7f608a21ac42b87ee0f7fc
55132fb03671e178b7e186da48ac7e02d6e96e23
6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16894
Expires: Mon, 07 Nov 2022 11:23:49 GMT
Date: Mon, 07 Nov 2022 06:42:15 GMT
Connection: keep-alive
aiuabafm.com.br/ri/liftsaiec
147.135.10.43301 Moved Permanently 0 B URL HTTP/1.1 aiuabafm.com.br/ri/liftsaiec
IP 147.135.10.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /ri/liftsaiec HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Server: Pyxsoft Pxshield
Date: Mon, 07 Nov 2022 06:42:15 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-LiteSpeed-Tag: 65a_HTTP.200,65a_HTTP.301
X-Redirect-By: WordPress
Location: https://aiuabafm.com.br/ri/liftsaiec/
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
X-Origin-Time-Delay: 562.015874ms
X-Server-Mode: proxied
Keep-Alive: timeout=5, max=100
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7a5e060b41bd5313b1cf828c1d5ecbcc
e63e4bee84953491236a8261ef07b5a4743fa891
e8750b0156ed980f11682d92f5c60ce2783518b37f156e74340617a74d826813
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13224
x-amzn-requestid: d6c8a626-313d-4add-9467-eb946a38262a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a9iPHEkgoAMF1Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6362172d-1be7a03a1b288dec56281915;Sampled=0
x-amzn-remapped-date: Wed, 02 Nov 2022 07:07:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: R2vHbrKm_n2kWK3bG4htWAIqi1YNjNjaX8LG5AWWHPlKnaWi6JAGzA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 20:12:14 GMT
age: 37801
etag: "e63e4bee84953491236a8261ef07b5a4743fa891"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff861c8eb-a661-4f40-88e3-1c0820b24ddf.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff861c8eb-a661-4f40-88e3-1c0820b24ddf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bc7e03b47d9322fb66cbc978e4fb5743
7e85c7716999fe4aec0427e6ce389899718dd96c
c3c83d59e8afdc758bfd2e2081c8291d603cc65d64da8550087764cc79b9fea4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff861c8eb-a661-4f40-88e3-1c0820b24ddf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9364
x-amzn-requestid: bbcd247f-c05a-40e5-857d-a51540a90d97
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bH95bFiyIAMFcQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366436f-64716f0d4ddf2fab279fee48;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 11:05:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: s59VeYNKH-BOlq2-I6ZO_kLAMc0iePQWCjGMgsBSWRLv5F2iKOeXdw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 02:23:30 GMT
age: 15525
etag: "7e85c7716999fe4aec0427e6ce389899718dd96c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f574b-1b55-4186-956e-8642177cdb25.jpeg
34.120.237.76200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f574b-1b55-4186-956e-8642177cdb25.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 94959d4cb29e07f42189a4096cb351e3
6b029e3b6dce5dade03b7ab7409b45e9906b7303
d1d3590af3a65ec3bc37da401e5d9d9394feea447bd8ca3173819f8a9f2612f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f574b-1b55-4186-956e-8642177cdb25.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3644
x-amzn-requestid: a899a1f5-71c6-4c64-99fa-227cbf3ff69d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bMtV9HJPIAMF-Kw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636828f2-5e7d31f948cd08d9767deed6;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 21:36:50 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fiqF9sb2I-lRc-9pak_PPKpPFsiwpRblak8dB0WvRqIfFgPcHSOBbQ==
via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 21:50:59 GMT
etag: "6b029e3b6dce5dade03b7ab7409b45e9906b7303"
content-type: image/jpeg
age: 31876
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F100d1c51-b2c7-40d5-bd34-a37c21b8252d.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F100d1c51-b2c7-40d5-bd34-a37c21b8252d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c0a079a6dfb70fb2a2d6b5aff7103f73
55ffd5d6cb8074bdbdb8d06719119021bc81aeab
196ffd4e5245355c1c5d67f49b28200630ccfe1e4ebaa7280154b7adaf39b18f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F100d1c51-b2c7-40d5-bd34-a37c21b8252d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9435
x-amzn-requestid: 7c39c00f-1362-44c1-9628-749045e542b4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEIU9G5gIAMFzZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364ba85-57fbfb872251c37f4137b262;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 07:08:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GaFmcnh2vF0lCj_QPQ7SAIT_UzHHyr8UaHa-R_ifuZsX7quU0mBJ9Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 21:50:59 GMT
age: 31876
etag: "55ffd5d6cb8074bdbdb8d06719119021bc81aeab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3fDf4aoep5tTAusisXhIdAf0A6SbpM5fYtYaiXtNSb0-VRJo5nu8Vg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 09:11:34 GMT
age: 77441
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0cee920-59af-44a8-b927-8cca201ce610.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0cee920-59af-44a8-b927-8cca201ce610.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78d54d3bbd154ae8ac4366cb204ff7a0
f88269b0e066e777dd74b36648b6dbdcf10647b5
f1c14829ae75863531bde481455b5ae20254eb3472604d01b77a6028e4e56bf6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0cee920-59af-44a8-b927-8cca201ce610.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9612
x-amzn-requestid: dd4e6718-3415-413b-bbac-2fdf17dca523
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a9iOjEtoIAMF-LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63621729-35a6494a7e699fdf52b9b68b;Sampled=0
x-amzn-remapped-date: Wed, 02 Nov 2022 07:07:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eDEsT0S4pW3FVaI4FUHfvqZTRLWM0EwKww7Gfpr2lyk6axQG7MMmwA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 13:56:36 GMT
age: 60339
etag: "f88269b0e066e777dd74b36648b6dbdcf10647b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
aiuabafm.com.br/ri/liftsaiec/
147.135.10.43200 OK 11 kB URL HTTP/1.1 aiuabafm.com.br/ri/liftsaiec/
IP 147.135.10.43:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381)
Hash 748c9543e424c0324d263ce0e1760e39
335c0c32473611869832d7ca4ecc0ab5039f98ef
a18495e6689ad5280fd7ab0935ec5b03a0e7a634e7c82cd72d805386a1738966
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /ri/liftsaiec/ HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Date: Mon, 07 Nov 2022 06:42:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-LiteSpeed-Tag: 65a_HTTP.200
Link: <https://aiuabafm.com.br/index.php?rest_route=/>; rel="https://api.w.org/", <https://aiuabafm.com.br/index.php?rest_route=/wp/v2/pages/13>; rel="alternate"; type="application/json", <https://aiuabafm.com.br/>; rel=shortlink
