r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a39c6b0123e56e5b89743a8ad25c746e
feb61559594a73b319532dec130f10068fdf1242
d1adf9c8c7e63c33674a6af4b4111fe0ce1092d362ca4bf7c7dd00e6b6034f09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1ADF9C8C7E63C33674A6AF4B4111FE0CE1092D362CA4BF7C7DD00E6B6034F09"
Last-Modified: Thu, 02 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11072
Expires: Fri, 03 Mar 2023 17:17:04 GMT
Date: Fri, 03 Mar 2023 14:12:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 96abc4d0be3e74da1484937a66c5ff39
357520bead07e25b52d4ca0c0c69db60cfaa0d7c
32c544ef8b8a3faaf08bdb76f8a387510037dfc15a022fd59457cf45215a6ba8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "32C544EF8B8A3FAAF08BDB76F8A387510037DFC15A022FD59457CF45215A6BA8"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3479
Expires: Fri, 03 Mar 2023 15:10:31 GMT
Date: Fri, 03 Mar 2023 14:12:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Retry-After, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Mar 2023 14:08:19 GMT
content-type: application/json
age: 253
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2383d0b67af7368d8e13a3013f4065a
cdf951e84f87d010cf40b76f7b91e82ad17f374f
5463c186f7f30f83be61e91a980c749b70089e48b234d73a6e7eeb179cfd7ee9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5463C186F7F30F83BE61E91A980C749B70089E48B234D73A6E7EEB179CFD7EE9"
Last-Modified: Thu, 02 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10944
Expires: Fri, 03 Mar 2023 17:14:56 GMT
Date: Fri, 03 Mar 2023 14:12:32 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: /Wjr9TF5VCZf3SejnQHIY05qzpcHwBsnkgVSxYbOPkjkNc4qnUr8RLOoMVt1+ggDXhXkdFM8xbT23zfKrTQa9g==
x-amz-request-id: F8MSW9DBMB4PSKRT
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Mar 2023 13:15:50 GMT
age: 3402
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Mar 2023 14:12:32 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Cache-Control, Expires, Alert, Content-Type, Pragma, Retry-After, Last-Modified, Backoff, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Mar 2023 14:03:38 GMT
age: 535
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 51e95d61b93964116033d39ca29d8e87
f4b94d787ce49da21c28fe7853b1a85d2b9494dc
083c886afce548aad4f54caa7f7766e38d9376d55077d4072dbddbdafa086f85
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "083C886AFCE548AAD4F54CAA7F7766E38D9376D55077D4072DBDDBDAFA086F85"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10803
Expires: Fri, 03 Mar 2023 17:12:36 GMT
Date: Fri, 03 Mar 2023 14:12:33 GMT
Connection: keep-alive
edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
209.126.103.109301 Moved Permanently 20 B URL HTTP/1.1 edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cgi-bin/jQNq9wlH1GXU/ HTTP/1.1
Host: edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Date: Fri, 03 Mar 2023 14:12:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Encoding: gzip
Vary: Accept-Encoding
Location: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
35.155.206.154101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.155.206.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rbtaZy12ToMwjoHXN7s2sQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wQP2tOdNkMw7GnG57hkU/xGyWNE=
www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
209.126.103.109404 Not Found 13 kB URL HTTP/1.1 www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (20225), with CRLF, LF line terminators
Hash 1b1d1c936e15e3f2b471e5697a269e4d
8bdf6b8531207426ddc7cfa1c89ec0d79d6d9e80
5eec37408cbd6ae524815802c4402df9b888c77437453ae3d1cf00d405b792f4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cgi-bin/jQNq9wlH1GXU/ HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Date: Fri, 03 Mar 2023 14:12:33 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.edoraseguros.com.br/wp-json/>; rel="https://api.w.org/"
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.edoraseguros.com.br/wp-content/plugins/simple-google-recaptcha/sgr.css?ver=1677849892
209.126.103.109200 OK 228 B URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/simple-google-recaptcha/sgr.css?ver=1677849892
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
Hash 87919152e480d34bc2ab66090bb82746
13fa0e22062206ec9e2b02397f13462335eaed63
39a95abda660ba5b3d0465459168d211ca3fc375430d0ae0b1440b27625a37f8
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/simple-google-recaptcha/sgr.css?ver=1677849892 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:34 GMT
Server: Apache
Last-Modified: Fri, 03 Mar 2023 13:24:52 GMT
Accept-Ranges: bytes
Content-Length: 228
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/plugins/wpt-whatsapp/assets/css/public.css?ver=2.1.5
209.126.103.109200 OK 9.2 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/wpt-whatsapp/assets/css/public.css?ver=2.1.5
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 094ef15586877a4cc8388cea1da8890b
0f74a3340a5263a80dbf4a960beef92616716543
a59c956aaaa564c4b77519ec006e334360f1969799b87156b3aaf7730371f14c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpt-whatsapp/assets/css/public.css?ver=2.1.5 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:34 GMT
Server: Apache
Last-Modified: Mon, 17 Sep 2018 17:30:26 GMT
Accept-Ranges: bytes
Content-Length: 9160
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/plugins/wpt-whatsapp/assets/css/auto-generated-wptwa.css?ver=1626280608
209.126.103.109200 OK 1.4 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/wpt-whatsapp/assets/css/auto-generated-wptwa.css?ver=1626280608
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash bc12ca7523f30ef493f42953cb669b84
8ab48aa092e0bf7a34de6afb74f78aa2b1d0d5b9
85644d88cf765ac7e76b23ba4cd0df13d11bc1acf677b30fb75fd43e4d4aba99
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpt-whatsapp/assets/css/auto-generated-wptwa.css?ver=1626280608 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:34 GMT
Server: Apache
Last-Modified: Wed, 14 Jul 2021 16:36:48 GMT
Accept-Ranges: bytes
Content-Length: 1395
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=3.8.0
209.126.103.109200 OK 11 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=3.8.0
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (10857)
Hash f80af3c1a10b228f7ba5d4d8a85fdd83
c2c9ae2f21c280f4d2d631b61d4a1fdabe76778c
30c7e0d3db9a898c6b503e91eb1dbd2608074bff0e56babe504173eb9573ec59
