Report - www.google.co.ls/amp/asterpetroleo.com/.cgi-bin/mqrp/PIOUJ/Y2hyaXMud2Vsa2VyQDE4ODhpbnZlc3RtZW50cy5jb20=

Report Overview

Visited public
2024-09-19 16:11:50
Tags
URL
www.google.co.ls/amp/asterpetroleo.com/.cgi-bin/mqrp/PIOUJ/Y2hyaXMud2Vsa2VyQDE4ODhpbnZlc3RtZW50cy5jb20=
Finishing URL
exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
IP / ASN
142.250.74.131
#15169 GOOGLE
Title
Automotive Design Enthusiasts - techspectras.cbg.ru

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-18 18:12:18	1.6 kB	4.4 kB	23.36.76.226
www.google.co.ls	33016	unknown	2013-05-26 17:04:06	2024-09-19 09:00:44	626 B	1.5 kB	142.250.74.131
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2024-09-19 07:50:41	847 B	48 kB	104.18.95.41
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2024-09-18 18:16:41	447 B	28 kB	151.101.1.229
th.bing.com	4980	1996-01-29	2019-12-09 13:09:09	2024-09-18 18:13:09	1.8 kB	120 kB	95.101.10.184
techspectras.cbg.ru	unknown	1997-11-19	2024-08-09 01:19:38	2024-09-19 17:59:54	477 B	37 kB	172.67.164.15
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-09-18 18:12:43	650 B	1.4 kB	142.250.74.131
asterpetroleo.com	unknown	2021-03-12	2021-07-29 21:08:13	2024-09-19 17:59:52	452 B	293 B	108.167.188.78
exxe.inf.br	unknown	2010-08-09	2015-08-26 13:20:40	2024-09-19 17:59:53	1.4 kB	12 kB	192.185.214.132
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-09-19 07:30:25	1.4 kB	192 kB	104.17.24.14
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-18 18:12:05	1.6 kB	4.4 kB	23.36.76.249

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-19	medium	exxe.inf.br	Sinkholed
2024-09-19	medium	exxe.inf.br	Sinkholed
2024-09-19	medium	exxe.inf.br	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-05-29
Pretty URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04 Last Seen2025-05-29 04:46 Times Seen55150 Hash cf3402d7483b127ded4069d651ea4a22 bde186152457cacf9c35477b5bdda5bcb56b1f45 eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc Loading...

	challenges.cloudflare.com/turnstile/v0/api.js	ScriptElement	47 kB	2024-09-18	2024-10-11
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js IP 104.18.95.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-18 23:39 Last Seen2024-10-11 09:19 Times Seen4737 Hash e07e7ed6f75a7d48b3df3c153eb687eb 4601d83c67cc128d1e75d3e035fb8a3bdfa1ee34 96bd1c81d59d6ac2ec9f8ebe4937a315e85443667c5728a7cd9053848dd8d3d7 Loading...

	exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com	ScriptElement	0 B	0001-01-01	2025-05-29
Pretty URL exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-29 06:01 Times Seen4783006 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Write - 8fed4384ed0beef60ee70424048e33fa	6.3 kB	2024-09-19 19:33	2024-09-19 19:33
Pretty Observations First Seen2024-09-19 19:33 Last Seen2024-09-19 19:33 Times Seen1 Hash 8fed4384ed0beef60ee70424048e33fa ec89f6b2567a049c8452f00e11168b44e678142d c45d73458745e3febbd1e50414d72467a735422527dea900651e4576a9d6665a Loading...