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: EXPIRED
X-Server-Powered-By: Engintron
Content-Encoding: gzip
X-Origin-Time-Delay: 530.928301ms
X-Server-Mode: proxied
Keep-Alive: timeout=5, max=100
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash b8988c44d656e4521aa7d84091f926d3
debd55429e2a0f0bcd257201f2efe00d2e7ed35f
e04704fa687f5daa90436f47c59fabadc7779f604a68cef3baf6b97a0bc5e92b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 06:42:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
aiuabafm.com.br/wp-includes/css/dist/block-library/style.min.css?ver=6.1
147.135.10.43200 OK 95 kB URL HTTP/1.1 aiuabafm.com.br/wp-includes/css/dist/block-library/style.min.css?ver=6.1
IP 147.135.10.43:0
File type ASCII text, with very long lines (47826)
Hash 4cdcd4a2c77fccb74825eaf2d6733091
00d4ad404f681af9044bb4cc6ed5e2e9f641cc4a
187af6783dd59cd3b9dd90e77b3daa1509c1c3c18f5ce5d6fe2133f9bc3828df
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 94821
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:15 GMT
Last-Modified: Fri, 04 Nov 2022 04:08:16 GMT
aiuabafm.com.br/wp-includes/css/classic-themes.min.css?ver=1
147.135.10.43200 OK 217 B URL HTTP/1.1 aiuabafm.com.br/wp-includes/css/classic-themes.min.css?ver=1
IP 147.135.10.43:0
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 217
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Fri, 04 Nov 2022 04:08:16 GMT
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.1
142.250.74.10200 OK 2.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.1
IP 142.250.74.10:0
Hash a0a7094128be532b1ffbef34ab8d4949
9b972be405ab74cf336295f3cabcd8f50fd59ad5
78edf8905621f8b7120065b4634b9fd2d91a9516678544cbdadefdda3a143faa
GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 07 Nov 2022 06:42:16 GMT
date: Mon, 07 Nov 2022 06:42:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
aiuabafm.com.br/wp-content/themes/hello-elementor/style.min.css?ver=2.5.0
147.135.10.43200 OK 5.8 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/themes/hello-elementor/style.min.css?ver=2.5.0
IP 147.135.10.43:0
File type ASCII text, with very long lines (5839), with no line terminators
Hash 63ecb029c0992614ead6a9f0f09f55af
2e2090ac679df118e08a2d66a9836cf8b8bfbecb
ef7814fdd67c04cce47bf3c70da7bed7b4860942f57ced18fd21f6c807a53689
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/hello-elementor/style.min.css?ver=2.5.0 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 5839
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:05:17 GMT
aiuabafm.com.br/wp-content/plugins/erplayer/inc/frontend/assets/font/erplayer-icons/styles.css?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D
147.135.10.43200 OK 2.2 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/erplayer/inc/frontend/assets/font/erplayer-icons/styles.css?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D
IP 147.135.10.43:0
Hash d9a23f8ee332097ab08dbd9f3f5ef517
f1f3eff282ee6e56120eeb1ec7fc748b465c61e4
06ddc2e8a394586e6b197b8d49a58d50226232eb0fdcce2f1c558a80d7923d41
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/erplayer/inc/frontend/assets/font/erplayer-icons/styles.css?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: text/css
Content-Length: 2197
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:24 GMT
aiuabafm.com.br/wp-content/themes/hello-elementor/theme.min.css?ver=2.5.0
147.135.10.43200 OK 15 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/themes/hello-elementor/theme.min.css?ver=2.5.0
IP 147.135.10.43:0
File type ASCII text, with very long lines (15346), with no line terminators
Hash 1939e47bfd9eb27d917f08f5336ec879
7d00e49cd31e57dbfde395466aa7351bb47456a8
6e474696e73d72e749cabb19f9c453ddad1b59075489c745f17719df48599060
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/hello-elementor/theme.min.css?ver=2.5.0 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 15346
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:05:17 GMT
aiuabafm.com.br/wp-content/uploads/elementor/css/post-7.css?ver=1653855124
147.135.10.43200 OK 995 B URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/elementor/css/post-7.css?ver=1653855124
IP 147.135.10.43:0
File type ASCII text, with very long lines (995), with no line terminators
Hash bc0b1e8e36a9f76fa8bff2cbc0ee7487
3efe59d09d273b83b37c0161033f3525e97f6a90
af9a9b5b664370b90a20cc6ff14ac97f48a60647a3cfa6b98480847e44f5193c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-7.css?ver=1653855124 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 995
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 20:12:04 GMT
aiuabafm.com.br/wp-content/plugins/erplayer/inc/frontend/assets/css/erplayer.css?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D
147.135.10.43200 OK 37 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/erplayer/inc/frontend/assets/css/erplayer.css?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D
IP 147.135.10.43:0
File type ASCII text, with very long lines (659)
Hash 3f1b52703f00d9979889f2a9031017a1
f204fefb6427c07aca9644d9659a11f604f7d36f
db6904f189055414d7c62115d3f9c3b4b586340320c1365f0f27bc25cfb62a36
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/erplayer/inc/frontend/assets/css/erplayer.css?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: text/css
Content-Length: 36985
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:24 GMT
aiuabafm.com.br/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.5.2
147.135.10.43200 OK 99 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.5.2
IP 147.135.10.43:0
File type ASCII text, with very long lines (65497)
Hash 0ccb8bdc9cccc072069a72a5da799f70
4ceb2cc98ca1245af077fae882bdbbd043754f6a
e2031387eb4b7fe61f62ffb4f93742ca3f1bf72eba8a7a2e69b2aaf2efc16b1f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.5.2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 98820
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:56 GMT
aiuabafm.com.br/wp-content/plugins/loftloader/assets/css/loftloader.min.css?ver=2022022501
147.135.10.43200 OK 13 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/loftloader/assets/css/loftloader.min.css?ver=2022022501
IP 147.135.10.43:0
File type ASCII text, with very long lines (13273)
Hash 64dcff8679da29cda29d05134d505ac8
d5703629060ce62d8a687bccd56458b4d9e0b991
1dcf5da2c7a5966f6a8953871e70b764c761336239e0feb9653a0e856e7e71e6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/loftloader/assets/css/loftloader.min.css?ver=2022022501 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 13274
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Tue, 31 May 2022 13:54:33 GMT
aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
