r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 96defe1601ba891731eee83f0830649d
ba500679fd337488c3f60543561740ff0dfc1898
d2a320a9feb1a874af3da921db2a8619513968724ef8eb0715c010291c4cf8d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D2A320A9FEB1A874AF3DA921DB2A8619513968724EF8EB0715C010291C4CF8D9"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3708
Expires: Mon, 26 Dec 2022 09:39:37 GMT
Date: Mon, 26 Dec 2022 08:37:49 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9cce060ddc316540d079e6816a1e7412
709a74969d1996d2b35ef0f7f34ae18455169f1e
6d58b895476c9ab451d8fc51df98809adca445bc6e9d720430e80a0c85242879
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D58B895476C9AB451D8FC51DF98809ADCA445BC6E9D720430E80A0C85242879"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3814
Expires: Mon, 26 Dec 2022 09:41:23 GMT
Date: Mon, 26 Dec 2022 08:37:49 GMT
Connection: keep-alive
www.liderfinanceira.com/
108.167.168.47200 OK 8.5 kB IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (410)
Hash b795ed1f9ae96b6cde64f4b374443396
4ffa4744d09c26d30c1917bb4aab489253b78bc1
3d60e004c2b6d1c3b9cbec04191969c4243f6e2037d38f2cb071dd90d8ba7654
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET / HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:49 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 11 Oct 2022 15:35:21 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8503
Keep-Alive: timeout=5, max=75
Content-Type: text/html
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 26 Dec 2022 07:46:29 GMT
content-type: application/json
age: 3080
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c298d0b2a05562a7ece94adf3589dacd
266befe104baa47e94fe0b9d00d10f96518b6525
a00a7433c6ee020d40e43fb5c821b8f2b835107852be361317fd2dfdcc4f0a15
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A00A7433C6EE020D40E43FB5C821B8F2B835107852BE361317FD2DFDCC4F0A15"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3455
Expires: Mon, 26 Dec 2022 09:35:24 GMT
Date: Mon, 26 Dec 2022 08:37:49 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: E4TyO2acqtHIHhJ99uPd7v6M2yo3Qc27A2S81syXKME9aJ4S/YRvqioDjA4P2qhpRTdqDt8zN1k=
x-amz-request-id: RRKP0AGS1ZA44TPV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 26 Dec 2022 07:57:21 GMT
age: 2428
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 26 Dec 2022 08:37:49 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cf9b0a4fb7b85787890cff93a4b081ed
a29efcd9805a1ff4fa12bc0459f96c28cd88e9b7
9d5d6e11f6cfcfe234b04f173625dcf13bee2514fcf6e32be6b3c79d1a453aa0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3253
Cache-Control: max-age=170269
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:49 GMT
Etag: "63a946c5-117"
Expires: Wed, 28 Dec 2022 07:55:38 GMT
Last-Modified: Mon, 26 Dec 2022 07:01:25 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 68c4bcc8cffb2724729d50fc0f6e34ad
18c582032191ff03c2c6266341138b84853b3090
895c9bd5cf3d01f6e4870ec4f41b538b3f2568827ad37c626774a0aa8e5b5fd7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5169
Cache-Control: max-age=134003
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:49 GMT
Etag: "63a8b19f-117"
Expires: Tue, 27 Dec 2022 21:51:12 GMT
Last-Modified: Sun, 25 Dec 2022 20:25:03 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 244625692c693282c5ccf7a20e38a8ce
80572a9b2940cca7b170deb1b1512a338a212ca5
ae455f885ab9db294e2b4e7eb8d050f2f1a1ea61d288cce292613360b6ab6a9a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1775
Cache-Control: max-age=100718
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:49 GMT
Etag: "63a83cdc-117"
Expires: Tue, 27 Dec 2022 12:36:27 GMT
Last-Modified: Sun, 25 Dec 2022 12:06:52 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js
104.17.25.14200 OK 6.5 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (20164)
Hash ae393ccddfcfe335c9b29ee90aaf72cb
6a42536ed79b4ea9e3a71c69db3b5f7205dc7e81
75cbee82410be7ca2b5b5406219b0575725c415510df701ddf1e9e7fdec22aa8
GET /ajax/libs/popper.js/1.14.3/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.liderfinanceira.com
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Dec 2022 08:37:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 6451
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4f71"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 6433195
expires: Sat, 16 Dec 2023 08:37:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ChCZDTrDzv9LRjMl%2FQ3PieOWWoU%2FeUp10g6kHOv7lFbsQdy9NgxkEha8vgqQcgv4W0LB%2B0xf%2B2iVebhgvdLORK8R0xy%2FwA6wwr4%2FNPXUBGpjXUOuTTvgPoKrcb2kBKLZor%2BHAlnw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77f87f297b8db4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.3.1.slim.min.js
69.16.175.10200 OK 24 kB URL HTTP/2 code.jquery.com/jquery-3.3.1.slim.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (65247)
Hash 0f2e7d37e730fdbb1d8a1e8638529ecb
c21d16978a858baa75be15cb7e799ff000929429
cc938c08b93e67c94c68995709f52133c62cac78991f42058503b9c3d9e4b0b0
GET /jquery-3.3.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.liderfinanceira.com
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Dec 2022 08:37:49 GMT
content-encoding: gzip
content-length: 24038
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-1111d"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-sp-metadata: HS256.CO3WpZ0GEocBCiQ2N2I1OTQ5ZS00YjZjLTRiOTUtOTM3ZC00ODQ5OGJkNjgwMmYQ+OiCoKvU+wIaBgjduqWdBiIMOTEuOTAuNDIuMTU0KKrYATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkNDkzYTNmNWYtOGJlNS00MzE1LTg4NDktM2Q5NGYzYjFiNzYwGOa7ASIYCAISFGNkczIzMC5zazEuaHdjZG4ubmV0.psk1aTmmX8ecv6be2ySB0L/dlUJb5fCShL9y3AOD0Bs=