HTTP Transactions (28)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7f94384c88afd251a59fa1bd27d01a3d
4702ce94766111cd58b4a6e0a642ee2380a51013
48ddf84345fb7c618dd7e3ab12b5f393cc02d5854e392b617ea7d751c8c957b0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "48DDF84345FB7C618DD7E3AB12B5F393CC02D5854E392B617EA7D751C8C957B0"
Last-Modified: Wed, 18 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2840
Expires: Thu, 19 Sep 2024 16:58:43 GMT
Date: Thu, 19 Sep 2024 16:11:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0f9757cb982e022e57ae0b157b0af7b7
90769501ea6239546cff766263e45cf29f25b99f
413adcbc92ad4ada2720b8c7a0385501d48e3eec5cf1c8833792b3e565c0a51b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "413ADCBC92AD4ADA2720B8C7A0385501D48E3EEC5CF1C8833792B3E565C0A51B"
Last-Modified: Thu, 19 Sep 2024 12:52:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19941
Expires: Thu, 19 Sep 2024 21:43:44 GMT
Date: Thu, 19 Sep 2024 16:11:23 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
946bd983da8ed3f6d5c12abcab5273e0
eaf94210f1202240080722b9f0a78aa64b6cc1b3
f772e410f6d95169a72a7473bf8ff96f7c642b0e8cd820c34b9debdfc367c44e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F772E410F6D95169A72A7473BF8FF96F7C642B0E8CD820C34B9DEBDFC367C44E"
Last-Modified: Tue, 17 Sep 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18436
Expires: Thu, 19 Sep 2024 21:18:39 GMT
Date: Thu, 19 Sep 2024 16:11:23 GMT
Connection: keep-alive

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
50be6c04e27cfc45e1deac117fc22523
30b2942c7a07ebcb46350554f62dea29d56945aa
5685bb34d560422ab6838de0ef8d99109c3378c57666e2f57779fc8ee8dbd334

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Sep 2024 16:11:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
87841689006a253afb8d70671c092ab3
562c6dd214b5e8296075ccecba03c40b03d45232
6e1b186ccc62f45220f56e32c367292f9e055c7794b4dfd12f8a861c06f80350

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6E1B186CCC62F45220F56E32C367292F9E055C7794B4DFD12F8A861C06F80350"
Last-Modified: Thu, 19 Sep 2024 02:01:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2865
Expires: Thu, 19 Sep 2024 16:59:09 GMT
Date: Thu, 19 Sep 2024 16:11:24 GMT
Connection: keep-alive

www.google.co.ls/amp/asterpetroleo.com/.cgi-bin/mqrp/PIOUJ/Y2hyaXMud2Vsa2VyQDE4ODhpbnZlc3RtZW50cy5jb20=

142.250.74.131

286 B

URL
www.google.co.ls/amp/asterpetroleo.com/.cgi-bin/mqrp/PIOUJ/Y2hyaXMud2Vsa2VyQDE4ODhpbnZlc3RtZW50cy5jb20=
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
286 B (286 bytes)
Hash
3696a5bc947bbfca825c70ee4d7d6809
537fe8e201bc05137938e22e6dff1fb0f2b415d2
e4fa11b8efb52f3397da2122790ffd96e36e8b798dc96074d8e4563007444f62

HTTP Headers

GET /amp/asterpetroleo.com/.cgi-bin/mqrp/PIOUJ/Y2hyaXMud2Vsa2VyQDE4ODhpbnZlc3RtZW50cy5jb20= HTTP/1.1
Host: www.google.co.ls
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: http://asterpetroleo.com/.cgi-bin/mqrp/PIOUJ/Y2hyaXMud2Vsa2VyQDE4ODhpbnZlc3RtZW50cy5jb20=
cache-control: private
x-robots-tag: noindex
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-qDJ16tEvHFRMJ-8jv9MV5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Thu, 19 Sep 2024 16:11:24 GMT
server: gws
content-length: 286
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: __Secure-ENID=22.SE=fUZOswCqchJ-0roTPkz9vrf_WrxYevdmmQkQ5Ae8q7qT46E2L1YIfWxnJcW_5frWt3W3wctsz6nkGXl-A6hZPW-4FiCuoytKqIyxcm6HCBU68eKaqVak9yqluJt40XdEUlOJhwebG8X9X3xyO4cgoIZZqe-97sydy0a5AdD3uazyPVuSR_vwGBSfPPTdY2QZtGl3llhTC1sFG_HKnPYffviWQiDuEtQaXtpbCE5Q; expires=Mon, 20-Oct-2025 08:29:42 GMT; path=/; domain=.google.co.ls; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
60bc932801fe623f0080653edb9f0e23
07cfdfd9701d2790f3e92f1df540f81f3479a393
ed19e0fb23a29f42682789e7d66fdf0424fde321ef946aadc3e96270ba684689