147.135.10.43200 OK 11 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
IP 147.135.10.43:0
File type ASCII text, with very long lines (10612), with no line terminators
Hash 5b78da3445adcf1fdd82c824f80bb3dd
1b44a0819b3f39ad4562be7366f8e7377fa3e86d
b764ad340dd7d830b6ef6ee35a81a81ad09155c7d6ac8612e9120f819fa68454
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-13.css?ver=1655599167 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 10612
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 19 Jun 2022 00:39:27 GMT
aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.13.0
147.135.10.43200 OK 19 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.13.0
IP 147.135.10.43:0
File type ASCII text, with very long lines (18854)
Hash 529682ac55e7a01d92eaca49121fc540
8ce3714f3f8b249639d628b7011ac59d21152789
d2a442e1bc1180697fefe701f9b67b9cf4d819e2837bdb43898a2db6ef8e8262
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.13.0 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 18900
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:56 GMT
aiuabafm.com.br/wp-content/uploads/elementor/css/global.css?ver=1653855124
147.135.10.43200 OK 40 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/elementor/css/global.css?ver=1653855124
IP 147.135.10.43:0
File type ASCII text, with very long lines (15176)
Hash fef80215e2d50a2d4340cb6ebcaddeb8
38729d26d0b6a3d16d8805f4df65a4464a39e464
58d33f99acf214eecc5da9c71bc7ea281623a2c9f1c1d6bcb1c7e244c3a18d5d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/global.css?ver=1653855124 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 39676
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 20:12:04 GMT
aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
147.135.10.43200 OK 675 B URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
IP 147.135.10.43:0
File type ASCII text, with very long lines (489)
Hash 144e43c3b3d8ea5b278c062c202c92f2
3c037057a419245849747b4762d09d88cab66fc1
9cd63b8cea25045c14623c538d26752518a58c0c682795ce6ad3078976c65a37
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 675
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:56 GMT
aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
147.135.10.43200 OK 58 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
IP 147.135.10.43:0
File type ASCII text, with very long lines (57726)
Hash eeb705d0bdccfd645d3bbd46dd1fbab3
066def290f42ed8c00860e573cc880bd46e9ced4
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 57912
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:56 GMT
aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
147.135.10.43200 OK 669 B URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
IP 147.135.10.43:0
File type ASCII text, with very long lines (483)
Hash 9eb2d3c87feb6bb2ffa63b70532b1477
38f226335a05ab0e30497bc7419eb5e243a9e26c
37bab6cd583982e8eff58501a99d7c5c4d63664c1ca34f9e3b7cf526c5b73ae2
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 669
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:56 GMT
aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
147.135.10.43200 OK 677 B URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
IP 147.135.10.43:0
File type ASCII text, with very long lines (491)
Hash 3eef8c9e589a6fd58292e79bbac4ba5d
d3ebdb629b8d9c92380b14b1676b123398f0841b
eea3d6ccda7f6503078cce9dc41176c1357af1c93a5b3625131ef7cf21c9d7c4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 677
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:56 GMT
aiuabafm.com.br/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.5.2
147.135.10.43200 OK 127 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.5.2
IP 147.135.10.43:0
File type ASCII text, with very long lines (65493)
Size 127 kB (127275 bytes)
Hash bd0de6a426974089e42c77d04cb5c2f2
bb984aea84cdf164cb7515c75342fbf1feab5363
63649065e3416748d2a80ad9e891a8c751862c78182156a08565ca84dd4f16b8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.5.2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/css
Content-Length: 127275
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:02:52 GMT
aiuabafm.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
147.135.10.43200 OK 11 kB URL HTTP/1.1 aiuabafm.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 147.135.10.43:0
File type ASCII text, with very long lines (11126)
Hash 79b4956b7ec478ec10244b5e2d33ac7d
a46025b9d05e3df30d610a8aef14f392c7058dc9
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 11224
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Wed, 18 Nov 2020 09:06:06 GMT
aiuabafm.com.br/wp-includes/js/wp-emoji-release.min.js?ver=6.1
147.135.10.43200 OK 19 kB URL HTTP/1.1 aiuabafm.com.br/wp-includes/js/wp-emoji-release.min.js?ver=6.1
IP 147.135.10.43:0
File type ASCII text, with very long lines (15660)
Hash 32beb68a374e3aeac00abdf9e12b84ea
b5d18aa625e8696dd9d07cd0869337717b211ae0
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 18617
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Tue, 12 Apr 2022 05:56:23 GMT
aiuabafm.com.br/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
147.135.10.43200 OK 21 kB URL HTTP/1.1 aiuabafm.com.br/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
IP 147.135.10.43:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 034bd11ecaf6fb9240d905245e42e202
ff136c394ed95badfc0107fb98a890dcff642828
ca7154cdda62b535ceaba9ad2a2b2217ff49de94c069a2c4e89733f3f06b3651
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 21440
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Fri, 04 Nov 2022 04:08:16 GMT
aiuabafm.com.br/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
147.135.10.43200 OK 90 kB URL HTTP/1.1 aiuabafm.com.br/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 147.135.10.43:0
File type ASCII text, with very long lines (65447)
Hash 17738318d61d394f1de8890d589afaec
f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 89684
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Fri, 04 Nov 2022 04:08:16 GMT
aiuabafm.com.br/wp-content/plugins/erplayer/inc/frontend/assets/js/jquery.marquee.js?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D
147.135.10.43200 OK 24 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/erplayer/inc/frontend/assets/js/jquery.marquee.js?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D
IP 147.135.10.43:0
Hash d3ff4d3bedeab7b6016a8fed18b678d1
7fbc24422b4dca5b6249e64a83c4339676ff6c74
1a17ff8494ad6ac090732463db405cfd298135767d0af6a3b0f255aaa4695542
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/erplayer/inc/frontend/assets/js/jquery.marquee.js?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 23726
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:24 GMT
