Report - go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https://htlaircon.com/b1/5t6af8/bXN0YXVmZmVyQGtleXN0b25lcG0uY29t

Report Overview

Submitted URL
go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https://htlaircon.com/b1/5t6af8/bXN0YXVmZmVyQGtleXN0b25lcG0uY29t
IP
23.36.76.249
ASN
#20940 Akamai International B.V.
Submitted
2024-04-18 00:07:21
Access
public
Website Title
Digital Secured Platform | Qualia
Final URL
cnsg.com.br/images/chameleon/index.html#mstauffer@keystonepm.com
Tags
suspicious
urlquery detections
Suspicious - Anti-debugging code

Detections

urlquery
2
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-17	427 B	81 kB	151.101.2.137
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2024-04-17	928 B	76 kB	104.18.11.207
cnsg.com.br	unknown	1999-02-11	2014-12-04	2024-04-17	988 B	809 kB	187.45.195.126
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-17	461 B	7.2 kB	104.17.25.14
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-17	512 B	1.2 kB	35.244.181.201
logo.clearbit.com	27344	2003-07-04	2015-06-30	2024-04-17	425 B	7.0 kB	54.230.111.107
go.onelink.me	29445	2014-11-26	2014-12-11	2024-04-17	694 B	566 B	23.36.77.43
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-17	426 B	31 kB	216.58.207.234

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js	87 kB	2023-03-07	2024-04-30
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-30 23:18:25 Times Seen63714 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	code.jquery.com/jquery-3.3.1.js	272 kB	2023-03-07	2024-04-30
Pretty URL code.jquery.com/jquery-3.3.1.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-30 22:18:23 Times Seen59521 Hash 6a07da9fae934baf3f749e876bbfdd96 46a436eba01c79acdb225757ed80bf54bad6416b d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad Loading...

	cnsg.com.br/images/chameleon/index.html#mstauffer@keystonepm.com	1.8 kB	2024-04-05	2024-04-30
Pretty URL cnsg.com.br/images/chameleon/index.html#mstauffer@keystonepm.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-05 10:31:03 Last Seen2024-04-30 15:05:40 Times Seen918 Hash 6e842b7f91742fe8fa06c98348e7d4c8 3e50ba64f4651b757aac0d1769082695e5972dd4 8bc9e3063308dac5f5a22fd7abcce37ff9523d30802275c0d7402a8dc083ef95 Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	19 kB	2023-03-07	2024-04-30
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-30 22:35:13 Times Seen112831 Hash 70d3fda195602fe8b75e0097eed74dde c3b977aa4b8dfb69d651e07015031d385ded964b a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Loading...

	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	49 kB	2023-03-07	2024-04-30
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-30 22:35:13 Times Seen138069 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	cnsg.com.br/images/chameleon/index.html#mstauffer@keystonepm.com	2.0 kB	2024-04-02	2024-04-30
Pretty URL cnsg.com.br/images/chameleon/index.html#mstauffer@keystonepm.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-02 13:43:50 Last Seen2024-04-30 15:05:40 Times Seen989 Hash fa3ebdde53fb7797df1739ef4450fc5f 49162599c22b192958412c9725c4ed12fe976abf 192532c33b931ec44f14dd52527e74e11262b62ac01f6a85482613b5c52e3500 Loading...

HTTP Transactions (10)

	URL	IP	Response	Size
	go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https://htlaircon.com/b1/5t6af8/bXN0YXVmZmVyQGtleXN0b25lcG0uY29t	23.36.77.43		0 B
URL go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https://htlaircon.com/b1/5t6af8/bXN0YXVmZmVyQGtleXN0b25lcG0uY29t IP 23.36.77.43:0 ASN #20940 Akamai International B.V. File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https://htlaircon.com/b1/5t6af8/bXN0YXVmZmVyQGtleXN0b25lcG0uY29t HTTP/1.1 Host: go.onelink.me User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 301 Moved Permanently content-type: application/octet-stream content-length: 0 location: https://htlaircon.com/b1/5t6af8/bXN0YXVmZmVyQGtleXN0b25lcG0uY29t?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature strict-transport-security: max-age=31536000; includeSubDomains accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List cache-control: no-cache, no-store server: http-kit date: Thu, 18 Apr 2024 00:06:55 GMT X-Firefox-Spdy: h2

	ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js	216.58.207.234	200 OK	30 kB
URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js IP 216.58.207.234:443 ASN #15169 GOOGLE Requested by https://cnsg.com.br/images/chameleon/index.html#mstauffer@keystonepm.com Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT File type JavaScript source, ASCII text, with very long lines (32058) Size 30 kB (30306 bytes) Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de HTTP Headers `GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1 Host: ajax.googleapis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://cnsg.com.br/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers" report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} timing-allow-origin: * content-length: 30306 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Tue, 16 Apr 2024 04:38:37 GMT expires: Wed, 16 Apr 2025 04:38:37 GMT cache-control: public, max-age=31536000, stale-while-revalidate=2592000 age: 156503 last-modified: Tue, 03 Mar 2020 19:15:00 GMT content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	code.jquery.com/jquery-3.3.1.js	151.101.2.137	200 OK	80 kB
URL GET HTTP/2 code.jquery.com/jquery-3.3.1.js IP 151.101.2.137:443 ASN #54113 FASTLY Requested by https://cnsg.com.br/images/chameleon/index.html#mstauffer@keystonepm.com Certificate IssuerSectigo Limited Subject.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT File type JavaScript source, ASCII text Size 80 kB (80268 bytes) Hash 6a07da9fae934baf3f749e876bbfdd96 46a436eba01c79acdb225757ed80bf54bad6416b d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad HTTP Headers `GET /jquery-3.3.1.js HTTP/1.1 Host: code.jquery.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://cnsg.com.br DNT: 1 Connection: keep-alive Referer: https://cnsg.com.br/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: nginx content-type: application/javascript; charset=utf-8 last-modified: Fri, 18 Oct 1991 12:00:00 GMT etag: W/"28feccc0-42587" cache-control: public, max-age=31536000, stale-while-revalidate=604800 access-control-allow-origin: * content-encoding: gzip via: 1.1 varnish, 1.1 varnish accept-ranges: bytes date: Thu, 18 Apr 2024 00:07:00 GMT age: 18598170 x-served-by: cache-lga21980-LGA, cache-hel1410024-HEL x-cache: HIT, HIT x-cache-hits: 99, 1703 x-timer: S1713398820.270930,VS0,VE0 vary: Accept-Encoding content-length: 80268 X-Firefox-Spdy: h2

	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	104.18.11.207	200 OK	25 kB
URL GET HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css IP 104.18.11.207:443 ASN #13335 CLOUDFLARENET Requested by https://cnsg.com.br/images/chameleon/index.html#mstauffer@keystonepm.com Certificate IssuerGoogle Trust Services LLC Subjectbootstrapcdn.com Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63 ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT File type ASCII text, with very long lines (65325) Size 25 kB (25279 bytes) Hash 450fc463b8b1a349df717056fbb3e078 895125a4522a3b10ee7ada06ee6503587cbf95c5 2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d HTTP Headers `GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1 Host: maxcdn.bootstrapcdn.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://cnsg.com.br DNT: 1 Connection: keep-alive Referer: https://cnsg.com.br/ Sec-Fetch-Dest: style Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 18 Apr 2024 00:07:00 GMT content-type: text/css; charset=utf-8 cdn-pullzone: 252412 cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestcountrycode: DE vary: Accept-Encoding access-control-allow-origin: * cache-control: public, max-age=31919000 content-encoding: br etag: W/"450fc463b8b1a349df717056fbb3e078" last-modified: Mon, 25 Jan 2021 22:04:04 GMT cdn-cachedat: 03/18/2024 12:51:41 cdn-proxyver: 1.04 cdn-requestpullcode: 200 cdn-requestpullsuccess: True cdn-edgestorageid: 1048 timing-allow-origin: * cross-origin-resource-policy: cross-origin x-content-type-options: nosniff cdn-status: 200 cdn-requestid: 336be608c649d564209e983b350df07d cdn-cache: HIT cf-cache-status: HIT age: 9764 strict-transport-security: max-age=31536000; includeSubDomains; preload server: cloudflare cf-ray: 87606982bbca1bfa-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	cnsg.com.br/images/chameleon/index.html	187.45.195.126		404 kB
URL cnsg.com.br/images/chameleon/index.html IP 187.45.195.126:0 ASN #27715 Locaweb Servicos de Internet SA File type HTML document, ASCII text, with very long lines (51351) Size 404 kB (404159 bytes) Hash e1ddb8cfb248153530f3f6d64f191346 ae0d57c668150591f5799fc202aeed34cb0a7dfd 0b709402fdaea35f93d05b0107eb53fc45218193d42a339d2610ab2b57a405ef HTTP Headers `GET /images/chameleon/index.html HTTP/1.1 Host: cnsg.com.br User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 00:06:58 GMT Server: Apache Last-Modified: Wed, 17 Apr 2024 20:35:11 GMT ETag: "a8050a-62abf-61650ca8c8318" Accept-Ranges: bytes Content-Length: 404159 Connection: close Content-Type: text/html`

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	104.17.25.14	200 OK	6.2 kB
URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://cnsg.com.br/images/chameleon/index.html#mstauffer@keystonepm.com Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT File type JavaScript source, ASCII text, with very long lines (19015) Size 6.2 kB (6157 bytes) Hash 70d3fda195602fe8b75e0097eed74dde c3b977aa4b8dfb69d651e07015031d385ded964b a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 HTTP Headers `GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://cnsg.com.br DNT: 1 Connection: keep-alive Referer: https://cnsg.com.br/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 18 Apr 2024 00:07:00 GMT content-type: application/javascript; charset=utf-8 content-length: 6157 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5eb03fa9-4af4" last-modified: Mon, 04 May 2020 16:15:37 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 2843704 expires: Tue, 08 Apr 2025 00:07:00 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VIOPVKKKrQrmT0blqKI%2FHcwRaLdVy1HOzplYEFiJIvIoK6pqqDmh0tnPCz9%2FdJc9XCA0rFpA4mP30rGn8sLYV5xguWxiCaSlrxdk4n%2BySTywrBroLROBHQ2VrrEL%2BTyYZNtTniwU"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 876069872b2f56b9-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		444 B
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP 35.244.181.201:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type XML 1.0 document, ASCII text, with very long lines (332) Size 444 B (444 bytes) Hash 3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463 HTTP Headers `GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=6VfWF8dI2w6_bjREd4rtv51NrVC5k-lFTUzwcLvw1oLQckOQIeeCV6sCykvxwYsZh5SrMpkYIncEVsQEtk87BfpBAyFtY8xprjD0rGx6EXOLq0eAplFMkIFpy1zCeWAX strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: EXPIRED content-encoding: gzip via: 1.1 google date: Thu, 18 Apr 2024 00:05:31 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding content-length: 444 age: 103 cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2

	logo.clearbit.com/keystonepm.com	54.230.111.107	200 OK	6.5 kB
URL GET HTTP/2 logo.clearbit.com/keystonepm.com IP 54.230.111.107:443 ASN #16509 AMAZON-02 Requested by https://cnsg.com.br/images/chameleon/index.html#mstauffer@keystonepm.com Certificate IssuerAmazon Subjectclearbit.com FingerprintCE:16:94:BB:21:1F:D1:5C:C5:B1:B0:D0:51:6C:C5:26:30:0D:59:72 ValidityMon, 22 Jan 2024 00:00:00 GMT - Tue, 18 Feb 2025 23:59:59 GMT File type PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced Size 6.5 kB (6524 bytes) Hash 39ac5be35af0f9e0390ef6c44e9140c9 01610e65619aaa4ed3c734bdb595f6802b618f21 fb5d0cadd3d424065e85add84622e7d4b73d6cb416883aaf76e2ff91a78f506c HTTP Headers `GET /keystonepm.com HTTP/1.1 Host: logo.clearbit.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://cnsg.com.br/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: image/png access-control-allow-origin: * cache-control: public, max-age=2592000 date: Thu, 18 Apr 2024 00:07:01 GMT x-envoy-response-flags: - server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff x-cache: Miss from cloudfront via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: rsjBafPTvICZKpOwplIo6xAF6XmIJ7_K8jtTR7sLaoL05lgNnPdZlg== X-Firefox-Spdy: h2

	cnsg.com.br/images/chameleon/index.html	187.45.195.126	200 OK	404 kB
URL User Request GET HTTP/1.1 cnsg.com.br/images/chameleon/index.html IP 187.45.195.126:443 ASN #27715 Locaweb Servicos de Internet SA Certificate IssuerGlobalSign nv-sa Subjectwww.cnsg.com.br Fingerprint15:D2:C5:2E:EE:34:1D:56:8A:7A:E2:FF:3C:16:F8:2A:C4:69:1F:5C ValidityTue, 03 Oct 2023 20:29:44 GMT - Sun, 03 Nov 2024 20:29:43 GMT File type HTML document, ASCII text, with very long lines (51351) Size 404 kB (404159 bytes) Hash e1ddb8cfb248153530f3f6d64f191346 ae0d57c668150591f5799fc202aeed34cb0a7dfd 0b709402fdaea35f93d05b0107eb53fc45218193d42a339d2610ab2b57a405ef HTTP Headers `GET /images/chameleon/index.html HTTP/1.1 Host: cnsg.com.br User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 00:06:58 GMT Server: Apache Last-Modified: Wed, 17 Apr 2024 20:35:11 GMT ETag: "a8050a-62abf-61650ca8c8318" Accept-Ranges: bytes Content-Length: 404159 Connection: close Content-Type: text/html`

	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	104.18.11.207	200 OK	49 kB
URL GET HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP 104.18.11.207:443 ASN #13335 CLOUDFLARENET Requested by https://cnsg.com.br/images/chameleon/index.html#mstauffer@keystonepm.com Certificate IssuerGoogle Trust Services LLC Subjectbootstrapcdn.com Fingerprint57:B4:25:B9:9C:88:A1:A3:3D:F7:31:74:02:E4:D1:E0:0A:F5:11:63 ValidityWed, 27 Mar 2024 00:22:09 GMT - Tue, 25 Jun 2024 00:22:08 GMT File type JavaScript source, ASCII text, with very long lines (48664) Size 49 kB (48944 bytes) Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b HTTP Headers `GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1 Host: maxcdn.bootstrapcdn.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://cnsg.com.br DNT: 1 Connection: keep-alive Referer: https://cnsg.com.br/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 18 Apr 2024 00:07:00 GMT content-type: application/javascript; charset=utf-8 cdn-pullzone: 252412 cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestcountrycode: DE vary: Accept-Encoding access-control-allow-origin: * cache-control: public, max-age=31919000 content-encoding: br etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17" last-modified: Mon, 25 Jan 2021 22:04:04 GMT cdn-cachedat: 03/18/2024 12:46:36 cdn-proxyver: 1.04 cdn-requestpullcode: 200 cdn-requestpullsuccess: True cdn-edgestorageid: 1048 timing-allow-origin: * cross-origin-resource-policy: cross-origin x-content-type-options: nosniff cdn-status: 200 cdn-requestid: 6f8cd7db87f48c2bc96376b90aca5a8a cdn-cache: HIT cf-cache-status: HIT age: 9763 strict-transport-security: max-age=31536000; includeSubDomains; preload server: cloudflare cf-ray: 876069871cc91bfa-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by