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Sep 2024 16:11:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

asterpetroleo.com/.cgi-bin/mqrp/PIOUJ/Y2hyaXMud2Vsa2VyQDE4ODhpbnZlc3RtZW50cy5jb20=

108.167.188.78

0 B

URL
asterpetroleo.com/.cgi-bin/mqrp/PIOUJ/Y2hyaXMud2Vsa2VyQDE4ODhpbnZlc3RtZW50cy5jb20=
IP
108.167.188.78:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /.cgi-bin/mqrp/PIOUJ/Y2hyaXMud2Vsa2VyQDE4ODhpbnZlc3RtZW50cy5jb20= HTTP/1.1
Host: asterpetroleo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 19 Sep 2024 16:11:24 GMT
Server: Apache
refresh: 0;url=https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
28884ab90b02b5b624753b2363c16445
df1bba36d958f75cb413d1b38827d3012a1270d4
553205519aef646934aa94acf1ccb28b7caf63d999d13c19e73c876062e310af

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "553205519AEF646934AA94ACF1CCB28B7CAF63D999D13C19E73C876062E310AF"
Last-Modified: Thu, 19 Sep 2024 15:49:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20897
Expires: Thu, 19 Sep 2024 21:59:41 GMT
Date: Thu, 19 Sep 2024 16:11:24 GMT
Connection: keep-alive

exxe.inf.br/vOIPVM2.html

192.185.214.132

3.3 kB

URL
exxe.inf.br/vOIPVM2.html
IP
192.185.214.132:0
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

File type
HTML document, Unicode text, UTF-8 text, with very long lines (3346), with CRLF, LF line terminators
Size
3.3 kB (3338 bytes)
Hash
c76d462c3ef064a6859f326beaba5528
29afc42c962c92e8049312a334f75a2185f58b2f
7468fec23db425211a8fb34af72fa3dce84d3ad2cd344974c5e08a559a421ee0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vOIPVM2.html HTTP/1.1
Host: exxe.inf.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Thu, 19 Sep 2024 15:20:08 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-generated: t=1726762285023912
content-length: 3338
content-type: text/html
date: Thu, 19 Sep 2024 16:11:25 GMT
server: Apache
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js

104.17.24.14

200 OK

14 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:EC:C6:E9:D9:C1:6D:05:88:6E:33:AF:3B:E7:7B:86:81:20:66:CA
ValidityWed, 31 Jul 2024 04:16:10 GMT - Tue, 29 Oct 2024 04:16:09 GMT

File type
JavaScript source, ASCII text, with very long lines (47992), with no line terminators
Size
14 kB (14107 bytes)
Hash
cf3402d7483b127ded4069d651ea4a22
bde186152457cacf9c35477b5bdda5bcb56b1f45
eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc

HTTP Headers

GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exxe.inf.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 19 Sep 2024 16:11:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 14107
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e2d-bb78"
last-modified: Mon, 04 May 2020 16:09:17 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 78794
expires: Tue, 09 Sep 2025 16:11:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K6ZKSRyulpmYa4FrSE0N0XehJerOuFbD7Oh%2FJl8Y6g5qxiob3zQrSkT1pjCM5CZYFjaVLwd3J8SRa7iRGdCuAMbw2ddGG469i5qi6CEEo7r2AHEyMZJDa5YXUNXgTSkI%2BxWuBR4I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8c5ad9fa8827b4f4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/turnstile/v0/api.js