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=3.8.0 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:34 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:15:48 GMT
Accept-Ranges: bytes
Content-Length: 10902
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash 62f2bbc0f28540433c2835a9148fc521
c945a7081083793d44479f23586ae7ffc13eec61
345e98941235327764cc8ef002ac88f40e819aafcb6c9ba9ecf07ccdb3cbf935
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 29970
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 14:12:34 GMT
Last-Modified: Fri, 03 Mar 2023 05:53:04 GMT
Server: ECAcc (ska/F7A3)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash 62f2bbc0f28540433c2835a9148fc521
c945a7081083793d44479f23586ae7ffc13eec61
345e98941235327764cc8ef002ac88f40e819aafcb6c9ba9ecf07ccdb3cbf935
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 29975
Cache-Control: max-age=108833
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 14:12:34 GMT
Etag: "6400915c-118"
Expires: Sat, 04 Mar 2023 20:26:27 GMT
Last-Modified: Thu, 02 Mar 2023 12:06:52 GMT
Server: ECAcc (ska/F757)
X-Cache: HIT
Content-Length: 280
www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
209.126.103.109200 OK 31 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (30837)
Hash 269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:34 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:15:48 GMT
Accept-Ranges: bytes
Content-Length: 31000
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/plugins/jet-elements/assets/css/jet-elements-skin.css?ver=2.2.17
209.126.103.109200 OK 18 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/jet-elements/assets/css/jet-elements-skin.css?ver=2.2.17
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (17644)
Hash bb82cc8a0c1a1941b1ff7cb1ca0596a5
6819b2fcf37dd371ec5806b2da32ffb6aa301435
fcb1fd934d770a9e70d42b91330ceee723d49d8a067e9e8f7e0739a7931b967a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/jet-elements/assets/css/jet-elements-skin.css?ver=2.2.17 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:34 GMT
Server: Apache
Last-Modified: Sat, 03 Oct 2020 13:18:59 GMT
Accept-Ranges: bytes
Content-Length: 17645
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0880782ffbede81650c9d4a97c298bdf
0e35c0d6cba0bef0b9eeb039ebc9104b39b24e2e
77e1a8623eeadfa78646a661f4541b47b8f0a4ac6ad73825ce3a43fc57c21cd1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "77E1A8623EEADFA78646A661F4541B47B8F0A4AC6AD73825CE3A43FC57C21CD1"
Last-Modified: Thu, 02 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8612
Expires: Fri, 03 Mar 2023 16:36:06 GMT
Date: Fri, 03 Mar 2023 14:12:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0880782ffbede81650c9d4a97c298bdf
0e35c0d6cba0bef0b9eeb039ebc9104b39b24e2e
77e1a8623eeadfa78646a661f4541b47b8f0a4ac6ad73825ce3a43fc57c21cd1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "77E1A8623EEADFA78646A661F4541B47B8F0A4AC6AD73825CE3A43FC57C21CD1"
Last-Modified: Thu, 02 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8612
Expires: Fri, 03 Mar 2023 16:36:06 GMT
Date: Fri, 03 Mar 2023 14:12:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F080edfd7-ca45-4d02-a82e-695dc100f1bc.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F080edfd7-ca45-4d02-a82e-695dc100f1bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9562ddfb26d6176ec12e8e71cc55895c
86bd68def54b0b50e6f728690b2ddf08f858bc33
b51ad98c7c8cb4b2be7af430f4a5963457661d4f13e8029a4bb2cd2ebeb00498
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F080edfd7-ca45-4d02-a82e-695dc100f1bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7507
x-amzn-requestid: d9b61fbe-db88-4902-92d2-b3d97bd7be88
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLCh4FTuoAMFeIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640117a5-4ced7773195e43cd4c4f8e25;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:39:49 GMT
x-amz-cf-pop: HIO50-C1, YVR50-C1
x-cache: Hit from cloudfront
x-amz-cf-id: MU2eMq-Brvy0sLy-WZoszctLcITqVnwsftxXaFujYHgmKqM6PZMQTA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 3dcf7c8001b07734617b28e9bacc90ac.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 22:15:47 GMT
age: 57407
etag: "86bd68def54b0b50e6f728690b2ddf08f858bc33"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecd5f51d-c165-4228-b31e-35e9516c7ad5.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecd5f51d-c165-4228-b31e-35e9516c7ad5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7b980c564a4ca7c7b68c4716e2398db
e2b327c261d113b17053f475f2d4ef06fe5fb770
478886f4d7ac80275da33753926320384665b246f85ede4c2547aba2f724e97e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecd5f51d-c165-4228-b31e-35e9516c7ad5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10504
x-amzn-requestid: ee0a1e46-71ea-4647-ba9b-b350c7ca2ad0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLCyvEy5oAMF8NQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64011811-7f3cecd06abd02671a7af460;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:41:37 GMT
x-amz-cf-pop: HIO50-C1, YVR50-C1
x-cache: Hit from cloudfront
x-amz-cf-id: crclJpITavT8kxEfiamR2T29A8XLbGSRSebzv4BV5cPhZWQ-9_UusQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 a02a98c09aaf2561c8ca019e473cf172.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 22:14:39 GMT
age: 57475
etag: "e2b327c261d113b17053f475f2d4ef06fe5fb770"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0c3b178-ee57-465b-aa8c-fb6f93e35cab.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0c3b178-ee57-465b-aa8c-fb6f93e35cab.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4726917eabc29a977873ad26e264e70d
4619a0418ee08d6618ead537f31823c98f355b5a
d3c6b43d46ccff30f0003a063b6c4c78d4a782262bfdeb138e6c015555ce2dcb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0c3b178-ee57-465b-aa8c-fb6f93e35cab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 3381
x-amzn-requestid: 8b89e7ab-b8b3-45cd-af3a-cc419e61f1fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A-PNPFynoAMFn8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fbf8ba-616bedc230d1c2b13a09beae;Sampled=0
x-amzn-remapped-date: Mon, 27 Feb 2023 00:26:34 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 20gfRWuEZKeWijeUdUr10sCx8uqri-zpK-KTXBJrZaQOm3V1Gk8KQw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 0ec9ddba08fcd99386924593dbdbd44a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Mar 2023 11:26:52 GMT
age: 9942