aiuabafm.com.br/wp-content/plugins/erplayer/inc/frontend/assets/js/erplayer-frontend-min.js?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D
147.135.10.43200 OK 24 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/erplayer/inc/frontend/assets/js/erplayer-frontend-min.js?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D
IP 147.135.10.43:0
File type ASCII text, with very long lines (24370)
Hash a17f13dbbd0e4bb4000f02d83fc7145f
25a90b6b09336d0c4f9e3e6f2c2531c550143b32
db8c12e81c11be4c06bdeee316eb28414b8b89e04692b2f4e5d9da0d7837a1bd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/erplayer/inc/frontend/assets/js/erplayer-frontend-min.js?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 24420
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:24 GMT
aiuabafm.com.br/wp-content/themes/hello-elementor/assets/js/hello-frontend.min.js?ver=1.0.0
147.135.10.43200 OK 3.1 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/themes/hello-elementor/assets/js/hello-frontend.min.js?ver=1.0.0
IP 147.135.10.43:0
File type ASCII text, with very long lines (3113), with no line terminators
Hash 991851ce021f42521a9b8c707500d731
d3b7d0a28b0e6a7e0621f78b1ba440b52060cc9c
bd29338c097619843470ad38187d0c1754d939b12fa755f4c11f9e53fd46b09f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/hello-elementor/assets/js/hello-frontend.min.js?ver=1.0.0 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 3113
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:05:17 GMT
aiuabafm.com.br/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.5.2
147.135.10.43200 OK 4.9 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.5.2
IP 147.135.10.43:0
File type ASCII text, with very long lines (4866)
Hash 91e50b02c314bd6ad0d26276967d3e09
fbff34fa46899286d56c9fc092005ea276d22a3a
f22b3dd13e81113afb3a94bc053b7f41363692316d7d61515b8a8055aba28a7c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.5.2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 4905
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:56 GMT
aiuabafm.com.br/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.5.2
147.135.10.43200 OK 14 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.5.2
IP 147.135.10.43:0
File type ASCII text, with very long lines (14196)
Hash f9b765c90b87dcd6c1826872d7dc6826
6294758978e22db40dbf0e86e33c710d004c8ae1
d38e62f3e50f31b512f58dcd817cc1f1bac4b95e09f734bc1d79fd1861831694
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.5.2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 14235
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:56 GMT
aiuabafm.com.br/wp-content/plugins/loftloader/assets/js/loftloader.min.js?ver=2022022501
147.135.10.43200 OK 522 B URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/loftloader/assets/js/loftloader.min.js?ver=2022022501
IP 147.135.10.43:0
File type ASCII text, with very long lines (521)
Hash a38a2cb56a672792f12da9e65ede0afe
adc06c6817365f5ee20d5d23a19fee0cdde59e70
3cc6fc5270cfbd41ab6196ac372b893406236037932561644b4736a5f274f04a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/loftloader/assets/js/loftloader.min.js?ver=2022022501 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 522
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Tue, 31 May 2022 13:54:33 GMT
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 6dba1915540598e77ae8d73ce49c4b3b
f9c34b678d814548946cafea65b20ff352fb501b
89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 06:42:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://aiuabafm.com.br
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:34:08 GMT
expires: Thu, 02 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 385688
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 17032, version 1.0\012- data
Hash 05a47f9e469d408c629f931cd33ff8b2
823f21f7b1d456db889c3afea393f0d2b9581c38
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
GET /s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://aiuabafm.com.br
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:51:10 GMT
expires: Thu, 02 Nov 2023 19:51:10 GMT
cache-control: public, max-age=31536000
age: 384666
last-modified: Wed, 11 May 2022 19:24:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
147.135.10.43200 OK 12 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
IP 147.135.10.43:0
File type ASCII text, with very long lines (12198), with no line terminators
Hash 3819c3569da71daec283a75483735f7e
ecd40a5cc6f0b76200c454ca880210dc301cfab8
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 12198
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:56 GMT
aiuabafm.com.br/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.5.2
147.135.10.43200 OK 37 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.5.2
IP 147.135.10.43:0
File type ASCII text, with very long lines (36842)
Hash 31f42580e38898d9591f29a905461232
5e829f472cb07b59669014b63b03aaaf83056df9
7e53d6bb1d640561e7a15b9890c11a74b6b0f7d34c3dbfa9f387a41596cf5058
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.5.2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 36881
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:16 GMT
Last-Modified: Sun, 29 May 2022 19:03:56 GMT
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 6dba1915540598e77ae8d73ce49c4b3b
f9c34b678d814548946cafea65b20ff352fb501b
89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 06:42:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
aiuabafm.com.br/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.5.2
147.135.10.43200 OK 5.0 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.5.2
IP 147.135.10.43:0
File type ASCII text, with very long lines (4922)
Hash 4b89c63b3a608532f302ce183c639590
5a1c40f1df407ebdab2f7ea0767e791fab771508
fe0b038edbeff4a8cdb38484012d640f9eb1bbe50df495cc38850ee9ff2cdb19
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.5.2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 4965
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:02:52 GMT
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://aiuabafm.com.br
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:34:08 GMT
expires: Thu, 02 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 385689
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
aiuabafm.com.br/wp-includes/js/imagesloaded.min.js?ver=4.1.4
147.135.10.43200 OK 5.6 kB URL HTTP/1.1 aiuabafm.com.br/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP 147.135.10.43:0
File type ASCII text, with very long lines (5477)
Hash 3a56752b736635bf69cb069b8818cbfd
42e0951fe74bb3f56a30f51291823bcd4a84d76e
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 5629
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sat, 13 Jun 2020 18:53:27 GMT