x-hw: 1672043869.dop016.sk1.t,1672043869.cds258.sk1.hn,1672043869.cds230.sk1.c
X-Firefox-Spdy: h2
www.liderfinanceira.com/css/style.css
108.167.168.47200 OK 5.9 kB URL HTTP/1.1 www.liderfinanceira.com/css/style.css
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type assembler source, Unicode text, UTF-8 text
Hash cb0be683c280ac4da0b0064d7e1dc1c8
1e3504ab707b732c512db55500130e2bc230fb68
2ccd47f6d306afe481c4c45205bfdd901ca104aaa9c46f34efb40d61e1127169
Analyzer Verdict Alert quad9 Sinkholed
GET /css/style.css HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:49 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 11 Oct 2022 15:07:30 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5897
Keep-Alive: timeout=5, max=75
Content-Type: text/css
www.liderfinanceira.com/css/media.css
108.167.168.47200 OK 1.5 kB URL HTTP/1.1 www.liderfinanceira.com/css/media.css
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 2d22839e6e8505a5df41917cd724a824
3d57ec221512a2ce648fc6e6d0c66b3bbeb0c2f1
a15e2f10fcc5f9a4b3b8278b70d76564759581056a5aff92fdf07bd6de1e3250
Analyzer Verdict Alert quad9 Sinkholed
GET /css/media.css HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:49 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:30 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1461
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 68c4bcc8cffb2724729d50fc0f6e34ad
18c582032191ff03c2c6266341138b84853b3090
895c9bd5cf3d01f6e4870ec4f41b538b3f2568827ad37c626774a0aa8e5b5fd7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5169
Cache-Control: max-age=134003
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:49 GMT
Etag: "63a8b19f-117"
Expires: Tue, 27 Dec 2022 21:51:12 GMT
Last-Modified: Sun, 25 Dec 2022 20:25:03 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
104.18.11.207200 OK 22 kB URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (65324)
Hash ff67f967daf5f3ff062f80fc0316f0ca
32baeb8df28f951bafd3f2e571a8f793e60c1f86
29866d2dfad8c89230796208492c853129366187e5db58726cb73c40188a2152
GET /bootstrap/4.1.3/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.liderfinanceira.com
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Dec 2022 08:37:49 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"04aca1f4cd3ec3c05a75a879f3be75a3"
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/21/2022 20:38:40
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 756
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: d9c1553c34d9428cf806e0b17f403338
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77f87f297ea5b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 508c2c991a10f5f048c213f732698d4c
5a43bb96597ada2c1a16fb35c6cd74529bb306c4
bdf5e18cacb564fe4be4448d268ecee27b7139b91109b6d0727f2b809c6b5f3f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 508c2c991a10f5f048c213f732698d4c
5a43bb96597ada2c1a16fb35c6cd74529bb306c4
bdf5e18cacb564fe4be4448d268ecee27b7139b91109b6d0727f2b809c6b5f3f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 508c2c991a10f5f048c213f732698d4c
5a43bb96597ada2c1a16fb35c6cd74529bb306c4
bdf5e18cacb564fe4be4448d268ecee27b7139b91109b6d0727f2b809c6b5f3f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 508c2c991a10f5f048c213f732698d4c
5a43bb96597ada2c1a16fb35c6cd74529bb306c4
bdf5e18cacb564fe4be4448d268ecee27b7139b91109b6d0727f2b809c6b5f3f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.liderfinanceira.com/js/maskMoney.js
108.167.168.47200 OK 6.4 kB URL HTTP/1.1 www.liderfinanceira.com/js/maskMoney.js
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash bfaf7b74706c0ff928041264dfe0999d
f447a301da4e8b09ee2a1ee78c745203b400e310
af5ec47c52c3e497fbef63784543b6e995e30b07a3677a7a4caeba059f56c7d7
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/maskMoney.js HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:49 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 11 Oct 2022 15:08:28 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6437
Keep-Alive: timeout=5, max=75
Content-Type: application/javascript
www.liderfinanceira.com/js/scroll.js
108.167.168.47200 OK 580 B URL HTTP/1.1 www.liderfinanceira.com/js/scroll.js
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 4f15d3e67478907190dbc1044c316657
f0bdd42a20334ff78d61ceee7ae620df90d28e24
d3660618777e13494b3f5ebe38b3b661a07dfd5b26be5b3ce089daad8d2570fb
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/scroll.js HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:49 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:08:28 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 580
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: application/javascript
fonts.googleapis.com/css2?family=Sen:wght@400;700;800&display=swap
142.250.74.74200 OK 867 B URL HTTP/2 fonts.googleapis.com/css2?family=Sen:wght@400;700;800&display=swap
IP 142.250.74.74:0
Hash 3023651f3ffbbfd41f90c6dbd2e7c25b
bf51dde66748682d986849147aa559ec8494c5d2
07cb76b4f653d02de5c3f4e5002fd7778abf883a2fd7ecaec07222646f6d57b2
GET /css2?family=Sen:wght@400;700;800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 26 Dec 2022 08:37:49 GMT
date: Mon, 26 Dec 2022 08:37:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.liderfinanceira.com/js/bootstrap.min.js
108.167.168.47200 OK 21 kB URL HTTP/1.1 www.liderfinanceira.com/js/bootstrap.min.js
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (50758)
Hash 8eef780162d3744d08f300e970637a44
ba2abbc4b995d1d5c18e9e7d32e87dce31324331
6f33c4c0ce89765d40d5a0d1a447ec9bc08b6710e03b5df7f37c0f2d44cf120d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/bootstrap.min.js HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:49 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 11 Oct 2022 15:08:26 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: application/javascript