etag: "4619a0418ee08d6618ead537f31823c98f355b5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81172d5-849a-4947-895d-7b645a656f98.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81172d5-849a-4947-895d-7b645a656f98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c627140fb587a52035e07a0e4849aa4
0fda39fd9db63f210a73fe14d6cb445d877303f1
ef144a10c04afa87fe3ae0c30906495f42b87678d6a5bab9ac934e8425d8ced3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc81172d5-849a-4947-895d-7b645a656f98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9043
x-amzn-requestid: b198e6ac-b731-4300-ba73-0dae7c426334
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLC6CHbBIAMF59w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6401183f-4e716af671ac66683937eaca;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:42:23 GMT
x-amz-cf-pop: HIO50-C1, YVR50-C1
x-cache: Hit from cloudfront
x-amz-cf-id: knLOY1TnJUV4G5JGbFN96KbF_HOGaLh_HbnHdh3FbIlZI-KUBitLZQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 7f5c6f79ed16052a7a2f78b6025bcf5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 22:15:58 GMT
age: 57396
etag: "0fda39fd9db63f210a73fe14d6cb445d877303f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdba647c7-b8d3-4043-b8c8-caba179b5589.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdba647c7-b8d3-4043-b8c8-caba179b5589.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6c6971746047136e4cbf0dd381a2bf1
07cb3900b31e286c0ee6ef4e6344969a5ad893b4
4f35efad14bd441063c58fff5a44e05a9497c91266ff5b4c48a9386288bbc886
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdba647c7-b8d3-4043-b8c8-caba179b5589.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4371
x-amzn-requestid: 4996a003-e275-4edb-a0a3-f5d7e72cd1ce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLChFE_NoAMFYPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640117a0-31d3ea3b1e196aaa372dd016;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:39:44 GMT
x-amz-cf-pop: HIO50-C1, YVR50-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 6TMBH_aSock0V22r3Xt99HQs1N7qY65SsSyiYPrtXYAPW-l3d3lC7g==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 3aed32068dbe2f7fb3a27284c9c26498.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 22:14:32 GMT
age: 57482
etag: "07cb3900b31e286c0ee6ef4e6344969a5ad893b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cb94071-e9a3-41a5-a749-2673fe94c69d.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cb94071-e9a3-41a5-a749-2673fe94c69d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0434a796c70c1df5c82845eb5b19b8cb
0c84cf11487867cc6b9f955b12de4d6199804e4d
c43e2da686b91d44e8a619413c5439973246ce31722745d96c0a6a6286dad155
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cb94071-e9a3-41a5-a749-2673fe94c69d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9807
x-amzn-requestid: f855150d-9f03-40a3-a425-0704a4334db1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BLC6uFzSoAMFzWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64011844-3db631d0459704b904a0701a;Sampled=0
x-amzn-remapped-date: Thu, 02 Mar 2023 21:42:28 GMT
x-amz-cf-pop: HIO50-C1, YVR50-C1
x-cache: Hit from cloudfront
x-amz-cf-id: dx5LohAarY33i0QOrqHSuzTOGoN5if6-pqPMn_8_FO3bMK-eCjJpDg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 9c335c5f85533b11cbfd38dc7cc60c16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 22:14:40 GMT
age: 57474
etag: "0c84cf11487867cc6b9f955b12de4d6199804e4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0880782ffbede81650c9d4a97c298bdf
0e35c0d6cba0bef0b9eeb039ebc9104b39b24e2e
77e1a8623eeadfa78646a661f4541b47b8f0a4ac6ad73825ce3a43fc57c21cd1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "77E1A8623EEADFA78646A661F4541B47B8F0A4AC6AD73825CE3A43FC57C21CD1"
Last-Modified: Thu, 02 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8612
Expires: Fri, 03 Mar 2023 16:36:06 GMT
Date: Fri, 03 Mar 2023 14:12:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0880782ffbede81650c9d4a97c298bdf
0e35c0d6cba0bef0b9eeb039ebc9104b39b24e2e
77e1a8623eeadfa78646a661f4541b47b8f0a4ac6ad73825ce3a43fc57c21cd1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "77E1A8623EEADFA78646A661F4541B47B8F0A4AC6AD73825CE3A43FC57C21CD1"
Last-Modified: Thu, 02 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8612
Expires: Fri, 03 Mar 2023 16:36:06 GMT
Date: Fri, 03 Mar 2023 14:12:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0880782ffbede81650c9d4a97c298bdf
0e35c0d6cba0bef0b9eeb039ebc9104b39b24e2e
77e1a8623eeadfa78646a661f4541b47b8f0a4ac6ad73825ce3a43fc57c21cd1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "77E1A8623EEADFA78646A661F4541B47B8F0A4AC6AD73825CE3A43FC57C21CD1"
Last-Modified: Thu, 02 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8612
Expires: Fri, 03 Mar 2023 16:36:06 GMT
Date: Fri, 03 Mar 2023 14:12:34 GMT
Connection: keep-alive
www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=2.2.3
209.126.103.109200 OK 18 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=2.2.3
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (10019)
Hash 4601ba55044413706c2022cb6c1c3d05
5103ec2fbb389568ebf5cfe4fd721f3df2ff7aec
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=2.2.3 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:34 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:15:48 GMT
Accept-Ranges: bytes
Content-Length: 18468
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash 62f2bbc0f28540433c2835a9148fc521
c945a7081083793d44479f23586ae7ffc13eec61
345e98941235327764cc8ef002ac88f40e819aafcb6c9ba9ecf07ccdb3cbf935
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 29986
Cache-Control: max-age=108843
Content-Type: application/ocsp-response
Date: Fri, 03 Mar 2023 14:12:34 GMT
Etag: "6400915c-118"
Expires: Sat, 04 Mar 2023 20:26:37 GMT
Last-Modified: Thu, 02 Mar 2023 12:06:52 GMT
Server: ECAcc (ska/F73A)
X-Cache: HIT
Content-Length: 280
www.edoraseguros.com.br/wp-content/uploads/elementor/css/global.css?ver=1606159021
209.126.103.109200 OK 19 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/elementor/css/global.css?ver=1606159021
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (14981)
Hash e6b2808c8562a456ac6899270cb92bb0
3c7d79363f22330b905384bc46878b13e8c814bc
5715589d9f03a6843ddc031bce8bada77ef38fb07690aaf727478f1f23845eb2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/global.css?ver=1606159021 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:34 GMT
Server: Apache
Last-Modified: Mon, 23 Nov 2020 19:17:01 GMT
Accept-Ranges: bytes
Content-Length: 19169