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 6dba1915540598e77ae8d73ce49c4b3b
f9c34b678d814548946cafea65b20ff352fb501b
89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 06:42:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
aiuabafm.com.br/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.5.2
147.135.10.43200 OK 20 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.5.2
IP 147.135.10.43:0
File type ASCII text, with very long lines (20250)
Hash 6dd98ee5258bff321dbfd4b96a42df74
ccd467b173c920800cf87bf8ae190488bb29ed2c
ce0ed4310e1bd403aa701f5461db2cecf2f414ad8334893234ff2d106fb0a5e7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.5.2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 20293
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:02:52 GMT
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 6dba1915540598e77ae8d73ce49c4b3b
f9c34b678d814548946cafea65b20ff352fb501b
89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 06:42:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
aiuabafm.com.br/wp-content/plugins/erplayer/inc/elementor/widgets/radio/elementor-radio-player.js?ver=1.0.0
147.135.10.43200 OK 852 B URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/erplayer/inc/elementor/widgets/radio/elementor-radio-player.js?ver=1.0.0
IP 147.135.10.43:0
Hash 9b3f58a21f11cf6ba2d21a1ef854acc5
78c8c91845b2288c8eb16683b4411bb2e28b49a5
9751cb53a51f1955e1abdd8c2873e2d45aef70d519cd312fc31a332ecafde5d3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/erplayer/inc/elementor/widgets/radio/elementor-radio-player.js?ver=1.0.0 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 852
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:03:24 GMT
aiuabafm.com.br/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.5.2
147.135.10.43200 OK 24 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.5.2
IP 147.135.10.43:0
File type ASCII text, with very long lines (24241)
Hash de04a91e544f7aa2e37e2ea2a5c7163a
0926aa7f7f212a4efa051211bb9eeae5173cf0d1
2d990e6c3d103a96bb92f0d6e827e07b56bb3ef7c143ed05eb936d4a0abfe00d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.5.2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 24284
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:02:52 GMT
aiuabafm.com.br/wp-content/plugins/erplayer/inc/frontend/assets/font/erplayer-icons/fonts/erplayer-icons.woff
147.135.10.43200 OK 3.3 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/erplayer/inc/frontend/assets/font/erplayer-icons/fonts/erplayer-icons.woff
IP 147.135.10.43:0
File type Web Open Font Format, CFF, length 3276, version 1.0\012- data
Hash ab813277b033d70dff11559b26f5762b
5866783bf7202b44b16ce7f59dd8ef46ed3e677d
b9f23feab7a199328ed4dfdc30dc32da7d0b81fae42404d21d651af1371317c0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/erplayer/inc/frontend/assets/font/erplayer-icons/fonts/erplayer-icons.woff HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/plugins/erplayer/inc/frontend/assets/font/erplayer-icons/styles.css?ver%5BElementor%20tested%20up%20to%5D&ver%5BElementor%20Pro%20tested%20up%20to%5D&ver%5B0%5D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Date: Mon, 07 Nov 2022 06:42:17 GMT
Content-Type: font/woff
Content-Length: 3276
Connection: keep-alive
last-modified: Sun, 29 May 2022 19:03:24 GMT
alt-svc: h3=":8443"; ma=2592000, h3-29=":8443"; ma=2592000, h3-Q050=":8443"; ma=2592000, h3-Q046=":8443"; ma=2592000, h3-Q043=":8443"; ma=2592000, quic=":8443"; ma=2592000; v="43,46"
Expires: Fri, 06 Jan 2023 06:42:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes
X-Origin-Time-Delay: 112.75126ms
X-Server-Mode: proxied
Keep-Alive: timeout=5, max=100
aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2
147.135.10.43200 OK 13 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2
IP 147.135.10.43:0
File type Web Open Font Format (Version 2), TrueType, length 13276, version 331.-31261\012- data
Hash f0f8230116992e521526097a28f54066
0447c6b10bbf73f97b23dcfd6e6a48510822cb6e
8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Date: Mon, 07 Nov 2022 06:42:17 GMT
Content-Type: font/woff2
Content-Length: 13276
Connection: keep-alive
last-modified: Sun, 29 May 2022 19:03:56 GMT
alt-svc: h3=":8443"; ma=2592000, h3-29=":8443"; ma=2592000, h3-Q050=":8443"; ma=2592000, h3-Q046=":8443"; ma=2592000, h3-Q043=":8443"; ma=2592000, quic=":8443"; ma=2592000; v="43,46"
Expires: Fri, 06 Jan 2023 06:42:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes
X-Origin-Time-Delay: 109.873086ms
X-Server-Mode: proxied
Keep-Alive: timeout=5, max=100
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ab0ff0400be4a39d3107eb1f230ca47d
5ab30c2e5ad48134f442dd5aa6c095ff96356eff
94fe78aed5d76cd53e10fb613a8fa912ef8d9e66e14e8f9cd92b76a1b592bfa2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2895
Cache-Control: max-age=125361
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 06:42:17 GMT
Etag: "6367e42b-1d7"
Expires: Tue, 08 Nov 2022 17:31:38 GMT
Last-Modified: Sun, 06 Nov 2022 16:43:23 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
147.135.10.43200 OK 77 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
IP 147.135.10.43:0
File type Web Open Font Format (Version 2), TrueType, length 76764, version 331.-31261\012- data
Hash f7307680c7fe85959f3ecf122493ea7d
fce0da592a3e536d6d5df5b50cb513398d8c5161
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Date: Mon, 07 Nov 2022 06:42:17 GMT
Content-Type: font/woff2
Content-Length: 76764
Connection: keep-alive
last-modified: Sun, 29 May 2022 19:03:56 GMT
alt-svc: h3=":8443"; ma=2592000, h3-29=":8443"; ma=2592000, h3-Q050=":8443"; ma=2592000, h3-Q046=":8443"; ma=2592000, h3-Q043=":8443"; ma=2592000, quic=":8443"; ma=2592000; v="43,46"
Expires: Fri, 06 Jan 2023 06:42:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes
X-Origin-Time-Delay: 105.1084ms
X-Server-Mode: proxied
Keep-Alive: timeout=5, max=100
aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
147.135.10.43200 OK 78 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
IP 147.135.10.43:0
File type Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Hash e8a427e15cc502bef99cfd722b37ea98
a9922842a120a7f1eaced667480c5e185a106d69
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Date: Mon, 07 Nov 2022 06:42:17 GMT
Content-Type: font/woff2
Content-Length: 78196
Connection: keep-alive
last-modified: Sun, 29 May 2022 19:03:56 GMT
alt-svc: h3=":8443"; ma=2592000, h3-29=":8443"; ma=2592000, h3-Q050=":8443"; ma=2592000, h3-Q046=":8443"; ma=2592000, h3-Q043=":8443"; ma=2592000, quic=":8443"; ma=2592000; v="43,46"
Expires: Fri, 06 Jan 2023 06:42:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes
X-Origin-Time-Delay: 105.468499ms
X-Server-Mode: proxied