104.18.95.41

302 Found

0 B

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4
ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exxe.inf.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 19 Sep 2024 16:11:25 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/ec4b873d446c/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c5ad9fa8b4d568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

exxe.inf.br/favicon.ico

192.185.214.132

404 Not Found

836 B

URL GET HTTP/2
exxe.inf.br/favicon.ico
IP
192.185.214.132:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Certificate
IssuerLet's Encrypt
Subject*.exxe.inf.br
FingerprintC0:47:0B:AA:60:20:7B:C9:2C:4E:D4:A8:67:77:9E:2D:68:01:A3:DA
ValidityTue, 03 Sep 2024 20:38:08 GMT - Mon, 02 Dec 2024 20:38:07 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
836 B (836 bytes)
Hash
11a0bbc52834cf74da795d5815b7dc63
5d401cf953df570210427a92d27e00ddf403f4b7
c989a169a129121f006c8fcbf90ab305d9005d516ce72cc44b4949167eed39d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: exxe.inf.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exxe.inf.br/vOIPVM2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
last-modified: Thu, 29 Sep 2022 21:51:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 836
content-type: text/html
date: Thu, 19 Sep 2024 16:11:25 GMT
server: Apache
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css

104.17.24.14

200 OK

19 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:EC:C6:E9:D9:C1:6D:05:88:6E:33:AF:3B:E7:7B:86:81:20:66:CA
ValidityWed, 31 Jul 2024 04:16:10 GMT - Tue, 29 Oct 2024 04:16:09 GMT

File type
ASCII text, with very long lines (52276)
Size
19 kB (18859 bytes)
Hash
c43cd173eeeba2f72aa6b431d06b8c07
427a692f7f39eabb3d5b8510aee2743025daf813
c880eb3d25c765d399840aa204fec22b3230310991089f14781f09a35ed80b8a

HTTP Headers

GET /ajax/libs/font-awesome/6.5.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exxe.inf.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 19 Sep 2024 16:11:25 GMT
content-type: text/css; charset=utf-8
content-length: 18859
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "656632a7-49ab"
last-modified: Tue, 28 Nov 2023 18:34:15 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1194731
expires: Tue, 09 Sep 2025 16:11:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Tm8KD%2BgOHS5VHnHs0TwqwqUVZz1dIfULTBeyUiVbtTX6qCnjJ1F%2BShJcwP6AqgXfoE4WgpoHaxR5Zg3ik4AtpLSk7JHp5w4PsQ%2FPAj0QvHT1VvoH5ODRlnLL9hFkGuF3cEXy5BH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8c5ad9ff2dc956c7-OSL

cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css

151.101.1.229

200 OK

27 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
Unicode text, UTF-8 text, with very long lines (65342)
Size
27 kB (27432 bytes)
Hash
a549af2a81cd9900ee897d8bc9c4b5e9
c5ac1dee961cb59a045256ec203f69e317872f7c
3c8f27e6009ccfd710a905e6dcf12d0ee3c6f2ac7da05b0572d3e0d12e736fc8

HTTP Headers

GET /npm/bootstrap@5.3.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exxe.inf.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.3.3
x-jsd-version-type: version
etag: W/"38d63-xawd7pYctZoEUlbsID9p4xeHL3w"
content-encoding: br
accept-ranges: bytes
date: Thu, 19 Sep 2024 16:11:25 GMT
age: 4170213
x-served-by: cache-fra-eddf8230118-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 27432
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/webfonts/fa-solid-900.woff2

104.17.24.14

200 OK

156 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/webfonts/fa-solid-900.woff2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:EC:C6:E9:D9:C1:6D:05:88:6E:33:AF:3B:E7:7B:86:81:20:66:CA
ValidityWed, 31 Jul 2024 04:16:10 GMT - Tue, 29 Oct 2024 04:16:09 GMT

File type
Web Open Font Format (Version 2), TrueType, length 156532, version 773.256
Size
156 kB (156532 bytes)
Hash
d465bccb9edf0873f021f66d4b09d89c
214f3c71de28c682602aecd39e9ad2bba15f1b0c
f4c5a5b297e623bc159679563a4d1eb16e409ca3b57698fbc00fd2c907dadae0

HTTP Headers

GET /ajax/libs/font-awesome/6.5.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exxe.inf.br
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 19 Sep 2024 16:11:26 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 156532
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "656632a7-26374"
last-modified: Tue, 28 Nov 2023 18:34:15 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1003
expires: Tue, 09 Sep 2025 16:11:26 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nOkGeTRD6oU652SsTNet7FbyAN7gZaMzhGGkN9tbB%2B8xSDKtdZNCwxIFdqucXkGhgMqiScgweDNtTB8Iq7c2IBfg202oAEK%2B7kBs%2BbCIAepVl71OkCQ0f9D64naSj41epa%2ByAkCl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8c5ad9ff7e5456c7-OSL

th.bing.com/th/id/OIP.s3xQXYuu6dbBib0QJEzlhAHaE7

95.101.10.184

200 OK

29 kB

URL GET HTTP/2
th.bing.com/th/id/OIP.s3xQXYuu6dbBib0QJEzlhAHaE7
IP
95.101.10.184:443
ASN
#20940 Akamai International B.V.