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/themes/astra/assets/css/minified/style.min.css?ver=1.4.10
209.126.103.109200 OK 92 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/themes/astra/assets/css/minified/style.min.css?ver=1.4.10
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (62977)
Hash 1d88d5884f2554c42fe4ba4c1ac267e4
082535fbe8555a9a661c5c5adef331b7de89eec7
c0187da6018204064ed124eedbe0727659142efcb2233e5fcf278f86ff5b3c63
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/css/minified/style.min.css?ver=1.4.10 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:34 GMT
Server: Apache
Last-Modified: Thu, 30 Aug 2018 20:37:40 GMT
Accept-Ranges: bytes
Content-Length: 91499
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/uploads/elementor/css/post-426.css?ver=1601736553
209.126.103.109200 OK 3.4 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/elementor/css/post-426.css?ver=1601736553
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (3395), with no line terminators
Hash 48135550067e1211c28736f6b272f546
1e6f615a5430d9d2d8e3a819033c1f5bcbe342d1
e3d5046b14a6f2f36fbef755a82607a3cb5f1715938b5b15401f08d909112f23
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-426.css?ver=1601736553 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Sat, 03 Oct 2020 14:49:13 GMT
Accept-Ranges: bytes
Content-Length: 3395
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.4
209.126.103.109200 OK 1.7 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.4
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
Hash ec96e53e57b5d34f762d567cdb29a312
33d59800f24b9967590354a7b47b37000dc5a5cc
a559ba07f12aeda335ca811bb96b6f57b555815a835fe5f86ad6e7f166190e6d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.4 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Mon, 17 Sep 2018 16:14:02 GMT
Accept-Ranges: bytes
Content-Length: 1743
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=2.2.3
209.126.103.109200 OK 86 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=2.2.3
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65497)
Hash aaaeef18294371617d605fc53dd0a87f
246264902f7693978adb62b34a9d3fc42bf485ca
d48f82fcad553ed485276360afc623c99e918d2096835e98497889e1f097dbf0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=2.2.3 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:34 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:15:48 GMT
Accept-Ranges: bytes
Content-Length: 86104
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7.min.css?ver=1.4.10
209.126.103.109200 OK 1.2 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7.min.css?ver=1.4.10
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1157), with no line terminators
Hash 12b106223a6e39aa680d2203fa45b4bd
277dd650f83aa0049cac928925f48e29f3354399
147eaa5bb4f677798026dcc639ac875b0135edd33be0cf8b91d9648162093d86
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7.min.css?ver=1.4.10 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 30 Aug 2018 20:37:40 GMT
Accept-Ranges: bytes
Content-Length: 1157
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/plugins/formcraft3/dist/formcraft-common.css?ver=3.7.2
209.126.103.109200 OK 28 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/formcraft3/dist/formcraft-common.css?ver=3.7.2
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (28170), with no line terminators
Hash a0e500d8f5d5f8b028bfbaa7c797234c
d8fd83ca943afbe669d588f08f60770295526614
841d5aa9fb627b9d4da90602fbcf04efee058d95485a3a4b288466f97ecd793a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/formcraft3/dist/formcraft-common.css?ver=3.7.2 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Fri, 12 Oct 2018 19:01:28 GMT
Accept-Ranges: bytes
Content-Length: 28170
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=2.1.7
209.126.103.109200 OK 172 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=2.1.7
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65493)
Size 172 kB (172032 bytes)
Hash d77f3a77511e080ff31296093f1ebdfc
b6984d59e12dff0ff17d53d3a3a31d0e8e41325a
eaf775924ed29a796069502de0461ed470600d632185d8ed4134f78ea4f1dac8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=2.1.7 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:34 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:11:40 GMT
Accept-Ranges: bytes
Content-Length: 172032
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/plugins/modal-for-elementor/css/bootstrap.css?ver=4.9.22
209.126.103.109200 OK 4.0 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/modal-for-elementor/css/bootstrap.css?ver=4.9.22
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 69f8c4a5c968e5c63443ac939f75ef97
8b26b4fe6114f2029ed04d71efdac6104805da67
0ca7de348cba17f8c0e05e9b5beb4aac48bb85be60bc53695954bf4401ebafbc
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/modal-for-elementor/css/bootstrap.css?ver=4.9.22 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Fri, 11 May 2018 00:10:52 GMT
Accept-Ranges: bytes
Content-Length: 4009
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/plugins/jet-elements/assets/css/jet-elements.css?ver=2.2.17
209.126.103.109200 OK 243 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/jet-elements/assets/css/jet-elements.css?ver=2.2.17
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65536), with no line terminators
Size 243 kB (242706 bytes)
Hash d8e6ec59ff9c7494a2a843cb3ce77814
e2708333fab610dd215516645f7b6ba0edb4c63e
b58b70ad9782c90bba89108be0ff99b00c66c56ae0dc78f94f332de8acd81843
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/jet-elements/assets/css/jet-elements.css?ver=2.2.17 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:34 GMT
Server: Apache
Last-Modified: Sat, 03 Oct 2020 13:18:59 GMT
Accept-Ranges: bytes
Content-Length: 242706
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/plugins/modal-for-elementor/css/popup.css?ver=4.9.22
209.126.103.109200 OK 1.0 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/modal-for-elementor/css/popup.css?ver=4.9.22
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 24368f1c1487c66ffc47b7ac1ba9e1e3
53410400e05c9c6407f28cbbc538728fe18e1d91
a69ee0d8c053943ff875fb34700d9fa2974793fd0e1d1883411a3cea721fa6e6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/modal-for-elementor/css/popup.css?ver=4.9.22 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Fri, 11 May 2018 00:10:52 GMT
Accept-Ranges: bytes
Content-Length: 1043
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/uploads/astra-addon/astra-addon-5fbc091be6edd2-63409265.css?ver=1.3.1