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4c64bb12a48ac9002ddf9c49a08c746a
0498da3b2a625a3e9b5b57a51835d44a23cd3d6f
53b22685ebcce85af239c04ef1a4a464c6fd71151b0d5e1ce3a59fe82e8c970a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "53B22685EBCCE85AF239C04EF1A4A464C6FD71151B0D5E1CE3A59FE82E8C970A"
Last-Modified: Sat, 24 Dec 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21545
Expires: Mon, 26 Dec 2022 14:36:54 GMT
Date: Mon, 26 Dec 2022 08:37:49 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Alert, ETag, Content-Type, Last-Modified, Cache-Control, Expires, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 26 Dec 2022 08:33:30 GMT
age: 259
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 244625692c693282c5ccf7a20e38a8ce
80572a9b2940cca7b170deb1b1512a338a212ca5
ae455f885ab9db294e2b4e7eb8d050f2f1a1ea61d288cce292613360b6ab6a9a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1800
Cache-Control: max-age=100742
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:50 GMT
Etag: "63a83cdc-117"
Expires: Tue, 27 Dec 2022 12:36:52 GMT
Last-Modified: Sun, 25 Dec 2022 12:06:52 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bdc6ddd27a64c85bd15f78b39a79874c
965b8f1b763483b4b4dfe35526d27393d1fdf05c
d2f4dee4d920109e0751634731bea278c9ea9e6c0120ac07969eba74ddbfe615
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4474
Cache-Control: max-age=92612
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:50 GMT
Etag: "63a812a8-1d7"
Expires: Tue, 27 Dec 2022 10:21:22 GMT
Last-Modified: Sun, 25 Dec 2022 09:06:48 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9fe005199dbfabe75a3a76101f6350ac
c0f4b84d6a715f64d3d5df00ead1e9e34dfb5ddf
42bfa8181326696656bc80d1ed096eab92cc91ee4ea8ff18bbdf4a09b9180961
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash a4887aa0a07d726c889d8dfbddc359c6
83658ae9db1abb14fb2b869bf451caa97ef58e4d
085603732bde2eb04b81ae99e116350593ad282d21e81bfd624c0f9543247cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.liderfinanceira.com/img/Bancos/banco-ole_7969685a2.webp
108.167.168.47200 OK 6.5 kB URL HTTP/1.1 www.liderfinanceira.com/img/Bancos/banco-ole_7969685a2.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Hash bd7f29e60ccdc03d0b7961915e325317
c17e4aed44f67bbac8415e9bbf7190f0af2a0a81
331472e25362f6c0b3c38158ba6e0572c1bff535581092b00deac04e173d25c3
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/Bancos/banco-ole_7969685a2.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 11 Oct 2022 15:07:51 GMT
Accept-Ranges: bytes
Content-Length: 6512
Keep-Alive: timeout=5, max=75
Content-Type: image/webp
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash a4887aa0a07d726c889d8dfbddc359c6
83658ae9db1abb14fb2b869bf451caa97ef58e4d
085603732bde2eb04b81ae99e116350593ad282d21e81bfd624c0f9543247cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash a4887aa0a07d726c889d8dfbddc359c6
83658ae9db1abb14fb2b869bf451caa97ef58e4d
085603732bde2eb04b81ae99e116350593ad282d21e81bfd624c0f9543247cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
142.250.74.35200 OK 8.0 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Hash 72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.liderfinanceira.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 13:33:11 GMT
expires: Sat, 23 Dec 2023 13:33:11 GMT
cache-control: public, max-age=31536000
age: 241479
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
142.250.74.35200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.liderfinanceira.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 13:33:11 GMT
expires: Sat, 23 Dec 2023 13:33:11 GMT
cache-control: public, max-age=31536000
age: 241479
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.3.1/css/all.css
172.64.132.15200 OK 18 kB URL HTTP/2 use.fontawesome.com/releases/v5.3.1/css/all.css
IP 172.64.132.15:0
File type ASCII text, with very long lines (48464)
Hash bbc57dc81ffdf24e6ec9f20f1f64efef
2286308a6f2747442138192aa11f4315dcd88746
a4b730bff8b32c69aae91c3dda1d8565da24856985961d884a01b6524aefb9cb
GET /releases/v5.3.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.liderfinanceira.com
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 26 Dec 2022 08:37:50 GMT
content-type: text/css
x-amz-id-2: lq9cb9xZRah3BRoem6gsFt+D9G9TBCPV9V6XnG9g/OkqbUxVQJty6gLrvjj+OBaNRYS2NHuG7iA=
x-amz-request-id: SM62P2SCPK6N5DSM
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:42:14 GMT
etag: W/"10519cfd3206802f58315b877a9beab5"
cache-control: max-age=31556926
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ElSU6jbjV9BqB70z4adZ5ZW5zc2p8yNuy3hb4BvqfXpl7SlJmPhcNVOn1pOoJwasYVJ%2BAVDC4Z1FT1IXppX6WDZx89dQ4NyUrxOJwQrPLSVZKpve7gGkiMYil6nbLtikLPvdHDW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77f87f299bdf069a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
142.250.74.35200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7932, version 1.0\012- data
Hash a7f7eebec745ef48ccf7a3d08c66d84a
2c5f99afe358a3e8570818a99646779aaa607587
6f0c572590421075878908e0b380c5a6d404f72aa7d6d125385943be658f8399
GET /s/poppins/v20/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.liderfinanceira.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7932
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 23:44:12 GMT
expires: Thu, 21 Dec 2023 23:44:12 GMT
cache-control: public, max-age=31536000
age: 377618
last-modified: Wed, 27 Apr 2022 16:10:29 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash a4887aa0a07d726c889d8dfbddc359c6
83658ae9db1abb14fb2b869bf451caa97ef58e4d