Keep-Alive: timeout=5, max=100
aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.13.0
147.135.10.43200 OK 92 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.13.0
IP 147.135.10.43:0
File type Web Open Font Format (Version 2), TrueType, length 91472, version 1.0\012- data
Hash f4f91f34f5cd97cb1fb1ff9de8cb1473
56eefd5e8875fd3a639a2e4c884f880fd1829525
3368bde807b9dc25e071e9d50a7f698b8788e5b12b7a967dd1efcffb8cc957ab
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.13.0 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.13.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Date: Mon, 07 Nov 2022 06:42:17 GMT
Content-Type: font/woff2
Content-Length: 91472
Connection: keep-alive
last-modified: Sun, 29 May 2022 19:03:56 GMT
alt-svc: h3=":8443"; ma=2592000, h3-29=":8443"; ma=2592000, h3-Q050=":8443"; ma=2592000, h3-Q046=":8443"; ma=2592000, h3-Q043=":8443"; ma=2592000, quic=":8443"; ma=2592000; v="43,46"
Expires: Fri, 06 Jan 2023 06:42:17 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: STALE
X-Server-Powered-By: Engintron
Accept-Ranges: bytes
X-Origin-Time-Delay: 113.91492ms
X-Server-Mode: proxied
Keep-Alive: timeout=5, max=100
aiuabafm.com.br/wp-content/uploads/2022/05/cropped-LOGO-AIUABA-FM-.png
147.135.10.43200 OK 100 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/cropped-LOGO-AIUABA-FM-.png
IP 147.135.10.43:0
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Hash 3ae841b833e5b81458c75f107656fa39
fbff74b9361735616e8fd06af20466c8511f5212
c09b676f72246641d8b83d4a1f246ab1e919fc4292a559002cbfe7141323f612
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/cropped-LOGO-AIUABA-FM-.png HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/png
Content-Length: 99484
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Mon, 30 May 2022 20:55:53 GMT
itunes.apple.com/search?term=&callback=jQuery361046262227195696937_1667803334562
23.38.200.24200 OK 99 B URL HTTP/2 itunes.apple.com/search?term=&callback=jQuery361046262227195696937_1667803334562
IP 23.38.200.24:0
Hash f87a11dfe76a16e98fcda7cfea429372
ada63ee20db985a5a96359effbfcac944fb2e6ec
13006164866a542e9b3f4eec3edff5f034438edde30403d4222a419c62d87f60
GET /search?term=&callback=jQuery361046262227195696937_1667803334562 HTTP/1.1
Host: itunes.apple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-apple-jingle-correlation-key: X4YLV334V5SNPT2YPE4IYULLWA
x-apple-request-uuid: bf30baef-7caf-64d7-cf58-79388c516bb0
x-apple-translated-wo-url: /WebObjects/MZStoreServices.woa/ws/wsSearch?term=&callback=jQuery361046262227195696937_1667803334562&urlDesc=
apple-tk: false
x-b3-spanid: 28f61422274c7ead
content-type: text/javascript; charset=utf-8
b3: bf30baef7caf64d7cf5879388c516bb0-28f61422274c7ead
x-content-type-options: nosniff
x-b3-traceid: bf30baef7caf64d7cf5879388c516bb0
x-webobjects-loadaverage: 0
x-responding-instance: MZStoreServices:2005216:::
apple-seq: 0
content-disposition: attachment; filename=1.txt
apple-originating-system: MZStoreServices
content-encoding: gzip
strict-transport-security: max-age=31536000
x-apple-orig-url: https://mzstoreservices-int-st.itunes.apple.com/search?term=&callback=jQuery361046262227195696937_1667803334562
x-apple-application-site: ST11
apple-timing-app: 2 ms
x-apple-application-instance: 2005216
content-length: 99
vary: Accept-Encoding
cache-control: max-age=86379
date: Mon, 07 Nov 2022 06:42:17 GMT
x-cache: TCP_MISS from a23-36-79-6.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
x-true-cache-key: /L/itunes.apple.com/search?callback=jQuery361046262227195696937_1667803334562&term=Browser vcd=2897
x-cache-remote: TCP_MISS from a104-123-68-239.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
x-apple-partner: origin.0
X-Firefox-Spdy: h2
aiuabafm.com.br/wp-content/uploads/2022/05/CIDADE-DE-AIUABA-.jpg
147.135.10.43200 OK 258 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/CIDADE-DE-AIUABA-.jpg
IP 147.135.10.43:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Size 258 kB (257986 bytes)
Hash efca8bd114edbed71d32f74ee02ef460
990e9e5c5a74e1f8ebc7c60132c06b6698730094
8bbb71bdda6a2d7acd62ea3b4fec7b7bcf268c2df0c83b3f027aa1b2ee70f69f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/CIDADE-DE-AIUABA-.jpg HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 257986
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:15:13 GMT
aiuabafm.com.br/wp-content/plugins/elementor-pro/assets/js/slides.39da68ee3c8123589b2e.bundle.min.js
147.135.10.43200 OK 3.8 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor-pro/assets/js/slides.39da68ee3c8123589b2e.bundle.min.js
IP 147.135.10.43:0
File type ASCII text, with very long lines (3787)
Hash cba2b9e57eacbd99c7c4151c88107c2f
a1a3dba11225bed98f9d466047df7401af5d274c
b4f015b1c1d9662dbc0efec9729fccc11c0a3629a3d67178135ccce287914da5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/slides.39da68ee3c8123589b2e.bundle.min.js HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 3830
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:02:52 GMT
aiuabafm.com.br/wp-content/plugins/elementor/assets/js/text-editor.289ae80d76f0c5abea44.bundle.min.js
147.135.10.43200 OK 1.4 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/js/text-editor.289ae80d76f0c5abea44.bundle.min.js
IP 147.135.10.43:0
File type ASCII text, with very long lines (1316)
Hash 212c8159c7e7226b669f8c2865f1be20
efa03345a657b35d321e79b25abc50a60156b5f2
636450e920df1c9efefebe0bd648a4054369ebda02d5a50f144312cba0365af4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/text-editor.289ae80d76f0c5abea44.bundle.min.js HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 1355
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:03:56 GMT
aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101181501.jpeg
147.135.10.43200 OK 126 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101181501.jpeg
IP 147.135.10.43:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 87", baseline, precision 8, 1350x350, components 3\012- data
Size 126 kB (126546 bytes)
Hash d08d90a86041ab49b1bf54b9d077aae9
84c83c0904d21cbc12b6bc8c74b24bb72014b381
be8f91d1920c35ba26116e7c989c3d3861f77ba9d13d6aef8649e857444e494e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/destaque-6608-20211101181501.jpeg HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 126546
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:19:13 GMT
aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101162931.jpeg
147.135.10.43200 OK 99 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101162931.jpeg
IP 147.135.10.43:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 87", baseline, precision 8, 1350x350, components 3\012- data
Hash eefb938492e958f0dc73e722f48eb5d0