209.126.103.109200 OK 38 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/astra-addon/astra-addon-5fbc091be6edd2-63409265.css?ver=1.3.1
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (38371), with no line terminators
Hash 5c5bd1c8a901c7f6a77da461a068d34b
2ca3bfa75ddf4739921103c26ee4f707bfa2cd5f
dc107cd689822082302417fd75c3c4de645158d60c70b67f6d4e8cd97b3951f3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/astra-addon/astra-addon-5fbc091be6edd2-63409265.css?ver=1.3.1 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Mon, 23 Nov 2020 19:10:19 GMT
Accept-Ranges: bytes
Content-Length: 38371
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/themes/bwebhosting/style.css?ver=1.0.0
209.126.103.109200 OK 468 B URL HTTP/1.1 www.edoraseguros.com.br/wp-content/themes/bwebhosting/style.css?ver=1.0.0
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
Hash 4b534127beea30a3b6c2b925dda229ac
1517af401958c49682e621a1543f40f1c84cee0d
54291a19fa2cb5d0d7bfde1f0bed32296f01be13024008c19d776dd2acf15c17
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/bwebhosting/style.css?ver=1.0.0 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Mon, 23 Nov 2020 19:15:26 GMT
Accept-Ranges: bytes
Content-Length: 468
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-content/plugins/simple-google-recaptcha/sgr.js?ver=1677849892
209.126.103.109200 OK 1.3 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/simple-google-recaptcha/sgr.js?ver=1677849892
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
Hash f2838b1ff6c3653d68b8e3dc78562a01
b983230ad7d50641e2be084e277cc4da201279bd
234443c5e8844e0a1ff549111e5e0313346b828aa05f6432af1ca750d971a1bb
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/simple-google-recaptcha/sgr.js?ver=1677849892 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Fri, 03 Mar 2023 13:24:52 GMT
Accept-Ranges: bytes
Content-Length: 1340
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/formcraft3/dist/form.css?ver=3.7.2
209.126.103.109200 OK 64 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/formcraft3/dist/form.css?ver=3.7.2
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (63913), with no line terminators
Hash e68cda1ddafeaafd003d213cc53309c6
41d9f0543cd7f069868942e175f06d797250e52f
b727ebcea31d2f596e341fdd56040917330e2c80e7f48bf84273249370fd6180
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/formcraft3/dist/form.css?ver=3.7.2 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Mon, 23 Nov 2020 18:44:14 GMT
Accept-Ranges: bytes
Content-Length: 63913
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.edoraseguros.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
209.126.103.109200 OK 10 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (9959)
Hash 7121994eec5320fbe6586463bf9651c2
90532aff6d4121954254cdf04994d834f7ec169b
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Fri, 20 May 2016 09:11:28 GMT
Accept-Ranges: bytes
Content-Length: 10056
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-includes/js/jquery/jquery.js?ver=1.12.4
209.126.103.109200 OK 97 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-includes/js/jquery/jquery.js?ver=1.12.4
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (31997)
Hash dc5ba5044fccc0297be7b262ce669a7c
f137ff98ae379e35b0702967d3b6866a0a40e3be
cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 05 Sep 2019 08:20:14 GMT
Accept-Ranges: bytes
Content-Length: 96874
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/modal-for-elementor/js/jquery.cookie.js
209.126.103.109200 OK 3.1 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/modal-for-elementor/js/jquery.cookie.js
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
Hash 1e3faa7fc49484964ecae46ca9494f35
bfe7d4d0c3bfb70871cab51bd8f462ca78a38ad3
13161f845883ddc67c4adec84919b2350c3ab125c5c4263dbb736594c54ccd71
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/modal-for-elementor/js/jquery.cookie.js HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Fri, 11 May 2018 00:10:52 GMT
Accept-Ranges: bytes
Content-Length: 3095
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/wpt-whatsapp/assets/js/public.js?ver=2.1.5
209.126.103.109200 OK 12 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/wpt-whatsapp/assets/js/public.js?ver=2.1.5
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash cbbb070dc95a8cbeb67f7eb5ac548eda
72ab13432ebeaa16f71012a329261432e25d03b4
0816011ecaaafa7f51b5472cccd4dbabf591c735215c17874fd9fc5733f7fc43
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpt-whatsapp/assets/js/public.js?ver=2.1.5 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Mon, 17 Sep 2018 17:30:26 GMT
Accept-Ranges: bytes
Content-Length: 11778
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.22
209.126.103.109200 OK 12 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.22
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (9063)
Hash fe0575b66568074463f12485d90f6d4c
aeedd9ab3b7874e63f647042963cb1301a38b391
647a6b36f3fd1f21bae171270111096b4613c23a47e6621628a51bae9c82b0b7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.22 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 05:09:21 GMT
Accept-Ranges: bytes
Content-Length: 11943
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/themes/astra/assets/js/minified/style.min.js?ver=1.4.10
209.126.103.109200 OK 9.2 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/themes/astra/assets/js/minified/style.min.js?ver=1.4.10
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (9179), with no line terminators
Hash 8851a35109094348e6e41c535e94fc07
a183517d182cb986f4c8e616d61b6e9db3c738c3
95da09c594a6b758d7ec0867a7db317cbf3507d3b705051c10d88b531f145bc8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/js/minified/style.min.js?ver=1.4.10 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 30 Aug 2018 20:37:40 GMT
Accept-Ranges: bytes
Content-Length: 9179
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.4
209.126.103.109200 OK 15 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.4
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
Hash 4fd769dd0d168d4af82c7db048af866b
d82c97e09e8d4ca64160aff9345e0a448c8c7759
2abe34835f5555333edccab5786c3fb72eb1755110f38d2fdb2c0ae7ed4db6ed
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.4 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Mon, 17 Sep 2018 16:14:02 GMT
Accept-Ranges: bytes
Content-Length: 14710