085603732bde2eb04b81ae99e116350593ad282d21e81bfd624c0f9543247cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
142.250.74.35200 OK 7.7 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Hash a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.liderfinanceira.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 19:28:50 GMT
expires: Thu, 21 Dec 2023 19:28:50 GMT
cache-control: public, max-age=31536000
age: 392940
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash a4887aa0a07d726c889d8dfbddc359c6
83658ae9db1abb14fb2b869bf451caa97ef58e4d
085603732bde2eb04b81ae99e116350593ad282d21e81bfd624c0f9543247cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 26 Dec 2022 08:37:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.liderfinanceira.com/img/Bancos/daycoval-bank.webp
108.167.168.47200 OK 35 kB URL HTTP/1.1 www.liderfinanceira.com/img/Bancos/daycoval-bank.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f26e9c53c08374e68afb14024109d3b
7ab0780d0837095f6502580c529dc01abd639f47
b17d02cb44ad4e60c2921656a581b7d78047610e118ac30d608447d64928c992
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/Bancos/daycoval-bank.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:53 GMT
Accept-Ranges: bytes
Content-Length: 35384
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/webp
push.services.mozilla.com/
52.35.143.109101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.35.143.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1+NCBZftheCAHCPvOo7OMw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2vP0AM/zRCf33xHR6pZXVDy6Z1I=
www.liderfinanceira.com/img/icon.png
108.167.168.47200 OK 47 kB URL HTTP/1.1 www.liderfinanceira.com/img/icon.png
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 777 x 727, 8-bit/color RGBA, non-interlaced\012- data
Hash f42c4fb9d787563e49632ee10c583780
23fb332ca4a59e41412fe154b4fe8eaeea2b3695
285c35b5d28433715dc94e4af84a16d836d021d5835629fdf70627378380783d
Analyzer Verdict Alert quad9 Sinkholed
GET /img/icon.png HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:39 GMT
Accept-Ranges: bytes
Content-Length: 46618
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
www.liderfinanceira.com/img/Bancos/Logo_C6_Bank.webp
108.167.168.47200 OK 28 kB URL HTTP/1.1 www.liderfinanceira.com/img/Bancos/Logo_C6_Bank.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Hash a761483863c2c9cf66701a13700150a6
96066f7389183fcc6d9460ce87d087d20e3b1623
97dd441aab54684799698716f9698249fde0f0e03ad4e3448471fb9e34523479
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/Bancos/Logo_C6_Bank.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 11 Oct 2022 15:07:54 GMT
Accept-Ranges: bytes
Content-Length: 27520
Keep-Alive: timeout=5, max=75
Content-Type: image/webp
use.fontawesome.com/releases/v5.3.1/webfonts/fa-brands-400.woff2
172.64.132.15200 OK 65 kB URL HTTP/2 use.fontawesome.com/releases/v5.3.1/webfonts/fa-brands-400.woff2
IP 172.64.132.15:0
File type Web Open Font Format (Version 2), TrueType, length 65316, version 1.0\012- data
Hash 48461ea4e797c9774dabb4a0440d2f56
024b7f9afa49a3658ebd7eee4e1c536502db51fa
974956f1b7b82cecd8ae88a0b685f0d5dfe5c8534c2784e59abeea719eadbbc4
GET /releases/v5.3.1/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.liderfinanceira.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Dec 2022 08:37:50 GMT
content-type: font/woff2
content-length: 65316
x-amz-id-2: 1GYNlMJBAyuVDt+ewwxyGuY+yl2+0VCp8bYOPbJ1LXaVCTYuWocOKi0r8fU8gxJ8aw/1QdMQCNo=
x-amz-request-id: 6EEY6HSHSZ4Y9HDD
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:42:33 GMT
etag: "48461ea4e797c9774dabb4a0440d2f56"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQZ%2Fw6SLmjjzPaGVOO1nc9yASi0M6evrQxmuBcM0jfZ8Cayth98ninDTxFOroQ2kvKPRdCIBxYg6VkQhH3Dy69S1wK9HGTz%2F6avyvJtWM9PSHe9bK1Jy%2F%2BnG1kLMeqO2Iplq9eDd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77f87f2e2f76069a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3659.8476765240866!2d-46.52754768554572!3d-23.46595836395997!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x94cef5cc1929c9e5%3A0xba7d41b766fe8349!2sL%C3%ADder%20financeira!5e0!3m2!1spt-BR!2sbr!4v1636053655401!5m2!1spt-BR!2sbr
216.58.211.4200 OK 1.8 kB URL HTTP/2 www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3659.8476765240866!2d-46.52754768554572!3d-23.46595836395997!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x94cef5cc1929c9e5%3A0xba7d41b766fe8349!2sL%C3%ADder%20financeira!5e0!3m2!1spt-BR!2sbr!4v1636053655401!5m2!1spt-BR!2sbr
IP 216.58.211.4:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3573)
Hash d943c1e90a9007066a020084f60335d7
fe07299c6a93417a3b3627431bed58f58962acd7
944df06b7c0d7d7e47b5cbb9f3419561e61a6caa455f6e84a47ab5cd3204cb91
GET /maps/embed?pb=!1m18!1m12!1m3!1d3659.8476765240866!2d-46.52754768554572!3d-23.46595836395997!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x94cef5cc1929c9e5%3A0xba7d41b766fe8349!2sL%C3%ADder%20financeira!5e0!3m2!1spt-BR!2sbr!4v1636053655401!5m2!1spt-BR!2sbr HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Mon, 26 Dec 2022 08:37:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
vary: Accept-Language
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-LmPZOkWmncw480IeHO12rQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
content-encoding: gzip
server: mafe
content-length: 1806
x-xss-protection: 0
server-timing: gfet4t7; dur=221
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.liderfinanceira.com/img/icons/lupa.webp
108.167.168.47200 OK 82 kB URL HTTP/1.1 www.liderfinanceira.com/img/icons/lupa.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6ceca3af72c7c943fab26f158e995d3a