Requested by
https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Certificate
IssuerMicrosoft Corporation
Subjectr.bing.com
FingerprintFB:05:1F:68:82:20:FD:40:5D:5A:4B:E1:F8:90:1F:0C:FA:C6:EC:20
ValidityMon, 24 Jun 2024 16:16:15 GMT - Thu, 19 Jun 2025 16:16:15 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x315, components 3
Size
29 kB (28608 bytes)
Hash
bd023693dbfd3839499294c6f1ab4741
e6d4d72e66d65e0adc81411ce62d5e2fe32b8beb
69c4346612553d05cac817334e6b4bc2fae4361674db6e46baf83a1ecba03f58

HTTP Headers

GET /th/id/OIP.s3xQXYuu6dbBib0QJEzlhAHaE7 HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exxe.inf.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 28608
x-check-cacheable: YES
cache-control: public, max-age=1208987
date: Thu, 19 Sep 2024 16:11:26 GMT
x-cache: TCP_MISS from a95-101-10-180.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.b40a655f.1726762286.29cf1ffc
X-Firefox-Spdy: h2

th.bing.com/th/id/OIP.yzDdCniiyWOK4hUnmCtUNAHaEK

95.101.10.184

200 OK

30 kB

URL GET HTTP/2
th.bing.com/th/id/OIP.yzDdCniiyWOK4hUnmCtUNAHaEK
IP
95.101.10.184:443
ASN
#20940 Akamai International B.V.

Requested by
https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Certificate
IssuerMicrosoft Corporation
Subjectr.bing.com
FingerprintFB:05:1F:68:82:20:FD:40:5D:5A:4B:E1:F8:90:1F:0C:FA:C6:EC:20
ValidityMon, 24 Jun 2024 16:16:15 GMT - Thu, 19 Jun 2025 16:16:15 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
Size
30 kB (29788 bytes)
Hash
ff377ec3f73267b129b7295d2c6cd5ac
46d21b451df9ed78cdb917abba9931fdbf80428f
8184b1e93692bac69766b9626399f0b183fb93480d31156839e64a16ca34814b

HTTP Headers

GET /th/id/OIP.yzDdCniiyWOK4hUnmCtUNAHaEK HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exxe.inf.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 29788
cache-control: public, max-age=1208907
date: Thu, 19 Sep 2024 16:11:26 GMT
x-cache: TCP_MISS from a95-101-10-180.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.b40a655f.1726762286.29cf2013
x-check-cacheable: YES
X-Firefox-Spdy: h2

th.bing.com/th/id/OIP.MDk6Nd0YqWf0CTIK6nkwrAHaEK

95.101.10.184

200 OK

29 kB

URL GET HTTP/2
th.bing.com/th/id/OIP.MDk6Nd0YqWf0CTIK6nkwrAHaEK
IP
95.101.10.184:443
ASN
#20940 Akamai International B.V.

Requested by
https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Certificate
IssuerMicrosoft Corporation
Subjectr.bing.com
FingerprintFB:05:1F:68:82:20:FD:40:5D:5A:4B:E1:F8:90:1F:0C:FA:C6:EC:20
ValidityMon, 24 Jun 2024 16:16:15 GMT - Thu, 19 Jun 2025 16:16:15 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
Size
29 kB (29039 bytes)
Hash
c8cad6fcc8b1e285bd4bfc1acc44c06e
7c790f91a4ca37122fa92fde8f0491bd258d7dff
f8f96a67edb06b0cd0b5d0f37f8e55bb58dde38b58fcab377372254b097ae9b4