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/modal-for-elementor/js/bootstrap.js
209.126.103.109200 OK 12 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/modal-for-elementor/js/bootstrap.js
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 4abd6da8236bb919cae76a66948062fc
f8fb78f2a3f44953f3ebbf689f33fb8c40ffb207
b22fa005ca36d0af3f97bc74d18887ae59ab43d01d99d4ac2cd8de4e19503b09
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/modal-for-elementor/js/bootstrap.js HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Fri, 11 May 2018 00:10:52 GMT
Accept-Ranges: bytes
Content-Length: 11494
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/modal-for-elementor/js/popup.js
209.126.103.109200 OK 759 B URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/modal-for-elementor/js/popup.js
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash b8fe43aceb1f8be26dcd2511295ed0d4
ad91ca3fb337a9588152d954ea63e3bea0e2e257
b17f25545b48d3697001c1bac9496df71aacf26f443f00221044e582e6259796
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/modal-for-elementor/js/popup.js HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Fri, 11 May 2018 00:10:52 GMT
Accept-Ranges: bytes
Content-Length: 759
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/uploads/astra-addon/astra-addon-5fbc091be719d2-48259273.js?ver=1.3.1
209.126.103.109200 OK 17 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/astra-addon/astra-addon-5fbc091be719d2-48259273.js?ver=1.3.1
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (16801), with no line terminators
Hash a00b62652bb6d5d7ca0b119778c6ccc0
d247726b39a7ecb7387955e47854d47ea78354e3
b1e2a8ab144d238a014228cfe26d7c27724ec648ad6db12b335090b2ed2f3451
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/astra-addon/astra-addon-5fbc091be719d2-48259273.js?ver=1.3.1 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Mon, 23 Nov 2020 19:10:19 GMT
Accept-Ranges: bytes
Content-Length: 16801
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.22
209.126.103.109200 OK 1.4 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.22
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1391), with no line terminators
Hash 570ae0f3c201604926ea599d3d1f6c04
2c29243a73660964d4712b969d2a15e27777bc14
5138d39633dc69fcd0ed7f33a5e38dc339123f682fa7f5242066879c2bbc8c9b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-embed.min.js?ver=4.9.22 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 05:09:21 GMT
Accept-Ranges: bytes
Content-Length: 1391
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/slick/slick.min.js?ver=1.8.1
209.126.103.109200 OK 43 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/slick/slick.min.js?ver=1.8.1
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (42862)
Hash d5a61c749e44e47159af8a6579dda121
3b41b3bc956685015a347a2238e71db29dfa0dbb
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/slick/slick.min.js?ver=1.8.1 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:15:48 GMT
Accept-Ranges: bytes
Content-Length: 42863
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=2.1.7
209.126.103.109200 OK 6.4 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=2.1.7
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (6431), with no line terminators
Hash 8b47296db08ac20dfb83be099d46b62a
3636d72d208dad253acd63df8411f9accce94585
eab347af732bc8b6dff914e54ff3e5dec6a84e8aa8315c2f9b64c17978f80fae
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=2.1.7 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:11:34 GMT
Accept-Ranges: bytes
Content-Length: 6431
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=2.1.7
209.126.103.109200 OK 42 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=2.1.7
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (42121)
Hash 32dc6e6f9b135bf0d862bea888b7ed3e
f38c5b70f4e01902f7d6b93c81d22c7276e0676b
9bc1462f66e10c5a27f3bc382bc54ab6fa2f2579974beab9d6d34e3647170d59
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=2.1.7 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:11:40 GMT
Accept-Ranges: bytes
Content-Length: 42164
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-includes/js/jquery/ui/position.min.js?ver=1.11.4
209.126.103.109200 OK 6.4 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-includes/js/jquery/ui/position.min.js?ver=1.11.4
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (6219)
Hash 69fcee92fd1ccaa65d2e0610862fbeaf
fb756249e3a56d678c35d2848959133b727e92b7
dd5bb66bac9f2d27689f537a7beaf5630134204e7327c42c066f0b64717fb3d3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/ui/position.min.js?ver=1.11.4 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 05:09:21 GMT
Accept-Ranges: bytes
Content-Length: 6440
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.5.0
209.126.103.109200 OK 10 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.5.0
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (10036)
Hash d19e74e9036ed25483f4f8711d3365b4
f82b09dc73ff9b74c8f92937f9b964d162462ac7
bb92671e222be4c74260c32dae506732545aa1ccd87ed9b7eb6ff42d915a741e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.5.0 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:15:48 GMT
Accept-Ranges: bytes
Content-Length: 10173
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
209.126.103.109200 OK 12 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (12198), with no line terminators
Hash 3819c3569da71daec283a75483735f7e
ecd40a5cc6f0b76200c454ca880210dc301cfab8
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:15:48 GMT
Accept-Ranges: bytes
Content-Length: 12198
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=2.2.3
209.126.103.109200 OK 36 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=2.2.3
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (36128)
Hash 1ecf58f9cfa2c0bb2647709717fe06f8
5d2712417e3e0546bb836b84290c3840bc0cad1b
e3ea2203d54a93fbf171653586bc85cd2eab3da54c824043f157f1d4ef72abb9
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=2.2.3 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:15:56 GMT
Accept-Ranges: bytes
Content-Length: 36167
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/jet-elements/assets/js/jet-elements.min.js?ver=2.2.17
209.126.103.109200 OK 53 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/jet-elements/assets/js/jet-elements.min.js?ver=2.2.17
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (52795), with no line terminators
Hash 4e59061d7ad08f426b0eea2054e83ff2
d5c4b6933833e3d951c7ae685579f320d2756d36
38a930f5f7db4bf0145cfaf542bca5354b9df90a65a7f699ff324b081b14d9fc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/jet-elements/assets/js/jet-elements.min.js?ver=2.2.17 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Sat, 03 Oct 2020 13:18:59 GMT
Accept-Ranges: bytes
Content-Length: 52795
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/uploads/2020/11/MuseoSans.otf
209.126.103.109200 OK 62 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/2020/11/MuseoSans.otf
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type OpenType font data\012- data
Hash 62c0135163427c652ae397f327f85010
bd0ccc06565f4cc438421bd6f101456815925034
46428f2c539eecc8b06fecb7ea74dc8f945fd9ab25b8b4cabba1aa55f6d91239
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2020/11/MuseoSans.otf HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Fri, 13 Nov 2020 19:23:13 GMT
Accept-Ranges: bytes
Content-Length: 62504
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: font/otf
www.edoraseguros.com.br/wp-content/themes/astra/assets/fonts/astra.woff
209.126.103.109200 OK 3.3 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/themes/astra/assets/fonts/astra.woff
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type Web Open Font Format, TrueType, length 3304, version 1.0\012- data
Hash bfe0ed8503c926d68f58ed0408dfe0d0
0346d02d96ff7d2a0278bc10f4dfdf365c80eac3
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/fonts/astra.woff HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 30 Aug 2018 20:37:40 GMT
Accept-Ranges: bytes
Content-Length: 3304
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: font/woff
www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/swiper/swiper.jquery.min.js?ver=4.4.3
209.126.103.109200 OK 123 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/swiper/swiper.jquery.min.js?ver=4.4.3
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65275)
Size 123 kB (122695 bytes)
Hash 00e93736ce410d9a36fb7d376a6524c4
476c60b640e5a4cdc8aa04eda4750d914419d068
4715ff946aa9fdcf7e3385799a479fc6c5d88e6d070f0c62aaf473e5f791fa41
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.jquery.min.js?ver=4.4.3 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:15:48 GMT
Accept-Ranges: bytes
Content-Length: 122695
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
209.126.103.109200 OK 77 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Thu, 20 Sep 2018 17:15:48 GMT
Accept-Ranges: bytes
Content-Length: 77160
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: font/woff2
www.edoraseguros.com.br/wp-content/uploads/2020/11/Edora_Seguros-160x74.png
209.126.103.109200 OK 3.8 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/2020/11/Edora_Seguros-160x74.png
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type PNG image data, 160 x 74, 8-bit/color RGBA, non-interlaced\012- data
Hash 6a4145d8f3b2f8daf778b18cd3a341e4
ce1cf27e9f09c89e8ca2bdddb1bd8ce4e01ff5ed
b793fc22959ae378d0f6b7afc16f1597d0912627d63e1ed2b438419985561052
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2020/11/Edora_Seguros-160x74.png HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Fri, 13 Nov 2020 20:11:37 GMT
Accept-Ranges: bytes
Content-Length: 3828
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
www.edoraseguros.com.br/wp-content/uploads/2018/09/01.jpg
209.126.103.109200 OK 72 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/2018/09/01.jpg
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type JPEG image data, progressive, precision 8, 959x959, components 3\012- data
Hash 0930718a4be6b5094da683073f821300
a1af689dcfd3b0d004fe9714b30d92c07a8b8bab
9eff65c27b206c05fbf959a962dc842d6a8967671e098b24e20545a3441d5924
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/09/01.jpg HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Wed, 19 Sep 2018 17:01:20 GMT
Accept-Ranges: bytes
Content-Length: 72189
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
www.edoraseguros.com.br/wp-content/uploads/2018/09/02.jpg
209.126.103.109200 OK 117 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/2018/09/02.jpg
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type JPEG image data, progressive, precision 8, 720x720, components 3\012- data
Size 117 kB (116697 bytes)
Hash d222b1676348241b2057f10bf2b1963e
7b5ff43f972e34c308ba5c2b7cecfa6b6d297371
87423b44213862bd94d8feccb1e97f51e1811c92ebff02bb4ae81afd151a3f71
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/09/02.jpg HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Wed, 19 Sep 2018 17:18:10 GMT
Accept-Ranges: bytes
Content-Length: 116697
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/jpeg
www.edoraseguros.com.br/wp-content/uploads/2018/09/03.jpg
209.126.103.109200 OK 61 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/2018/09/03.jpg
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x960, components 3\012- data
Hash cc2657a775c2bdb5776d120a0d8c9eec
589589bea454af66642e8e4c211bc6bafe2936fe
d3fd9ddbb8ea8bbfa2c2e98583b88ce0d11441343b89e9bd9f76a720b6c14cd9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/09/03.jpg HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Wed, 19 Sep 2018 17:33:04 GMT
Accept-Ranges: bytes
Content-Length: 60562
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg
www.edoraseguros.com.br/wp-content/uploads/2018/09/04.jpg
209.126.103.109200 OK 119 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/2018/09/04.jpg
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 960x949, components 3\012- data
Size 119 kB (119006 bytes)
Hash 78e38ef12e1cf61b55f887aec7686b45
65539c6a9ddcab91e789c50eb4e73d9f26e3606b
f9a3d66cc029ce4d89f08939c9b152313b3d63ac4f842b5fb594b689698895a1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/09/04.jpg HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Wed, 19 Sep 2018 22:00:54 GMT
Accept-Ranges: bytes
Content-Length: 119006
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/jpeg
www.edoraseguros.com.br/wp-content/uploads/2018/09/05.jpg
209.126.103.109200 OK 95 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/2018/09/05.jpg
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type JPEG image data, progressive, precision 8, 960x958, components 3\012- data
Hash cf0dbedd18ad38b5b8ef5af13b36f2e3
8f2727cfa469cd1d0a28e3fe2005b3f6ec0d99fc
4840b7680296b79faabce7eae885759d349639bf26e8c3cebfe31ab5f03d7862
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/09/05.jpg HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Wed, 19 Sep 2018 22:02:46 GMT
Accept-Ranges: bytes
Content-Length: 94786
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/jpeg
www.edoraseguros.com.br/wp-content/uploads/2018/09/07.jpg
209.126.103.109200 OK 33 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/2018/09/07.jpg
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 564x619, components 3\012- data
Hash ff149430d1d1e985e938d11fc5054396
8224a830413fc64b46c4077490ac3945f8b18272
a25e303d31c45ab65fa27893f8dd7b4f24bb9a33c60b65fe3015d160c6222dd4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/09/07.jpg HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Wed, 19 Sep 2018 22:06:16 GMT
Accept-Ranges: bytes
Content-Length: 33217
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
www.edoraseguros.com.br/wp-content/uploads/2018/09/06.jpeg
209.126.103.109200 OK 366 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/2018/09/06.jpeg
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 713x1213, components 3\012- data
Size 366 kB (366057 bytes)
Hash 0ee741aca80e3086af63f4a32d982e41
d080ff468528142d0865c4cd5b15caf360fd0e2f
a7cd3a167b97a682073b5fa875dcabe27a09645f099c630c94180d74e5e3d708
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2018/09/06.jpeg HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Last-Modified: Wed, 19 Sep 2018 22:04:12 GMT
Accept-Ranges: bytes
Content-Length: 366057
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg
www.edoraseguros.com.br/wp-admin/admin-ajax.php
209.126.103.109200 OK 502 B URL HTTP/1.1 www.edoraseguros.com.br/wp-admin/admin-ajax.php
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 7f357e8b02714dfb935748c4e75d77a2
13cc8247d4fa48b21db55a41e848febb013fe44a
1b77b279321b5980d39404f883c4ece8ffba541f542aae81c25fe81053838a0f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 184
Origin: https://www.edoraseguros.com.br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:35 GMT
Server: Apache
Access-Control-Allow-Origin: https://www.edoraseguros.com.br
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex
X-Content-Type-Options: nosniff
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.edoraseguros.com.br/wp-content/uploads/2020/11/cropped-edora_icon-32x32.png
209.126.103.109200 OK 829 B URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/2020/11/cropped-edora_icon-32x32.png
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash b0495dbcc7b79d8f692517f6f788892b
98b78b851123b11aee9293a74029d7574efb334a
3aae33559f4b4f4c5a8f516a2880801388f6bdf70765904a13ad36e2a4f75bb7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2020/11/cropped-edora_icon-32x32.png HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:36 GMT
Server: Apache
Last-Modified: Fri, 13 Nov 2020 19:19:44 GMT
Accept-Ranges: bytes
Content-Length: 829
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: image/png
www.edoraseguros.com.br/wp-content/uploads/2020/11/cropped-edora_icon-192x192.png
209.126.103.109200 OK 7.6 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/uploads/2020/11/cropped-edora_icon-192x192.png
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash dcb88bedd42e4eafc7c0f4136d90b576
ba2dcf442970c4d076a78b045d5a0453964ba99c
4d1335992db0fabd8c989adf26f127aebe03676a9229cc08bba17d3728c145b4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2020/11/cropped-edora_icon-192x192.png HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:36 GMT
Server: Apache
Last-Modified: Fri, 13 Nov 2020 19:19:44 GMT
Accept-Ranges: bytes
Content-Length: 7636
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/png
www.edoraseguros.com.br/wp-content/plugins/wpt-whatsapp/assets/images/logo-green-small.png
209.126.103.109200 OK 6.9 kB URL HTTP/1.1 www.edoraseguros.com.br/wp-content/plugins/wpt-whatsapp/assets/images/logo-green-small.png
IP 209.126.103.109:0
ASN #30083 AS-30083-GO-DADDY-COM-LLC
File type PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 3e4f87b63d42ab26642dbeca33689f38
71242d0b1998e8f18ce256d95e396f78b4fef646
0452c822ddcc5508d0a5f1326162578781cd0daf27d338d366fbc6821194e7e4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpt-whatsapp/assets/images/logo-green-small.png HTTP/1.1
Host: www.edoraseguros.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/wp-content/plugins/wpt-whatsapp/assets/css/public.css?ver=2.1.5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 03 Mar 2023 14:12:36 GMT
Server: Apache
Last-Modified: Mon, 17 Sep 2018 17:30:26 GMT
Accept-Ranges: bytes
Content-Length: 6890
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/png
use.fontawesome.com/releases/v5.1.0/js/v4-shims.js?ver=4.9.22
172.64.133.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.1.0/js/v4-shims.js?ver=4.9.22
IP 172.64.133.15:0
GET /releases/v5.1.0/js/v4-shims.js?ver=4.9.22 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Mar 2023 14:12:34 GMT
content-type: application/javascript
x-amz-id-2: bxVAw8kK74Hsq2oN1GMvdTga2Bu4kAU8SxnwURjsOCA5lp4ScraKXlEs818+MSYvEizHGrrjsPk=
x-amz-request-id: NKMS4SJGGJSJXKDV
last-modified: Wed, 30 Jun 2021 15:30:32 GMT
etag: W/"88238d38a876234b6c4ae00ac1a784f2"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2274405
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yIgkgPT2owdzUW4vrTBNm1UzsDXMSEoY3vwtYzXZaeU8jerK87Hnmsz5nmyUdoKwfnZsOL7dagOI42rBT0FyqjXow3RZKq%2Fkf0eD95V%2BlQzKkMXCrjC5T%2FK6LwLce1xJB1Rlto90"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a2279a5a89d24e1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.1.0/js/all.js?ver=4.9.22
172.64.133.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.1.0/js/all.js?ver=4.9.22
IP 172.64.133.15:0
GET /releases/v5.1.0/js/all.js?ver=4.9.22 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.edoraseguros.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Mar 2023 14:12:34 GMT
content-type: application/javascript
x-amz-id-2: vMBVPrDCC5vruln/bmf2afgDXcAxm84Yl8fweDAxmjfY0F/JHRnkYaHHETgb6TgB8I5nVgZmwLE=
x-amz-request-id: BMNPBY65T28W8DAT
last-modified: Wed, 30 Jun 2021 15:30:32 GMT
etag: W/"004993df80280fa6c4af6ca17c4e5433"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2267720
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2FGNMYtVvR194IEPDW9BRkgeFGNsx3S%2B36kI9vKQdop97gsjv6E1SR%2BAzWV3bmIMTU2MoawOCeC4vSCsMkHLsae6Dt7iQYQ8pumsx7cY4xAwP8Wr6GzlnVpCHSEAVi1LqgK5b1a3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a2279a5b8c324e1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2