0848a026e9d0e565d9cac9284feca73537ff0192
a0f85b68b6133e01991bc1d3c2800f4c31b335bdf6951c3ecfacdda9b79192ad
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/destaque-6608-20211101162931.jpeg HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 98752
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:19:11 GMT
aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101163945.jpeg
147.135.10.43200 OK 69 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101163945.jpeg
IP 147.135.10.43:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 87", baseline, precision 8, 1350x350, components 3\012- data
Hash a3884069cde0683b1e9f3a751491edd9
add1e05c9db1fbffbddd1c03ce977493b5006ed7
16d5e2c1e535d1aaffc960d64bc77666648ba98e3cedbc4be4d7359eed6a4d66
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/destaque-6608-20211101163945.jpeg HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 68906
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:19:12 GMT
aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101165640.jpeg
147.135.10.43200 OK 121 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101165640.jpeg
IP 147.135.10.43:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 87", baseline, precision 8, 1350x350, components 3\012- data
Size 121 kB (121407 bytes)
Hash 0f1d472e35308ef2ae482194bd9b8c8b
d561639ccbd239555a26ca66ace42c16b80e23b3
470a1e988aec1758f6624f1aca2836c84d9bbc57eca595366aeabf14ab3d6c9f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/destaque-6608-20211101165640.jpeg HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 121407
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:19:13 GMT
aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101162206.jpeg
147.135.10.43200 OK 146 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101162206.jpeg
IP 147.135.10.43:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 87", baseline, precision 8, 1350x350, components 3\012- data
Size 146 kB (145907 bytes)
Hash 6601867e5ae9486882c0fa95999bc7d7
d793404e413ab34003892abcc119fd5fabcf1d33
3155b7655cd495122b8190e964877d38091b36d0eb4ac0750db50668e0520ee3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/destaque-6608-20211101162206.jpeg HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 145907
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:19:10 GMT
aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101161435.jpeg
147.135.10.43200 OK 122 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101161435.jpeg
IP 147.135.10.43:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 87", baseline, precision 8, 1350x350, components 3\012- data
Size 122 kB (121641 bytes)
Hash b09db56f84a33791e929ef5e75286519
b870b4817970515958cea54629e69074d86cfee2
1d54e46a7ef7d8779b002adfa92823a8c73d1eb0c3dfee4ef124a52a3735abb0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/destaque-6608-20211101161435.jpeg HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 121641
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:19:10 GMT
aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
147.135.10.43200 OK 139 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
IP 147.135.10.43:0
File type ASCII text, with very long lines (65280)
Size 139 kB (139153 bytes)
Hash 15bb2b8491fc7e84137d65f610e1685a
cd76b70a5426893e9c022b9a75c50a7c1348e2d0
b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,immutable,max-age=31536000
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 139153
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:03:56 GMT
aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101153027.jpeg
147.135.10.43200 OK 50 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101153027.jpeg
IP 147.135.10.43:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 87", baseline, precision 8, 1350x350, components 3\012- data
Hash 93d41942cbcae92b83ae9b8d065494ab
abda4496b8a6b2e8268412a36225cabb3fecd4d8
4044e3033311e4276f08bf8fb41d26d7e3e39c3d80f877c3aa5b63ffd663066c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/destaque-6608-20211101153027.jpeg HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 50011
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:19:08 GMT
aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101152132.jpeg
147.135.10.43200 OK 151 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101152132.jpeg
IP 147.135.10.43:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 87", baseline, precision 8, 1350x350, components 3\012- data
Size 151 kB (151235 bytes)
Hash 673a0c5f893deaa71608b29efefe666d
b88b11162589ae75031629b5b18422df19e906a0
fd68529039154d3c82d55212f8d4649b75616f5606669cde95715cea02aa12e9
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/destaque-6608-20211101152132.jpeg HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 151235
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:19:08 GMT
aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101151601.jpeg
147.135.10.43200 OK 117 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101151601.jpeg
IP 147.135.10.43:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 87", baseline, precision 8, 1350x350, components 3\012- data
Size 117 kB (117247 bytes)
Hash ac78fe0424db352379c20f5a53602897
69ac52e0c2e2a77a6ae6c814c9f9d14802a6da0b
6548fda1aebf0049d249aa65de50e66da3c2f74ea310dbd653ce49aa28de7d76
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/destaque-6608-20211101151601.jpeg HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 117247
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:19:07 GMT
aiuabafm.com.br/?qtproxycall=https%3A%2F%2Fglsolutionstreming.com.br%2Fradio%2F8020%2Faiuabafmradio.mp3&icymetadata=1&_=1667803334563
147.135.10.43200 OK 53 B URL HTTP/1.1 aiuabafm.com.br/?qtproxycall=https%3A%2F%2Fglsolutionstreming.com.br%2Fradio%2F8020%2Faiuabafmradio.mp3&icymetadata=1&_=1667803334563
IP 147.135.10.43:0
File type ASCII text, with no line terminators
Hash aaafd90e84867fc4bfece309ebb6b59c
e4d6a49089f2d4102f0d13123e7c192afba15a09
9604626b0d0e0fcc85b3ab3c9503f1d1583dbac5d19dee83edb04ccdda3f3e1c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /?qtproxycall=https%3A%2F%2Fglsolutionstreming.com.br%2Fradio%2F8020%2Faiuabafmradio.mp3&icymetadata=1&_=1667803334563 HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Icy-MetaData: 1
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Date: Mon, 07 Nov 2022 06:42:17 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
Content-Encoding: gzip
X-Origin-Time-Delay: 628.574218ms
X-Server-Mode: proxied
Keep-Alive: timeout=5, max=100
aiuabafm.com.br/wp-content/uploads/2022/05/LOGO-AIUABA-FM--150x150.png
147.135.10.43200 OK 15 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/LOGO-AIUABA-FM--150x150.png
IP 147.135.10.43:0
File type PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash 951aecc490f6e41f8d3c834d63458e54
a1056cd7fdee99f9ab4c4e8f21f672e895e380b8
c571235a832bb28476137c89a0f84f710172df44ada76e8f2d90c200a87d1d16
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/LOGO-AIUABA-FM--150x150.png HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/png
Content-Length: 15106
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:08:59 GMT
aiuabafm.com.br/wp-content/uploads/2022/05/LOGO-AIUABA-FM--300x300.png
147.135.10.43200 OK 45 kB URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/LOGO-AIUABA-FM--300x300.png
IP 147.135.10.43:0
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash b9dc016e64d6103a9bd09dd6d020f4d4
ade56c43b0ffee4bcf78e5bcd015046ddcb3e7c6
8f092b5a6175e5fec0c7d571f9032a1c1dae5eab2b03283b32ce2bfdbdd35276
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/LOGO-AIUABA-FM--300x300.png HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/ri/liftsaiec/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/png
Content-Length: 44685
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:08:59 GMT
itunes.apple.com/search?term=Debbie+Gibson-Lost+in+Your+Eyes&callback=jQuery361046262227195696937_1667803334562
23.38.200.24200 OK 6.0 kB URL HTTP/2 itunes.apple.com/search?term=Debbie+Gibson-Lost+in+Your+Eyes&callback=jQuery361046262227195696937_1667803334562
IP 23.38.200.24:0
File type ASCII text, with very long lines (978)
Hash dac450029f34aaab61898712862d715b
552c2041771747826c23128e2d56a56d34c96312
eb83f47e164a11f9b2ff497101008132864591c67a6b3d89336450d7b9fa5cc0
GET /search?term=Debbie+Gibson-Lost+in+Your+Eyes&callback=jQuery361046262227195696937_1667803334562 HTTP/1.1
Host: itunes.apple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-apple-jingle-correlation-key: 5UTFPOYCA5LZV6W33HZR2RQPSI
x-apple-request-uuid: ed2657bb-0207-579a-fadb-d9f31d460f92
x-apple-translated-wo-url: /WebObjects/MZStoreServices.woa/ws/wsSearch?term=Debbie+Gibson-Lost+in+Your+Eyes&callback=jQuery361046262227195696937_1667803334562&urlDesc=
apple-tk: false
x-b3-spanid: 6e6f201904204de0
content-type: text/javascript; charset=utf-8
b3: ed2657bb0207579afadbd9f31d460f92-6e6f201904204de0
x-content-type-options: nosniff
x-b3-traceid: ed2657bb0207579afadbd9f31d460f92
x-webobjects-loadaverage: 0
x-responding-instance: MZStoreServices:2007308:::
apple-seq: 0
content-disposition: attachment; filename=1.txt
apple-originating-system: MZStoreServices
content-encoding: gzip
strict-transport-security: max-age=31536000
x-apple-orig-url: https://mzstoreservices-int-st.itunes.apple.com/search?term=Debbie+Gibson-Lost+in+Your+Eyes&callback=jQuery361046262227195696937_1667803334562
x-apple-application-site: ST11
apple-timing-app: 733 ms
x-apple-application-instance: 2007308
content-length: 5970
vary: Accept-Encoding
cache-control: max-age=86400
date: Mon, 07 Nov 2022 06:42:18 GMT
x-cache: TCP_MISS from a23-36-79-6.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
x-true-cache-key: /L/itunes.apple.com/search?callback=jQuery361046262227195696937_1667803334562&term=Debbie+Gibson-Lost+in+Your+EyesBrowser vcd=2897
x-cache-remote: TCP_MISS from a104-123-68-15.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
x-apple-partner: origin.0
X-Firefox-Spdy: h2
is5-ssl.mzstatic.com/image/thumb/Music114/v4/2a/fc/28/2afc2820-fcea-e912-9780-d435dbd209e9/dj.ezlbkrnf.jpg/100x100bb.jpg
23.38.200.24200 OK 6.6 kB URL HTTP/2 is5-ssl.mzstatic.com/image/thumb/Music114/v4/2a/fc/28/2afc2820-fcea-e912-9780-d435dbd209e9/dj.ezlbkrnf.jpg/100x100bb.jpg
IP 23.38.200.24:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 100x98, components 3\012- data
Hash 3b06294b7c6ddcf54ad781d56ce152e2
b369dc6ff02f7cffa08c821a2a380a7f0a3e2065
654da4709086dafb7c47ed7417effe35b1a5d3f56e01825ca9b8091720bc88cd
GET /image/thumb/Music114/v4/2a/fc/28/2afc2820-fcea-e912-9780-d435dbd209e9/dj.ezlbkrnf.jpg/100x100bb.jpg HTTP/1.1
Host: is5-ssl.mzstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: daiquiri/3.0.0
content-type: image/jpeg
content-length: 6558
x-apple-jingle-correlation-key: 6GVECERIJVJK4DITFLTUUIIZTM
x-apple-request-uuid: f1aa4112-284d-52ae-0d13-2ae74a21199b
b3: f1aa4112284d52ae0d132ae74a21199b-76fdc6c1a134590d
x-b3-traceid: f1aa4112284d52ae0d132ae74a21199b
x-b3-spanid: 76fdc6c1a134590d
apple-seq: 0.0
apple-tk: false
apple-originating-system: UnknownOriginatingSystem
last-modified: Wed, 04 May 2022 04:31:39 GMT
etag: "MSwxLjI2LTIyRiwyMEUyNDEsMTY1MTYzODY5OTU0Nixpc0J1aWxkVmVyc2lvbk5vdFNldCw1MDA4MCxub0VmZmVjdA=="
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
timing-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
x-daiquiri-instance: daiquiri:13624002:mr85p00it-hyhk03094901:7987:22RELEASE53:daiquiri-amp-processing-shared-int-001-mr
cdnuuid: db86d505-b3d6-4330-8336-143bc3fce01a-3495198991
cache-control: no-transform, max-age=12941501
date: Mon, 07 Nov 2022 06:42:18 GMT
x-cache: TCP_HIT from a23-36-79-6.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3a3eda5-ceb7-4dc4-b1cd-6ce67037090b.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3a3eda5-ceb7-4dc4-b1cd-6ce67037090b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f04b5777f2d31ceeea81eb44f95b1ad
9c8cc6ad24cf350b2e6fa41ec522e097cbbfa826
0f51d5d4491c9ce5265d81b8eb657417187cdbddc9c5853d39f343d1946515fb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3a3eda5-ceb7-4dc4-b1cd-6ce67037090b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6045
x-amzn-requestid: d21b8ecd-77b4-446c-a450-fa0ce2ec1115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bD9nUFBvoAMFb_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364a961-474388240bca896e6ee6c1e8;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 05:55:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: df3Qjc7fsU_UyddBMSDfkagzKt2TKjGp-Fcs2ELdwX1Rk11zTCt3vQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 10:05:03 GMT
age: 74239
etag: "9c8cc6ad24cf350b2e6fa41ec522e097cbbfa826"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101161219.jpeg
147.135.10.43200 OK 0 B URL HTTP/1.1 aiuabafm.com.br/wp-content/uploads/2022/05/destaque-6608-20211101161219.jpeg
IP 147.135.10.43:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/05/destaque-6608-20211101161219.jpeg HTTP/1.1
Host: aiuabafm.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aiuabafm.com.br/wp-content/uploads/elementor/css/post-13.css?ver=1655599167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: Pyxsoft Pxshield
Cache-Control: public,max-age:3600
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 165372
X-Server-Mode: direct
Date: Mon, 07 Nov 2022 06:42:17 GMT
Last-Modified: Sun, 29 May 2022 19:19:09 GMT