HTTP Headers

GET /th/id/OIP.MDk6Nd0YqWf0CTIK6nkwrAHaEK HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exxe.inf.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 29039
x-check-cacheable: YES
cache-control: public, max-age=1208918
date: Thu, 19 Sep 2024 16:11:26 GMT
x-cache: TCP_MISS from a95-101-10-180.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.b40a655f.1726762286.29cf2017
X-Firefox-Spdy: h2

techspectras.cbg.ru//

172.67.164.15

200 OK

36 kB

URL POST HTTP/2
techspectras.cbg.ru//
IP
172.67.164.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Certificate
IssuerGoogle Trust Services
Subjecttechspectras.cbg.ru
Fingerprint38:87:FB:7E:9A:F8:B2:73:54:76:86:91:5B:78:77:B1:82:F7:AB:34
ValidityTue, 23 Jul 2024 16:01:06 GMT - Mon, 21 Oct 2024 16:01:05 GMT

File type
JSON text data
Size
36 kB (36287 bytes)
Hash
5fc95cba7753f3553461b4b77374b587
fb2d84211e705a9f42147fc081617205e94ab46f
261ddeeb400441e85647f59b02b683999188c3a26542aa7dc3a970f6277a056e

HTTP Headers

POST // HTTP/1.1
Host: techspectras.cbg.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exxe.inf.br/
Content-Type: text/plain;charset=UTF-8
Content-Length: 18
Origin: https://exxe.inf.br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 19 Sep 2024 16:11:25 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SHbbuuqnyKSP2RFJVMZPXFvXxbqbdL4DPLKAHVvoo3sh6dSERvDAVL2LPf0YQF8svxXdfj0Hfw5%2BdlhhAtzveQ8G6cm9Sn7b5mAF24JXe%2Fj2IB3RnLD6xpWq2Q%2F%2BUl8qnPZZZq7D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c5ad9fc5e408ec7-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.76.249

504 B

URL
r11.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
45c440d4cead985bd4f1f69f84162f7b
1251ec50f9cfdb548fe2e0fef4cbb146fd92a56b
91127a16631d0d606cac9cac289cf04f0ccb542d3f8954ef4bc5caaef374c238

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "91127A16631D0D606CAC9CAC289CF04F0CCB542D3F8954EF4BC5CAAEF374C238"
Last-Modified: Tue, 17 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14615
Expires: Thu, 19 Sep 2024 20:15:01 GMT
Date: Thu, 19 Sep 2024 16:11:26 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.249

504 B

URL
r11.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
45c440d4cead985bd4f1f69f84162f7b
1251ec50f9cfdb548fe2e0fef4cbb146fd92a56b
91127a16631d0d606cac9cac289cf04f0ccb542d3f8954ef4bc5caaef374c238

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "91127A16631D0D606CAC9CAC289CF04F0CCB542D3F8954EF4BC5CAAEF374C238"
Last-Modified: Tue, 17 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14615
Expires: Thu, 19 Sep 2024 20:15:01 GMT
Date: Thu, 19 Sep 2024 16:11:26 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.249

504 B

URL
r11.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
45c440d4cead985bd4f1f69f84162f7b
1251ec50f9cfdb548fe2e0fef4cbb146fd92a56b
91127a16631d0d606cac9cac289cf04f0ccb542d3f8954ef4bc5caaef374c238

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "91127A16631D0D606CAC9CAC289CF04F0CCB542D3F8954EF4BC5CAAEF374C238"
Last-Modified: Tue, 17 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14615
Expires: Thu, 19 Sep 2024 20:15:01 GMT
Date: Thu, 19 Sep 2024 16:11:26 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.249

504 B

URL
r11.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
45c440d4cead985bd4f1f69f84162f7b
1251ec50f9cfdb548fe2e0fef4cbb146fd92a56b
91127a16631d0d606cac9cac289cf04f0ccb542d3f8954ef4bc5caaef374c238

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "91127A16631D0D606CAC9CAC289CF04F0CCB542D3F8954EF4BC5CAAEF374C238"
Last-Modified: Tue, 17 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14615
Expires: Thu, 19 Sep 2024 20:15:01 GMT
Date: Thu, 19 Sep 2024 16:11:26 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.249