f3f8e9ef0829c14661b9ee079e8e49fd43d371e2
62933faa6119a6e1dc6a51f98037e411a51ef35806d3911f4875526c7d0a0b1c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/icons/lupa.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:08:08 GMT
Accept-Ranges: bytes
Content-Length: 82236
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/icons/novo.webp
108.167.168.47200 OK 9.9 kB URL HTTP/1.1 www.liderfinanceira.com/img/icons/novo.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8a944b099bc710277d272e744030f42c
6c2b5a4d0b5d4b9c2400c96b78d9cdcb6b850f97
2bc4f454886463ad3ce5a533b0694bf06bda9f4bd6ade3f60e608a8941390a88
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/icons/novo.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:08:09 GMT
Accept-Ranges: bytes
Content-Length: 9938
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/icons/niver.webp
108.167.168.47200 OK 10 kB URL HTTP/1.1 www.liderfinanceira.com/img/icons/niver.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Hash 3888f71e4ffd3b7103692e3a3f2dfdad
dfd1e620c81b56e671902597be32195e5d19f4e9
c5c5099e9414a51be49aaff07b8e8f19d0c711d6b39c83611009d86bc2a92f93
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/icons/niver.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:08:09 GMT
Accept-Ranges: bytes
Content-Length: 10124
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/icons/card.webp
108.167.168.47200 OK 4.4 kB URL HTTP/1.1 www.liderfinanceira.com/img/icons/card.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Hash e06627521d7fb37f4a0fc08ec2e995f1
e2d72e57d0799e024555177f4a5b30f53b67a558
a0eefe6f75f9aa05cc8ed48e278e1217c3a30c55c06c681d86e6fed76af60d40
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/icons/card.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:08:00 GMT
Accept-Ranges: bytes
Content-Length: 4384
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/webp
fonts.googleapis.com/css2?family=Asap:ital,wght@0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap
142.250.74.74200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css2?family=Asap:ital,wght@0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap
IP 142.250.74.74:0
Hash 0dc15ca506bbda7c26932ff934a8ea45
e0042d571f8ef711b2fdd66503129e5e454f8702
4210572e5d23de16bbc523bbbb74bb6f755b4b8488db0fa9fb2248f60b4c09b5
GET /css2?family=Asap:ital,wght@0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 26 Dec 2022 08:37:49 GMT
date: Mon, 26 Dec 2022 08:37:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.liderfinanceira.com/img/mg2.webp
108.167.168.47200 OK 123 kB URL HTTP/1.1 www.liderfinanceira.com/img/mg2.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Size 123 kB (122564 bytes)
Hash eed2acb1ae88116c5b52a007f2bcaead
fa49178b1f594c1df393012d4e939cce1871685e
3f548613a11f1d6b9602d339c588e4b846645ee919049e684c16a0a1635ecb67
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/mg2.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:44 GMT
Accept-Ranges: bytes
Content-Length: 122564
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/webp
use.fontawesome.com/releases/v5.3.1/webfonts/fa-solid-900.woff2
172.64.132.15200 OK 67 kB URL HTTP/2 use.fontawesome.com/releases/v5.3.1/webfonts/fa-solid-900.woff2
IP 172.64.132.15:0
File type Web Open Font Format (Version 2), TrueType, length 67400, version 1.0\012- data
Hash 14a08198ec7d1eb96d515362293fed36
965d78c34637d1bdab6277805faecb6caa959669
ca3ea16761b7d443c64cfd99dd1cf8aa84790a25bb4709582935956fe71d014d
GET /releases/v5.3.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.liderfinanceira.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 26 Dec 2022 08:37:50 GMT
content-type: font/woff2
content-length: 67400
x-amz-id-2: QrLPIo0OH/ETscrdclGH08mcVG4rWGPOgPe2hjqTUAGMS8YnAf7Om/Ig1dyEN3pJN23HU71mMg0=
x-amz-request-id: 6EEW26C6FD38XVFM
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:42:33 GMT
etag: "14a08198ec7d1eb96d515362293fed36"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wGSeVTJtF8AP%2Fm2ql0zR3HA%2FJyjZgC%2BwguDB3cKMb43%2Fsp9yzJjluhXunmzYuW4TWWxwdHuy%2F0lClENeN7SIUIOe1idbEDbXnaJQATa8Hb8nu4OFE4d7XYj3jzKi7pSu9EhQVAWf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77f87f2e4f90069a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.liderfinanceira.com/img/fundo2.webp
108.167.168.47200 OK 5.4 kB URL HTTP/1.1 www.liderfinanceira.com/img/fundo2.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x1077, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 33780994d86988dfb38f16fa079e7876
8966cb591e7fabb4fd292d70505d13e1ce0ee09e
5d9f98b03af99cc5fba2c963a05c1c772a45600ff67dce2352598241c448912f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/fundo2.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/css/style.css
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:38 GMT
Accept-Ranges: bytes
Content-Length: 5428
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/passo3.webp
108.167.168.47200 OK 67 kB URL HTTP/1.1 www.liderfinanceira.com/img/passo3.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1280, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash de8f1fecff48de34ff179a07b3db1275
765c9449685b45492a83ecc84123faa1df9f32d5
0696624366c49401874edd24137dd7b59e3eecc830eec978253a6f5b2a3f4012
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/passo3.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/css/style.css
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:46 GMT
Accept-Ranges: bytes
Content-Length: 67334
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/webp
maps.gstatic.com/maps-api-v3/embed/js/51/3/intl/pt_br/init_embed.js
142.250.74.3200 OK 70 kB URL HTTP/2 maps.gstatic.com/maps-api-v3/embed/js/51/3/intl/pt_br/init_embed.js
IP 142.250.74.3:0
File type ASCII text, with very long lines (2669)
Hash fef0f74923e5e7b986ea8965c7da54b2
9e7d33601b7f3b830b713cec8e24ee8d5349a2ee
33b37ef81ae900dd32b3c0039bd6a94647578fc5fa74db0770f70acb916ab8d9
GET /maps-api-v3/embed/js/51/3/intl/pt_br/init_embed.js HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-length: 69582
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 13:43:24 GMT
expires: Sat, 23 Dec 2023 13:43:24 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 05 Dec 2022 18:55:12 GMT
content-type: text/javascript
age: 240866
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.liderfinanceira.com/img/logwhiteandyelow.png
108.167.168.47200 OK 59 kB URL HTTP/1.1 www.liderfinanceira.com/img/logwhiteandyelow.png
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 3829 x 1189, 8-bit/color RGBA, non-interlaced\012- data
Hash 885e44b79f839df4955e93cbcd2592ec
8eee77be941e78028bb37d4bb494b3f9707ac863
f2babb728b07546e545ce0c321f29847d60ff4bddb1d9915ac603f3001a865a9
Analyzer Verdict Alert quad9 Sinkholed
GET /img/logwhiteandyelow.png HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:43 GMT
Accept-Ranges: bytes
Content-Length: 58575
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png
www.liderfinanceira.com/img/icons/seta2.webp
108.167.168.47200 OK 7.4 kB URL HTTP/1.1 www.liderfinanceira.com/img/icons/seta2.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Hash 7060922e60675dc27b37dd8a61b37cd2
8ecd2aabe13f9f27c4005837f27392d49f96fe61
2368d69372c9b23e81fb666feea3bb89fc5e72c697125d6f95b2ed3741157df6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/icons/seta2.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:08:13 GMT
Accept-Ranges: bytes
Content-Length: 7432
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/pessoas/image.webp
108.167.168.47200 OK 136 kB URL HTTP/1.1 www.liderfinanceira.com/img/pessoas/image.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Size 136 kB (135988 bytes)
Hash baf5a3dfd683b6147683eca8f44f726d
489835cab62b31eaf2ae26786b9fe3ae543e16b7
ed0ea4137a34a2e34068b8a7b2dc30822d2550bd1d2ddf8efdc9ed65a460d02b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/pessoas/image.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:08:23 GMT
Accept-Ranges: bytes
Content-Length: 135988
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/Bancos/banco-pan-logo-1-1.webp
108.167.168.47200 OK 30 kB URL HTTP/1.1 www.liderfinanceira.com/img/Bancos/banco-pan-logo-1-1.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Hash f9e780847d3d98f83581bde68bca4a12
b3ee4db7bb65cc134847b2cd0c6fdb5c02f02fd7
294341e75e466ac2fc165614540931e61e04f7301ce23541dd275d6261f6b4de
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/Bancos/banco-pan-logo-1-1.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:52 GMT
Accept-Ranges: bytes
Content-Length: 30000
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/Bancos/banco-bmg-logo-4.webp
108.167.168.47200 OK 28 kB URL HTTP/1.1 www.liderfinanceira.com/img/Bancos/banco-bmg-logo-4.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Hash 498fe8a78271f223d9d75ac5137d741b
e8740664986e107062b025f5ac94bcf6e3641ab2
48ecf672a4aca1d4ca948ba7bf12ccfd013b18e44b08d73f010d7ef975f9d704
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/Bancos/banco-bmg-logo-4.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:51 GMT
Accept-Ranges: bytes
Content-Length: 27866
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/Bancos/1011px-Banco_Ita195186_logo.webp
108.167.168.47200 OK 13 kB URL HTTP/1.1 www.liderfinanceira.com/img/Bancos/1011px-Banco_Ita195186_logo.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Hash 3cd05e083ba43890dfdef2bad0cd5421
82915126ca40992fe2933dd04cd1c473760e29b5
34e2a95bb076618424ca5f5f565051ad41d6526373166c010afaf3248fdc3389
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/Bancos/1011px-Banco_Ita195186_logo.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:51 GMT
Accept-Ranges: bytes
Content-Length: 13418
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/icons/pc.webp
108.167.168.47200 OK 171 kB URL HTTP/1.1 www.liderfinanceira.com/img/icons/pc.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Size 171 kB (170902 bytes)
Hash b01656c687ff139e07835fc8de4b1da7
45679ab088f776de28650732dc29bd431076d749
ec533f8e85b27ae61c2ca96b8150835d54479d41b68dcbb8043cc25919092dee
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/icons/pc.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:08:10 GMT
Accept-Ranges: bytes
Content-Length: 170902
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/icons/Whats.webp
108.167.168.47200 OK 119 kB URL HTTP/1.1 www.liderfinanceira.com/img/icons/Whats.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Size 119 kB (118702 bytes)
Hash cb239561560a76d4d29e69473b2c7da8
1f63d02928ea83abb6d20c57cfd7ca46cffe7c94
a82d818c9901917579bc1b5c782a35e08de4367551ca54bf14aaddf765d2989f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/icons/Whats.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:08:16 GMT
Accept-Ranges: bytes
Content-Length: 118702
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/Bancos/banco-safra-logo2.webp
108.167.168.47200 OK 102 kB URL HTTP/1.1 www.liderfinanceira.com/img/Bancos/banco-safra-logo2.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Size 102 kB (102382 bytes)
Hash 73acaefe790fda089911692ccd6785ad
e75c8957bd1a9f16df55ace7d8d7d7c39acf7448
1a66a7f628b87a70b66cc7e4cfcb2cb128c4ba05212142774afdaaee73ed8dfa
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/Bancos/banco-safra-logo2.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:53 GMT
Accept-Ranges: bytes
Content-Length: 102382
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/logblue.png
108.167.168.47200 OK 59 kB URL HTTP/1.1 www.liderfinanceira.com/img/logblue.png
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 3828 x 1191, 8-bit/color RGBA, non-interlaced\012- data
Hash 1752cf152bd0f16c52c5fd09722ad572
f078acca1d223e1d1102e9b81cd01be0dcc87456
ae558f60a86f7e041e1b531c9fdae1be2d81b704b5bb050908d0ae0ab1ece245
Analyzer Verdict Alert quad9 Sinkholed
GET /img/logblue.png HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:51 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:41 GMT
Accept-Ranges: bytes
Content-Length: 59130
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: image/png
www.liderfinanceira.com/img/icons/libe.webp
108.167.168.47200 OK 143 kB URL HTTP/1.1 www.liderfinanceira.com/img/icons/libe.webp
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type RIFF (little-endian) data, Web/P image\012- data
Size 143 kB (142726 bytes)
Hash 8c08010258beb91ada8217ea5ce06049
250a8093744df006aaf4d2b738d0836209bd7aaf
bbc8283200944a37f4f67d01805fef382ca52f2a933cb3ff3ce5fe91ba546e76
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/icons/libe.webp HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:50 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:08:07 GMT
Accept-Ranges: bytes
Content-Length: 142726
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: image/webp
www.liderfinanceira.com/img/alerta.png
108.167.168.47200 OK 245 kB URL HTTP/1.1 www.liderfinanceira.com/img/alerta.png
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1080 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size 245 kB (244586 bytes)
Hash cab64b5133580ed8fcec51abed3c191c
a384e3dd5360653a8285771b596391a77740048c
e13c3895374ec8116468c8d4fc38cf9f49fda4f5279c281e023f65aab5102a0f
Analyzer Verdict Alert quad9 Sinkholed
GET /img/alerta.png HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:51 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:34 GMT
Accept-Ranges: bytes
Content-Length: 244586
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: image/png
www.liderfinanceira.com/img/blue.ico
108.167.168.47200 OK 15 kB URL HTTP/1.1 www.liderfinanceira.com/img/blue.ico
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 01c5dbfea08a8d72246542bdeea4e5ef
3f54e4b86d5c5b40af1d0f0d20dd088b6afdda1b
4bea907a9134bb308abaf85e8c5c079ac1331717cb88c94bae8957adf2569c27
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /img/blue.ico HTTP/1.1
Host: www.liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
HTTP/1.1 200 OK
Date: Mon, 26 Dec 2022 08:37:51 GMT
Server: Apache
Last-Modified: Tue, 11 Oct 2022 15:07:34 GMT
Accept-Ranges: bytes
Content-Length: 15406
Cache-Control: max-age=604800
Expires: Mon, 02 Jan 2023 08:37:51 GMT
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: image/x-icon
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Mon, 26 Dec 2022 10:24:08 GMT
Date: Mon, 26 Dec 2022 08:37:51 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Mon, 26 Dec 2022 10:24:08 GMT
Date: Mon, 26 Dec 2022 08:37:51 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Mon, 26 Dec 2022 10:24:08 GMT
Date: Mon, 26 Dec 2022 08:37:51 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 796e102a616f07b0de39f5476179ccd5
bf1d8b0944ffa91afc7d31d2ffb3291652f903c3
6881d46edd3d3730884da6719176d7d4bc79aa6d05cda0f4ef97ac10c4591279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6881D46EDD3D3730884DA6719176D7D4BC79AA6D05CDA0F4EF97AC10C4591279"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6377
Expires: Mon, 26 Dec 2022 10:24:08 GMT
Date: Mon, 26 Dec 2022 08:37:51 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5272da38-01a8-4043-804a-cb62488152e1.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5272da38-01a8-4043-804a-cb62488152e1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0eedc9584ce3db2443c98e94536e9dbb
779c88e1e3ef3f8ad5fc2b4dc545cda6298eeb74
ca4bde46fc0a3b1e17704ac46c011405e82ceb7a2780886ce70f0a798bc47f6b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5272da38-01a8-4043-804a-cb62488152e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8423
x-amzn-requestid: 29317808-72e9-404e-b4d7-2a2ca85c1ab2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duNZzHywoAMFcKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c2a4-5a2a88970fbc7d1d2f9da797;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:37:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: n2tDc6R0yKValING-YZqmchO90g5ATryaSbcxFMeioWSFEVnGDM0CA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 21:50:07 GMT
age: 38864
etag: "779c88e1e3ef3f8ad5fc2b4dc545cda6298eeb74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff70fb5bc-19d9-433d-adc5-222fa8c0b134.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff70fb5bc-19d9-433d-adc5-222fa8c0b134.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e38d94b0be1b10ecac941b497f57c861
12911cd039f5c7b05013ebbc369aec5613134906
38a41df0d4f4405e8ecf6b379431bdb87eaed40e20481262b43d1fd127c010fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff70fb5bc-19d9-433d-adc5-222fa8c0b134.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9452
x-amzn-requestid: 41b87e86-25f2-4d3b-a4ac-ae9a933a75b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duMupEMdIAMF7Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c190-22b2693c043757fb5d58dda7;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:33:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: StP3cRZB5uQq5vj2oEZZmxAsLlu-nsnDNjQBdeb_o6Rd3YsP7p2Qlg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 22:06:41 GMT
etag: "12911cd039f5c7b05013ebbc369aec5613134906"
content-type: image/jpeg
age: 37870
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ad65fd6-c10d-4340-8a7a-8718c40ff3c0.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ad65fd6-c10d-4340-8a7a-8718c40ff3c0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da166227e68fd9dedd6194cb99d5aebc
edc937adabde929c8152b85df3806decbb286612
d415f381c63d04072ae49fc4aa19e375cc7c1c6d73220d364ea7bccd3f7fa163
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ad65fd6-c10d-4340-8a7a-8718c40ff3c0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7167
x-amzn-requestid: ac5db47f-af55-4679-b8e7-d9ca8667cd43
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: do61aFQ1oAMFT2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a6a4ef-0da25d9723ad2fb8740c54f2;Sampled=0
x-amzn-remapped-date: Sat, 24 Dec 2022 07:06:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9TaazQqSBCiYUqLrHVq7ZIvJ41xIDQDUxUSP0xUxmZkg3dbaMMlOg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 06:17:01 GMT
age: 8450
etag: "edc937adabde929c8152b85df3806decbb286612"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb995026c-9c36-40df-864d-b3c2b7e5482b.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb995026c-9c36-40df-864d-b3c2b7e5482b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e2665a6ae98ace2eab671f9e8a9f0978
d1b0b2b7bf8c8bf2e9765e9103908aba36989727
ae9125caee2dc267c67bf4f31f2669e03f65c47a43f2d0ab83081eb043d23d85
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb995026c-9c36-40df-864d-b3c2b7e5482b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9932
x-amzn-requestid: 280fdeaa-a0e1-4306-9adb-52c0f28b4002
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duNZzGcjoAMF5wg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c2a4-73e3e4b34b67da2d2dbb8020;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:37:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nR7WiQ1kUfI129AOECPfR181bNjexz6B7BEIYxDRiGNqfKCQPiBKOQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 21:57:09 GMT
age: 38442
etag: "d1b0b2b7bf8c8bf2e9765e9103908aba36989727"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15ba8929-c657-48a6-a579-360324426927.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15ba8929-c657-48a6-a579-360324426927.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8403a671b2c4b3b2ce2f8a9eba9de2c0
5437391241a500b6b0d2118120e835d2673e7d39
1e52a144b08ff6efe2da52dfdfeccbc4cea9270536cf5e7a2a769bbff9cd7d2f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15ba8929-c657-48a6-a579-360324426927.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11249
x-amzn-requestid: 6fdd6489-ffea-400f-9199-a20789160ba8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dlFk6FvuoAMFYcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a51c85-6805b25c54c3390e5c39c6e1;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 03:12:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SYzFNQsVsh92WOvx4IDgiKouBzdILGiMV4BRAImE7MEbHnVH6E__eg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 03:18:39 GMT
age: 19152
etag: "5437391241a500b6b0d2118120e835d2673e7d39"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7dbee83-176a-4fa9-a42c-2a2c9db4001b.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7dbee83-176a-4fa9-a42c-2a2c9db4001b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b46e077944b0d53e361327e6d690f2ec
c9f17cad706817aa66832633d1307a91c8c7d61e
b00a16c34c95675a08bafb198f7cc4b374e88a9041a6bb8593a61cb08ef3c306
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb7dbee83-176a-4fa9-a42c-2a2c9db4001b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10961
x-amzn-requestid: 04d69a4a-2357-4651-a490-4a054bd3fd4a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: duMunGOQoAMFbKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a8c190-53efc5ef1d7545a90e940d0d;Sampled=0
x-amzn-remapped-date: Sun, 25 Dec 2022 21:33:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: EOf46ZIBIMKzJvfpWMB7BdYMA6dXxRYhinIN-lD4cOvkiPfsS-e3qA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Dec 2022 22:01:21 GMT
etag: "c9f17cad706817aa66832633d1307a91c8c7d61e"
content-type: image/jpeg
age: 38190
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 19:33:54 GMT
expires: Thu, 21 Dec 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 392638
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 19:33:56 GMT
expires: Thu, 21 Dec 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 392637
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Comfortaa:wght@300;400;500;600;700&display=swap
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Comfortaa:wght@300;400;500;600;700&display=swap
IP 142.250.74.74:0
GET /css2?family=Comfortaa:wght@300;400;500;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 26 Dec 2022 08:37:49 GMT
date: Mon, 26 Dec 2022 08:37:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
IP 142.250.74.74:0
GET /css2?family=Poppins:ital,wght@0,100;0,200;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 26 Dec 2022 08:37:49 GMT
date: Mon, 26 Dec 2022 08:37:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
liderfinanceira.com/js/jquery.js
108.167.168.47200 OK 0 B URL HTTP/2 liderfinanceira.com/js/jquery.js
IP 108.167.168.47:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /js/jquery.js HTTP/1.1
Host: liderfinanceira.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.liderfinanceira.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Tue, 11 Oct 2022 15:32:41 GMT
accept-ranges: none
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Mon, 26 Dec 2022 08:37:50 GMT
server: Apache
X-Firefox-Spdy: h2