504 B

URL
r11.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
45c440d4cead985bd4f1f69f84162f7b
1251ec50f9cfdb548fe2e0fef4cbb146fd92a56b
91127a16631d0d606cac9cac289cf04f0ccb542d3f8954ef4bc5caaef374c238

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "91127A16631D0D606CAC9CAC289CF04F0CCB542D3F8954EF4BC5CAAEF374C238"
Last-Modified: Tue, 17 Sep 2024 14:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14615
Expires: Thu, 19 Sep 2024 20:15:01 GMT
Date: Thu, 19 Sep 2024 16:11:26 GMT
Connection: keep-alive

challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js

104.18.95.41

200 OK

47 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4
ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

File type
JavaScript source, ASCII text, with very long lines (47261)
Size
47 kB (47262 bytes)
Hash
e07e7ed6f75a7d48b3df3c153eb687eb
4601d83c67cc128d1e75d3e035fb8a3bdfa1ee34
96bd1c81d59d6ac2ec9f8ebe4937a315e85443667c5728a7cd9053848dd8d3d7

HTTP Headers

GET /turnstile/v0/g/ec4b873d446c/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://exxe.inf.br/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 19 Sep 2024 16:11:25 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 17 Sep 2024 16:06:37 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c5ad9facbcc568a-OSL
content-encoding: br
X-Firefox-Spdy: h2

th.bing.com/th/id/OIP.wstSVB8hN5BRDCLdBj3nSAHaEK

95.101.10.184

200 OK

30 kB

URL GET HTTP/2
th.bing.com/th/id/OIP.wstSVB8hN5BRDCLdBj3nSAHaEK
IP
95.101.10.184:443
ASN
#20940 Akamai International B.V.

Requested by
https://exxe.inf.br/vOIPVM2.html#Achris.welker@1888investments.com
Certificate
IssuerMicrosoft Corporation
Subjectr.bing.com
FingerprintFB:05:1F:68:82:20:FD:40:5D:5A:4B:E1:F8:90:1F:0C:FA:C6:EC:20
ValidityMon, 24 Jun 2024 16:16:15 GMT - Thu, 19 Jun 2025 16:16:15 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 474x266, components 3
Size
30 kB (29772 bytes)
Hash
dbbbc0c9ba256994cd4c5870d60e3e30
286b3922cfb8d17205f256743d9dd84a2496553d
3c51cf82d1e35de07e5222eb98890352555930ea3c6bcee854f66cde66665021

HTTP Headers

GET /th/id/OIP.wstSVB8hN5BRDCLdBj3nSAHaEK HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exxe.inf.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 29772
x-check-cacheable: YES
cache-control: public, max-age=1208959
date: Thu, 19 Sep 2024 16:11:26 GMT
x-cache: TCP_MISS from a95-101-10-180.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.b40a655f.1726762286.29cf2014
X-Firefox-Spdy: h2

exxe.inf.br/vOIPVM2.html

192.185.214.132

200 OK

6.6 kB

URL User Request GET HTTP/2
exxe.inf.br/vOIPVM2.html
IP
192.185.214.132:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Certificate
IssuerLet's Encrypt
Subject*.exxe.inf.br
FingerprintC0:47:0B:AA:60:20:7B:C9:2C:4E:D4:A8:67:77:9E:2D:68:01:A3:DA
ValidityTue, 03 Sep 2024 20:38:08 GMT - Mon, 02 Dec 2024 20:38:07 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (7420), with no line terminators
Size
6.6 kB (6630 bytes)
Hash
50f22f8c24119f11e0d683d0be8d9a69
9b201618db87caa8f75ac8c2fd9c6ae2ac9257f8
fb8b4139d10d9b778f18aa6e597f5e3c05f5c1370fdde82ebdee90bc5a8014ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /vOIPVM2.html HTTP/1.1
Host: exxe.inf.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Thu, 19 Sep 2024 15:20:08 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-generated: t=1726762285023912
content-length: 3338
content-type: text/html
date: Thu, 19 Sep 2024 16:11:25 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (28)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL