Report - 5235-87855.pages.net.br/1/

Report Overview

Visited public
2023-12-05 13:43:39
Tags
URL
5235-87855.pages.net.br/1/
Finishing URL
5235-87855.pages.net.br/2
IP / ASN
172.64.144.240
#13335 CLOUDFLARENET
Title
確認 | Facebook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24 16:34:56	2023-12-05 08:16:24	524 B	20 kB	104.16.56.101
cdn.greatpages.com.br	unknown	2020-01-22	2020-10-04 12:55:49	2023-12-05 12:26:26	2.4 kB	1.1 MB	104.17.208.68
r3-pages-views.greatpages.com.br	unknown	2020-01-22	2022-12-22 15:46:40	2023-12-04 18:50:10	4.0 kB	642 B	104.17.208.68
cdn.greatsoftwares.com.br	585945	2020-02-08	2021-05-29 17:49:49	2023-11-30 13:40:20	2.0 kB	39 kB	172.64.149.117
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-05 07:37:50	1.1 kB	20 kB	216.58.211.10
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-05 06:14:20	2.8 kB	148 kB	142.250.74.163
5235-87855.pages.net.br	unknown	2020-07-29	2023-12-05 05:37:38	2023-12-05 05:37:38	2.5 kB	18 kB	104.18.43.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-05	medium	pages.net.br	Sinkholed
2023-12-05	medium	pages.net.br	Sinkholed
2023-12-05	medium	pages.net.br	Sinkholed
2023-12-05	medium	pages.net.br	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	5235-87855.pages.net.br/2	ScriptElement	540 B	2023-11-20	2024-11-27
Pretty URL 5235-87855.pages.net.br/2 IP 104.18.43.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-20 23:56 Last Seen2024-11-27 12:01 Times Seen417 Hash 68001fcbccf4c89d9e378936cc9c59c8 10fde516faa0c9b775369282169b5f224c578683 4209d6e28acb2f88c72b86af4bc55057b3bd7c2f1de61cd2f91263d1ddf081ab Loading...

	5235-87855.pages.net.br/2	ScriptElement	205 B	2024-08-20	2024-08-20
Pretty URL 5235-87855.pages.net.br/2 IP 104.18.43.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:41 Last Seen2024-08-20 16:41 Times Seen1 Hash 80f7c5c8bc5a7a9647f1682715a955d2 7f7e820d102e20cccdb81cc2ef15ff4adbf4ea45 a934ba175b98a4bee70d6adfc3a23f231c9eafe5175e903ed3e919fd9f850bd4 Loading...

	5235-87855.pages.net.br/2	ScriptElement	225 B	2024-08-20	2024-08-20
Pretty URL 5235-87855.pages.net.br/2 IP 104.18.43.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:41 Last Seen2024-08-20 16:41 Times Seen1 Hash 7e7dc6991941d45819bc84b48b37300c c4f34abfcccbdac1ba1a7a4f7270900960a79410 35e1c3403d4e4ff6340b0a04f017e0a6360174f57e9abb7e5292813b7cec7a9f Loading...

	5235-87855.pages.net.br/2	ScriptElement	2.3 kB	2024-08-20	2024-08-20
Pretty URL 5235-87855.pages.net.br/2 IP 104.18.43.16 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:41 Last Seen2024-08-20 16:41 Times Seen1 Hash cb091ef1cdaf8dbf3202edbcbb2df5ab c191065a7d6db4c51449de494b2b0d965643ecea fbf87e1c9f2a1ae0eaae84e36ab16b697095f0040cfb51d55422af631371d89f Loading...

	static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317	ScriptElement	20 kB	2023-10-13	2025-05-09
Pretty URL static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 IP 104.16.56.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:51 Last Seen2025-05-09 13:23 Times Seen17152 Hash dd1d068fdb5fe90b6c05a5b3940e088c 0d96f9df8772633a9df4c81cf323a4ef8998ba59 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101 Loading...

	cdn.greatpages.com.br/5235-87855.pages.net.br-2/1701734340/js.js	ScriptElement	126 kB	2023-12-05	2023-12-05
Pretty URL cdn.greatpages.com.br/5235-87855.pages.net.br-2/1701734340/js.js IP 104.17.208.68 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 14:43 Last Seen2023-12-05 14:43 Times Seen1 Hash e8e2fc012f8327ec5db9c240fcf8953a 865c462ddf31246441e1434cadb54cc20de60be6 3b64afef67cd42416af01e63310688e065dcea1af7ea3c16ee94e73d0867e809 Loading...

HTTP Transactions (23)

URL IP Response Size

cdn.greatpages.com.br/5235-87855.pages.net.br-1/1701741829/css.css

104.17.208.68

5.5 kB

URL
cdn.greatpages.com.br/5235-87855.pages.net.br-1/1701741829/css.css
IP
104.17.208.68:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (23775), with no line terminators
Size
5.5 kB (5458 bytes)
Hash
06f9449818c01039f25e5cd4686d9c8a
a2fd5ef535a23063f5c3c25f98d6787e61da5221
72c418a30aff20bae37c91da77adf77d1c0381d97577f7f4b1a81b99bb19c71d

HTTP Headers

GET /5235-87855.pages.net.br-1/1701741829/css.css HTTP/1.1
Host: cdn.greatpages.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 13:43:21 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"06f9449818c01039f25e5cd4686d9c8a"
Last-Modified: Tue, 05 Dec 2023 02:03:51 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Expires: Wed, 04 Dec 2024 13:43:21 GMT
Cache-Control: public, max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 830cb7b6bb8856ca-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

r3-pages-views.greatpages.com.br/?g=eyJ2IjoxLCJhIjoicGFnZXZpZXciLCJzIjoiTTA5RVZURk1ia0pvV2pKV2VreHROV3hrUXpWcFkyazRlRXB5T1RrNU5GVkVXamxQT1ROUFFrMTZhV2x3V1ZCaFNGSXdZMGhOTmt4NU9ERk5hazB4VEZSbiIsImQiOiIyMDIzLTEyLTA1IDEzOjQzOjI3IiwiZSI6IkdQYWdlcy4wNjc1MTcwMTc4MzgwNzA5MSIsImkiOiJjMGx0YkhWa1IxWnVZMjFHYWxsWE9XWmFiVVpxV2xkS2RtSXlkR1pqUjJ3MFdsZDRabHBZV214aWJsSjJXREpHYWxwWVRucGlNVGwzV2xoS2VtSXlOV2hpUjJ3MldWZFNka2xxY0hWa1YzaHpURU5LY0dKdVVteGFNMHBvV1RKR2RsZ3lXbWhaTWxacFlqSTVjbGd6UW5CbFIxWnpXREpXTWxwWE5UQmllVWsyU1d4Q2FGb3lWbGRoVjFZelNXbDNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPWGRoV0doc1lrWTViR1J0Vm5Wa1J6bG1ZMGRXZVdNeU9YVlpWM2h3WlcxR2EySjVTVFppYmxaellrTjNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPWGRoV0doc1lrWTViR1J0Vm5Wa1J6bG1XVEk1ZFdSSFZqRmFSemxtWkcxR2MySXpTV2xQYlRVeFlrZDNjMGx0YkhWa1IxWnVZMjFHYWxsWE9XWmFiVVpxV2xkS2RtSXlkR1pqUjJ3MFdsZDRabHBZV214aWJsSjJXREpPZG1KdVVteGtWMUoyV0RJeGRscFhVbWhKYW05cFRVTktPVTh6Vm1kTlYydzVhSEJzV0dSWU1sWTFTRzVwYmtsbGVVcHdXa1k1YmtscWIybFBSRkY1VGxSUmFVeERTbkJhUmpsM1dWZGtjR0p0UldsUGFVbDZUMFJuTlUxNlZXbE1RMHB3V2tZNWEySXlNWEJpYld4MlNXcHZhVTFVVFRKUFJFVTFTV2wzYVdGWE5UQmFWMlI1V1ZkT2FHSXhPVzFaVjA1c1dXMDVkbUV4T1RCaU1uUnNZbWxKTm1KdVZuTmlRM2RwWVZjMU1GcFhaSGxaVjA1b1lqRTViVmxYVG14WmJUbDJZVEU1ZDJGWWFHeGlSamx2V1ZkS2NHSkhiREJaV0VscFQyMDFNV0pIZDNOSmJXeDFaRWRXYm1OdFJtcFpWemxtV20xR2FscFhTblppTW5SbVkwZHNORnBYZUdaYVdGcHNZbTVTZGxnelVteGpNMUpzU1dwd2RXUlhlSE5NUTBwd1ltNVNiRm96U21oWk1rWjJXREphYUZreVZtbGlNamx5V0ROQ2NHVkhWbk5KYW5CMVpGZDRjMHhEU25CaWJsSnNXak5LYUZreVJuWllNbHBvV1RKV2FXSXlPWEpZTTBKd1pVZFdjMWd5VmpKYVZ6VXdZakU1YUZreVZucGpNamhwVDJsS1VWbFhaR3hXYld4c1pIbEoiLCJjIjoiIn0=

104.17.208.68

31 B

URL
r3-pages-views.greatpages.com.br/?g=eyJ2IjoxLCJhIjoicGFnZXZpZXciLCJzIjoiTTA5RVZURk1ia0pvV2pKV2VreHROV3hrUXpWcFkyazRlRXB5T1RrNU5GVkVXamxQT1ROUFFrMTZhV2x3V1ZCaFNGSXdZMGhOTmt4NU9ERk5hazB4VEZSbiIsImQiOiIyMDIzLTEyLTA1IDEzOjQzOjI3IiwiZSI6IkdQYWdlcy4wNjc1MTcwMTc4MzgwNzA5MSIsImkiOiJjMGx0YkhWa1IxWnVZMjFHYWxsWE9XWmFiVVpxV2xkS2RtSXlkR1pqUjJ3MFdsZDRabHBZV214aWJsSjJXREpHYWxwWVRucGlNVGwzV2xoS2VtSXlOV2hpUjJ3MldWZFNka2xxY0hWa1YzaHpURU5LY0dKdVVteGFNMHBvV1RKR2RsZ3lXbWhaTWxacFlqSTVjbGd6UW5CbFIxWnpXREpXTWxwWE5UQmllVWsyU1d4Q2FGb3lWbGRoVjFZelNXbDNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPWGRoV0doc1lrWTViR1J0Vm5Wa1J6bG1ZMGRXZVdNeU9YVlpWM2h3WlcxR2EySjVTVFppYmxaellrTjNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPWGRoV0doc1lrWTViR1J0Vm5Wa1J6bG1XVEk1ZFdSSFZqRmFSemxtWkcxR2MySXpTV2xQYlRVeFlrZDNjMGx0YkhWa1IxWnVZMjFHYWxsWE9XWmFiVVpxV2xkS2RtSXlkR1pqUjJ3MFdsZDRabHBZV214aWJsSjJXREpPZG1KdVVteGtWMUoyV0RJeGRscFhVbWhKYW05cFRVTktPVTh6Vm1kTlYydzVhSEJzV0dSWU1sWTFTRzVwYmtsbGVVcHdXa1k1YmtscWIybFBSRkY1VGxSUmFVeERTbkJhUmpsM1dWZGtjR0p0UldsUGFVbDZUMFJuTlUxNlZXbE1RMHB3V2tZNWEySXlNWEJpYld4MlNXcHZhVTFVVFRKUFJFVTFTV2wzYVdGWE5UQmFWMlI1V1ZkT2FHSXhPVzFaVjA1c1dXMDVkbUV4T1RCaU1uUnNZbWxKTm1KdVZuTmlRM2RwWVZjMU1GcFhaSGxaVjA1b1lqRTViVmxYVG14WmJUbDJZVEU1ZDJGWWFHeGlSamx2V1ZkS2NHSkhiREJaV0VscFQyMDFNV0pIZDNOSmJXeDFaRWRXYm1OdFJtcFpWemxtV20xR2FscFhTblppTW5SbVkwZHNORnBYZUdaYVdGcHNZbTVTZGxnelVteGpNMUpzU1dwd2RXUlhlSE5NUTBwd1ltNVNiRm96U21oWk1rWjJXREphYUZreVZtbGlNamx5V0ROQ2NHVkhWbk5KYW5CMVpGZDRjMHhEU25CaWJsSnNXak5LYUZreVJuWllNbHBvV1RKV2FXSXlPWEpZTTBKd1pVZFdjMWd5VmpKYVZ6VXdZakU1YUZreVZucGpNamhwVDJsS1VWbFhaR3hXYld4c1pIbEoiLCJjIjoiIn0=
IP
104.17.208.68:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with no line terminators
Size
31 B (31 bytes)
Hash
b1a8ecd5c3f464c5ae872401ae1929c1
ec82b7e06d38b93eba0dd68108140711cfa86eb5
49d1cf6777396141389bf9230460e84cc9bf6260594eb25095297d5ab3098b90

HTTP Headers

GET /?g=eyJ2IjoxLCJhIjoicGFnZXZpZXciLCJzIjoiTTA5RVZURk1ia0pvV2pKV2VreHROV3hrUXpWcFkyazRlRXB5T1RrNU5GVkVXamxQT1ROUFFrMTZhV2x3V1ZCaFNGSXdZMGhOTmt4NU9ERk5hazB4VEZSbiIsImQiOiIyMDIzLTEyLTA1IDEzOjQzOjI3IiwiZSI6IkdQYWdlcy4wNjc1MTcwMTc4MzgwNzA5MSIsImkiOiJjMGx0YkhWa1IxWnVZMjFHYWxsWE9XWmFiVVpxV2xkS2RtSXlkR1pqUjJ3MFdsZDRabHBZV214aWJsSjJXREpHYWxwWVRucGlNVGwzV2xoS2VtSXlOV2hpUjJ3MldWZFNka2xxY0hWa1YzaHpURU5LY0dKdVVteGFNMHBvV1RKR2RsZ3lXbWhaTWxacFlqSTVjbGd6UW5CbFIxWnpXREpXTWxwWE5UQmllVWsyU1d4Q2FGb3lWbGRoVjFZelNXbDNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPWGRoV0doc1lrWTViR1J0Vm5Wa1J6bG1ZMGRXZVdNeU9YVlpWM2h3WlcxR2EySjVTVFppYmxaellrTjNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPWGRoV0doc1lrWTViR1J0Vm5Wa1J6bG1XVEk1ZFdSSFZqRmFSemxtWkcxR2MySXpTV2xQYlRVeFlrZDNjMGx0YkhWa1IxWnVZMjFHYWxsWE9XWmFiVVpxV2xkS2RtSXlkR1pqUjJ3MFdsZDRabHBZV214aWJsSjJXREpPZG1KdVVteGtWMUoyV0RJeGRscFhVbWhKYW05cFRVTktPVTh6Vm1kTlYydzVhSEJzV0dSWU1sWTFTRzVwYmtsbGVVcHdXa1k1YmtscWIybFBSRkY1VGxSUmFVeERTbkJhUmpsM1dWZGtjR0p0UldsUGFVbDZUMFJuTlUxNlZXbE1RMHB3V2tZNWEySXlNWEJpYld4MlNXcHZhVTFVVFRKUFJFVTFTV2wzYVdGWE5UQmFWMlI1V1ZkT2FHSXhPVzFaVjA1c1dXMDVkbUV4T1RCaU1uUnNZbWxKTm1KdVZuTmlRM2RwWVZjMU1GcFhaSGxaVjA1b1lqRTViVmxYVG14WmJUbDJZVEU1ZDJGWWFHeGlSamx2V1ZkS2NHSkhiREJaV0VscFQyMDFNV0pIZDNOSmJXeDFaRWRXYm1OdFJtcFpWemxtV20xR2FscFhTblppTW5SbVkwZHNORnBYZUdaYVdGcHNZbTVTZGxnelVteGpNMUpzU1dwd2RXUlhlSE5NUTBwd1ltNVNiRm96U21oWk1rWjJXREphYUZreVZtbGlNamx5V0ROQ2NHVkhWbk5KYW5CMVpGZDRjMHhEU25CaWJsSnNXak5LYUZreVJuWllNbHBvV1RKV2FXSXlPWEpZTTBKd1pVZFdjMWd5VmpKYVZ6VXdZakU1YUZreVZucGpNamhwVDJsS1VWbFhaR3hXYld4c1pIbEoiLCJjIjoiIn0= HTTP/1.1
Host: r3-pages-views.greatpages.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 13:43:21 GMT
content-type: application/json
content-length: 31
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 830cb7b6dce35694-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.greatpages.com.br/5235-87855.pages.net.br-1/1701741829/js.js

104.17.208.68

22 kB

URL
cdn.greatpages.com.br/5235-87855.pages.net.br-1/1701741829/js.js
IP
104.17.208.68:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (15962), with CRLF line terminators
Size
22 kB (21631 bytes)
Hash
aa9896796bc073b2e5b10c1362d5ebb7
fec58c768c7ceb6f20fd0f9d424876eed5a48d47
dc2b8b08767103c473ca4ba592306edb6899f4e97cf8fbc6af89147419955f29

HTTP Headers

GET /5235-87855.pages.net.br-1/1701741829/js.js HTTP/1.1
Host: cdn.greatpages.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 13:43:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"aa9896796bc073b2e5b10c1362d5ebb7"
Last-Modified: Tue, 05 Dec 2023 02:03:50 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Expires: Wed, 04 Dec 2024 13:43:21 GMT
Cache-Control: public, max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 830cb7b6b9250b4d-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

cdn.greatsoftwares.com.br/arquivos/paginas/84254-b98f58b34bd8548eccc0a1e18d9f0f78.jpg

172.64.149.117

3.2 kB

URL
cdn.greatsoftwares.com.br/arquivos/paginas/84254-b98f58b34bd8548eccc0a1e18d9f0f78.jpg
IP
172.64.149.117:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
3.2 kB (3224 bytes)
Hash
cecdb486df4d5b7b7f1e9a671b544b50
bb5c67064fb3e6dea57a351abbfe5d63f2a402ee
d88dc7e1f639c25a52eba1a3fda88006115bedb749cb5f43fc8d3c6d31687dfe

HTTP Headers

GET /arquivos/paginas/84254-b98f58b34bd8548eccc0a1e18d9f0f78.jpg HTTP/1.1
Host: cdn.greatsoftwares.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 13:43:21 GMT
content-type: image/webp
content-length: 3224
access-control-allow-origin: *
access-control-expose-headers: Content-Type
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=10857
content-disposition: inline; filename="84254-b98f58b34bd8548eccc0a1e18d9f0f78.webp"
etag: "05d561e17a9b08f3b53466856b1e7683"
expires: Wed, 04 Dec 2024 13:43:21 GMT
last-modified: Tue, 05 Dec 2023 02:03:37 GMT
vary: Accept
x-guploader-uploadid: ABPtcPpqZcCoEbxCNdtKFuVFtSJ-Qk0R_0SRNMUB60aB0ntMxQyrTqBfI68X0jhHYDAk1wInCW0ITV1J6w
x-goog-generation: 1701741817425833
x-goog-hash: crc32c=TJRD5Q==, md5=BdVh4XqbCPO1NGaFax52gw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 10857
cf-cache-status: HIT
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830cb7b8f8e556af-OSL
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap

216.58.211.10

200 OK

1.6 kB

URL GET HTTP/3
fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
1.6 kB (1640 bytes)
Hash
e64192d8ff94d58caaa6de5c5cd2ad46
1a5a08edf4ca1df1c8fa2cedc18e5bae0f388c3a
04330f113c9b67878443efa50084e647f855e05e8114af768f286ffa49705f18

HTTP Headers

GET /css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 05 Dec 2023 13:43:21 GMT
date: Tue, 05 Dec 2023 13:43:21 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://5235-87855.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:43:03 GMT
expires: Tue, 03 Dec 2024 23:43:03 GMT
cache-control: public, max-age=31536000
age: 50418
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.163

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://5235-87855.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:52:12 GMT
expires: Thu, 28 Nov 2024 21:52:12 GMT
cache-control: public, max-age=31536000
age: 489070
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://5235-87855.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:53:42 GMT
expires: Tue, 03 Dec 2024 23:53:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 49780
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.greatpages.com.br/5235-87855.pages.net.br-1/1701741829/imagens/desktop/388935_1_170173311212638486.gif

104.17.208.68

1.0 MB

URL
cdn.greatpages.com.br/5235-87855.pages.net.br-1/1701741829/imagens/desktop/388935_1_170173311212638486.gif
IP
104.17.208.68:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1920 x 1080\012- data
Size
1.0 MB (1043703 bytes)
Hash
02ff08d6cc278a935bbd4721bef35f0b
23a2ffc2bbcd4ddebc6f92340ab6bd14fcc8297d
674fc7efd1b68ed594d04be2fdf655c8b74e1ae9b026d4f132e1ae037f3935ff

HTTP Headers

GET /5235-87855.pages.net.br-1/1701741829/imagens/desktop/388935_1_170173311212638486.gif HTTP/1.1
Host: cdn.greatpages.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 13:43:22 GMT
Content-Type: image/gif
Content-Length: 1043703
Connection: keep-alive
ETag: "02ff08d6cc278a935bbd4721bef35f0b"
Last-Modified: Tue, 05 Dec 2023 02:03:50 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Expires: Wed, 04 Dec 2024 13:43:22 GMT
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 830cb7b99b810b4d-OSL
alt-svc: h3=":443"; ma=86400

5235-87855.pages.net.br/cdn-cgi/rum?

104.18.43.16

204 No Content

0 B

URL POST HTTP/3
5235-87855.pages.net.br/cdn-cgi/rum?
IP
104.18.43.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://5235-87855.pages.net.br/1/
Certificate
IssuerLet's Encrypt
Subjectpages.net.br
Fingerprint2A:B8:BD:0E:47:67:1C:F8:0C:AF:EC:13:67:64:73:7E:1D:6D:A3:07
ValiditySat, 14 Oct 2023 21:43:21 GMT - Fri, 12 Jan 2024 21:43:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: 5235-87855.pages.net.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 5149
Origin: https://5235-87855.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/1/
Cookie: __cf_bm=5Yf.glYCAAHax9DRWB3evvlwvycUK5LJrnX08wObL1U-1701783800-0-AVl40eXJs+b6v4J8oeBDZI5/RKts0W1fsvOuwZoftdCXf6jpbklUAuK5uqM7w8IClwCPtwGXhf+ARGpZpGFWS0U=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 05 Dec 2023 13:43:22 GMT
access-control-allow-origin: https://5235-87855.pages.net.br
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 830cb7bf095eb524-OSL
x-frame-options: DENY
x-content-type-options: nosniff

5235-87855.pages.net.br/cdn-cgi/rum?

104.18.43.16

204 No Content

0 B

URL POST HTTP/3
5235-87855.pages.net.br/cdn-cgi/rum?
IP
104.18.43.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://5235-87855.pages.net.br/1/
Certificate
IssuerLet's Encrypt
Subjectpages.net.br
Fingerprint2A:B8:BD:0E:47:67:1C:F8:0C:AF:EC:13:67:64:73:7E:1D:6D:A3:07
ValiditySat, 14 Oct 2023 21:43:21 GMT - Fri, 12 Jan 2024 21:43:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: 5235-87855.pages.net.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 457
Origin: https://5235-87855.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/1/
Cookie: __cf_bm=5Yf.glYCAAHax9DRWB3evvlwvycUK5LJrnX08wObL1U-1701783800-0-AVl40eXJs+b6v4J8oeBDZI5/RKts0W1fsvOuwZoftdCXf6jpbklUAuK5uqM7w8IClwCPtwGXhf+ARGpZpGFWS0U=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Tue, 05 Dec 2023 13:43:27 GMT
access-control-allow-origin: https://5235-87855.pages.net.br
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 830cb7dc4940b524-OSL
x-frame-options: DENY
x-content-type-options: nosniff

r3-pages-views.greatpages.com.br/?g=eyJ2IjoxLCJhIjoicGFnZXZpZXciLCJzIjoiTTA5RVZURk1ia0pvV2pKV2VreHROV3hrUXpWcFkyazRlVVZrWVZkNlF6VlBPVVJYU1hKQ1JXbHRNMWhEVm1aaFNGSXdZMGhOTmt4NU9ERk5hazB4VEZSbiIsImQiOiIyMDIzLTEyLTA1IDEzOjQzOjMzIiwiZSI6IkdQYWdlcy4wOTM2MTcwMTc4MzgxMzI5MyIsImkiOiJjMGx0YkhWa1IxWnVZMjFHYWxsWE9XWmFiVVpxV2xkS2RtSXlkR1pqUjJ3MFdsZDRabHBZV214aWJsSjJXREpHYWxwWVRucGlNVGwzV2xoS2VtSXlOV2hpUjJ3MldWZFNka2xxY0hWa1YzaHpURU5LY0dKdVVteGFNMHBvV1RKR2RsZ3lXbWhaTWxacFlqSTVjbGd6UW5CbFIxWnpXREpXTWxwWE5UQmllVWsyU1d4Q2FGb3lWbGRoVjFZelNXbDNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPWGRoV0doc1lrWTViR1J0Vm5Wa1J6bG1ZMGRXZVdNeU9YVlpWM2h3WlcxR2EySjVTVFppYmxaellrTjNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPWGRoV0doc1lrWTViR1J0Vm5Wa1J6bG1XVEk1ZFdSSFZqRmFSemxtWkcxR2MySXpTV2xQYlRVeFlrZDNjMGx0YkhWa1IxWnVZMjFHYWxsWE9XWmFiVVpxV2xkS2RtSXlkR1pqUjJ3MFdsZDRabHBZV214aWJsSjJXREpPZG1KdVVteGtWMUoyV0RJeGRscFhVbWhKYW05cFRVTktPWFpNUlVoSWFHZHdNWGc1ZEdGTGIzTnNjbU5LT1hWbGVVcHdXa1k1YmtscWIybFBSRkY1VGxSUmFVeERTbkJhUmpsM1dWZGtjR0p0UldsUGFVbDZUMFJuTlU1RVFXbE1RMHB3V2tZNWEySXlNWEJpYld4MlNXcHZhVTFVVFRKUFJFVTFTV2wzYVdGWE5UQmFWMlI1V1ZkT2FHSXhPVzFaVjA1c1dXMDVkbUV4T1RCaU1uUnNZbWxKTm1KdVZuTmlRM2RwWVZjMU1GcFhaSGxaVjA1b1lqRTViVmxYVG14WmJUbDJZVEU1ZDJGWWFHeGlSamx2V1ZkS2NHSkhiREJaV0VscFQyMDFNV0pIZDNOSmJXeDFaRWRXYm1OdFJtcFpWemxtV20xR2FscFhTblppTW5SbVkwZHNORnBYZUdaYVdGcHNZbTVTZGxnelVteGpNMUpzU1dwd2RXUlhlSE5NUTBwd1ltNVNiRm96U21oWk1rWjJXREphYUZreVZtbGlNamx5V0ROQ2NHVkhWbk5KYW5CMVpGZDRjMHhEU25CaWJsSnNXak5LYUZreVJuWllNbHBvV1RKV2FXSXlPWEpZTTBKd1pVZFdjMWd5VmpKYVZ6VXdZakU1YUZreVZucGpNamhwVDJsS1VWbFhaR3hXYld4c1pIbEoiLCJjIjoiIn0=

104.17.208.68

200 OK

31 B

URL GET HTTP/3
r3-pages-views.greatpages.com.br/?g=eyJ2IjoxLCJhIjoicGFnZXZpZXciLCJzIjoiTTA5RVZURk1ia0pvV2pKV2VreHROV3hrUXpWcFkyazRlVVZrWVZkNlF6VlBPVVJYU1hKQ1JXbHRNMWhEVm1aaFNGSXdZMGhOTmt4NU9ERk5hazB4VEZSbiIsImQiOiIyMDIzLTEyLTA1IDEzOjQzOjMzIiwiZSI6IkdQYWdlcy4wOTM2MTcwMTc4MzgxMzI5MyIsImkiOiJjMGx0YkhWa1IxWnVZMjFHYWxsWE9XWmFiVVpxV2xkS2RtSXlkR1pqUjJ3MFdsZDRabHBZV214aWJsSjJXREpHYWxwWVRucGlNVGwzV2xoS2VtSXlOV2hpUjJ3MldWZFNka2xxY0hWa1YzaHpURU5LY0dKdVVteGFNMHBvV1RKR2RsZ3lXbWhaTWxacFlqSTVjbGd6UW5CbFIxWnpXREpXTWxwWE5UQmllVWsyU1d4Q2FGb3lWbGRoVjFZelNXbDNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPWGRoV0doc1lrWTViR1J0Vm5Wa1J6bG1ZMGRXZVdNeU9YVlpWM2h3WlcxR2EySjVTVFppYmxaellrTjNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPWGRoV0doc1lrWTViR1J0Vm5Wa1J6bG1XVEk1ZFdSSFZqRmFSemxtWkcxR2MySXpTV2xQYlRVeFlrZDNjMGx0YkhWa1IxWnVZMjFHYWxsWE9XWmFiVVpxV2xkS2RtSXlkR1pqUjJ3MFdsZDRabHBZV214aWJsSjJXREpPZG1KdVVteGtWMUoyV0RJeGRscFhVbWhKYW05cFRVTktPWFpNUlVoSWFHZHdNWGc1ZEdGTGIzTnNjbU5LT1hWbGVVcHdXa1k1YmtscWIybFBSRkY1VGxSUmFVeERTbkJhUmpsM1dWZGtjR0p0UldsUGFVbDZUMFJuTlU1RVFXbE1RMHB3V2tZNWEySXlNWEJpYld4MlNXcHZhVTFVVFRKUFJFVTFTV2wzYVdGWE5UQmFWMlI1V1ZkT2FHSXhPVzFaVjA1c1dXMDVkbUV4T1RCaU1uUnNZbWxKTm1KdVZuTmlRM2RwWVZjMU1GcFhaSGxaVjA1b1lqRTViVmxYVG14WmJUbDJZVEU1ZDJGWWFHeGlSamx2V1ZkS2NHSkhiREJaV0VscFQyMDFNV0pIZDNOSmJXeDFaRWRXYm1OdFJtcFpWemxtV20xR2FscFhTblppTW5SbVkwZHNORnBYZUdaYVdGcHNZbTVTZGxnelVteGpNMUpzU1dwd2RXUlhlSE5NUTBwd1ltNVNiRm96U21oWk1rWjJXREphYUZreVZtbGlNamx5V0ROQ2NHVkhWbk5KYW5CMVpGZDRjMHhEU25CaWJsSnNXak5LYUZreVJuWllNbHBvV1RKV2FXSXlPWEpZTTBKd1pVZFdjMWd5VmpKYVZ6VXdZakU1YUZreVZucGpNamhwVDJsS1VWbFhaR3hXYld4c1pIbEoiLCJjIjoiIn0=
IP
104.17.208.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerLet's Encrypt
Subjectgreatpages.com.br
Fingerprint5E:BF:CF:85:ED:B2:22:B5:D9:29:14:F9:66:0C:25:EE:49:2C:E9:63
ValidityMon, 16 Oct 2023 03:37:40 GMT - Sun, 14 Jan 2024 03:37:39 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
31 B (31 bytes)
Hash
b1a8ecd5c3f464c5ae872401ae1929c1
ec82b7e06d38b93eba0dd68108140711cfa86eb5
49d1cf6777396141389bf9230460e84cc9bf6260594eb25095297d5ab3098b90

HTTP Headers

GET /?g=eyJ2IjoxLCJhIjoicGFnZXZpZXciLCJzIjoiTTA5RVZURk1ia0pvV2pKV2VreHROV3hrUXpWcFkyazRlVVZrWVZkNlF6VlBPVVJYU1hKQ1JXbHRNMWhEVm1aaFNGSXdZMGhOTmt4NU9ERk5hazB4VEZSbiIsImQiOiIyMDIzLTEyLTA1IDEzOjQzOjMzIiwiZSI6IkdQYWdlcy4wOTM2MTcwMTc4MzgxMzI5MyIsImkiOiJjMGx0YkhWa1IxWnVZMjFHYWxsWE9XWmFiVVpxV2xkS2RtSXlkR1pqUjJ3MFdsZDRabHBZV214aWJsSjJXREpHYWxwWVRucGlNVGwzV2xoS2VtSXlOV2hpUjJ3MldWZFNka2xxY0hWa1YzaHpURU5LY0dKdVVteGFNMHBvV1RKR2RsZ3lXbWhaTWxacFlqSTVjbGd6UW5CbFIxWnpXREpXTWxwWE5UQmllVWsyU1d4Q2FGb3lWbGRoVjFZelNXbDNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPWGRoV0doc1lrWTViR1J0Vm5Wa1J6bG1ZMGRXZVdNeU9YVlpWM2h3WlcxR2EySjVTVFppYmxaellrTjNhV0ZYTlRCYVYyUjVXVmRPYUdJeE9XMVpWMDVzV1cwNWRtRXhPWGRoV0doc1lrWTViR1J0Vm5Wa1J6bG1XVEk1ZFdSSFZqRmFSemxtWkcxR2MySXpTV2xQYlRVeFlrZDNjMGx0YkhWa1IxWnVZMjFHYWxsWE9XWmFiVVpxV2xkS2RtSXlkR1pqUjJ3MFdsZDRabHBZV214aWJsSjJXREpPZG1KdVVteGtWMUoyV0RJeGRscFhVbWhKYW05cFRVTktPWFpNUlVoSWFHZHdNWGc1ZEdGTGIzTnNjbU5LT1hWbGVVcHdXa1k1YmtscWIybFBSRkY1VGxSUmFVeERTbkJhUmpsM1dWZGtjR0p0UldsUGFVbDZUMFJuTlU1RVFXbE1RMHB3V2tZNWEySXlNWEJpYld4MlNXcHZhVTFVVFRKUFJFVTFTV2wzYVdGWE5UQmFWMlI1V1ZkT2FHSXhPVzFaVjA1c1dXMDVkbUV4T1RCaU1uUnNZbWxKTm1KdVZuTmlRM2RwWVZjMU1GcFhaSGxaVjA1b1lqRTViVmxYVG14WmJUbDJZVEU1ZDJGWWFHeGlSamx2V1ZkS2NHSkhiREJaV0VscFQyMDFNV0pIZDNOSmJXeDFaRWRXYm1OdFJtcFpWemxtV20xR2FscFhTblppTW5SbVkwZHNORnBYZUdaYVdGcHNZbTVTZGxnelVteGpNMUpzU1dwd2RXUlhlSE5NUTBwd1ltNVNiRm96U21oWk1rWjJXREphYUZreVZtbGlNamx5V0ROQ2NHVkhWbk5KYW5CMVpGZDRjMHhEU25CaWJsSnNXak5LYUZreVJuWllNbHBvV1RKV2FXSXlPWEpZTTBKd1pVZFdjMWd5VmpKYVZ6VXdZakU1YUZreVZucGpNamhwVDJsS1VWbFhaR3hXYld4c1pIbEoiLCJjIjoiIn0= HTTP/1.1
Host: r3-pages-views.greatpages.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 13:43:27 GMT
content-type: application/json
content-length: 31
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 830cb7dcfcc056c6-OSL
alt-svc: h3=":443"; ma=86400

cdn.greatpages.com.br/5235-87855.pages.net.br-2/1701734340/css.css

104.17.208.68

200 OK

5.5 kB

URL GET HTTP/1.1
cdn.greatpages.com.br/5235-87855.pages.net.br-2/1701734340/css.css
IP
104.17.208.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerCloudflare, Inc.
Subjectcdn.greatpages.com.br
Fingerprint9B:D2:8E:A4:5F:CB:B0:36:7A:59:81:61:C2:F1:2D:E7:A1:5F:DB:B6
ValidityTue, 19 Sep 2023 00:00:00 GMT - Wed, 18 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (23775), with no line terminators
Size
5.5 kB (5458 bytes)
Hash
06f9449818c01039f25e5cd4686d9c8a
a2fd5ef535a23063f5c3c25f98d6787e61da5221
72c418a30aff20bae37c91da77adf77d1c0381d97577f7f4b1a81b99bb19c71d

HTTP Headers

GET /5235-87855.pages.net.br-2/1701734340/css.css HTTP/1.1
Host: cdn.greatpages.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 13:43:27 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"06f9449818c01039f25e5cd4686d9c8a"
Last-Modified: Mon, 04 Dec 2023 23:59:01 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Expires: Wed, 04 Dec 2024 13:43:27 GMT
Cache-Control: public, max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 830cb7dcef5e0b4d-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

cdn.greatsoftwares.com.br/arquivos/paginas/84254-6e31084d6f22a703ecfe312b4fbe3db5.jpg

172.64.149.117

200 OK

3.2 kB

URL GET HTTP/3
cdn.greatsoftwares.com.br/arquivos/paginas/84254-6e31084d6f22a703ecfe312b4fbe3db5.jpg
IP
172.64.149.117:443
ASN
#13335 CLOUDFLARENET

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerGoogle Trust Services LLC
Subjectgreatsoftwares.com.br
Fingerprint67:7E:DB:D2:DC:14:C7:7B:17:48:17:20:56:DB:AB:72:C3:C7:85:09
ValidityFri, 13 Oct 2023 04:27:26 GMT - Thu, 11 Jan 2024 04:27:25 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
3.2 kB (3224 bytes)
Hash
cecdb486df4d5b7b7f1e9a671b544b50
bb5c67064fb3e6dea57a351abbfe5d63f2a402ee
d88dc7e1f639c25a52eba1a3fda88006115bedb749cb5f43fc8d3c6d31687dfe

HTTP Headers

GET /arquivos/paginas/84254-6e31084d6f22a703ecfe312b4fbe3db5.jpg HTTP/1.1
Host: cdn.greatsoftwares.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 13:43:27 GMT
content-type: image/webp
content-length: 3224
access-control-allow-origin: *
access-control-expose-headers: Content-Type
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=10857
content-disposition: inline; filename="84254-6e31084d6f22a703ecfe312b4fbe3db5.webp"
etag: "05d561e17a9b08f3b53466856b1e7683"
expires: Wed, 04 Dec 2024 13:43:27 GMT
last-modified: Mon, 04 Dec 2023 23:53:23 GMT
vary: Accept
x-guploader-uploadid: ABPtcPrf2cXr8iC4C5mxzZECBnOyZ1SoDkQgpQmaZ3SNNr5FDHG__9TAtaq19aKi31DWC-aFb4lvp76Ghg
x-goog-generation: 1701734003058170
x-goog-hash: crc32c=TJRD5Q==, md5=BdVh4XqbCPO1NGaFax52gw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 10857
cf-cache-status: HIT
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830cb7dead55b4f7-OSL

cdn.greatpages.com.br/5235-87855.pages.net.br-2/1701734340/js.js

104.17.208.68

200 OK

27 kB

URL GET HTTP/1.1
cdn.greatpages.com.br/5235-87855.pages.net.br-2/1701734340/js.js
IP
104.17.208.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerCloudflare, Inc.
Subjectcdn.greatpages.com.br
Fingerprint9B:D2:8E:A4:5F:CB:B0:36:7A:59:81:61:C2:F1:2D:E7:A1:5F:DB:B6
ValidityTue, 19 Sep 2023 00:00:00 GMT - Wed, 18 Sep 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (15962), with CRLF line terminators
Size
27 kB (26593 bytes)
Hash
e8e2fc012f8327ec5db9c240fcf8953a
865c462ddf31246441e1434cadb54cc20de60be6
3b64afef67cd42416af01e63310688e065dcea1af7ea3c16ee94e73d0867e809

HTTP Headers

GET /5235-87855.pages.net.br-2/1701734340/js.js HTTP/1.1
Host: cdn.greatpages.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 05 Dec 2023 13:43:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"e8e2fc012f8327ec5db9c240fcf8953a"
Last-Modified: Mon, 04 Dec 2023 23:59:02 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Expires: Wed, 04 Dec 2024 13:43:27 GMT
Cache-Control: public, max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 830cb7dcfcd456ca-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

5235-87855.pages.net.br/2

104.18.43.16

200 OK

17 kB

URL User Request GET HTTP/3
5235-87855.pages.net.br/2
IP
104.18.43.16:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectpages.net.br
Fingerprint2A:B8:BD:0E:47:67:1C:F8:0C:AF:EC:13:67:64:73:7E:1D:6D:A3:07
ValiditySat, 14 Oct 2023 21:43:21 GMT - Fri, 12 Jan 2024 21:43:20 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (46279)
Size
17 kB (16923 bytes)
Hash
79f7a11aac90a75d7bab8af2a90c3fc0
3d9850ff21411dc31e6d5ada5a8a5a6f22f55a5b
8bfdfb805f515038a48f27a29c913fbef10737d23ca85fbd171bc368a8247b02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2 HTTP/1.1
Host: 5235-87855.pages.net.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=5Yf.glYCAAHax9DRWB3evvlwvycUK5LJrnX08wObL1U-1701783800-0-AVl40eXJs+b6v4J8oeBDZI5/RKts0W1fsvOuwZoftdCXf6jpbklUAuK5uqM7w8IClwCPtwGXhf+ARGpZpGFWS0U=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 13:43:27 GMT
content-type: text/html
cache-control: max-age=0
great-server: GreatApps
great-service: gpages-r3-pages
vary: Accept-Encoding
server: cloudflare
cf-ray: 830cb7d80acdb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://5235-87855.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:43:03 GMT
expires: Tue, 03 Dec 2024 23:43:03 GMT
cache-control: public, max-age=31536000
age: 50425
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://5235-87855.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:53:42 GMT
expires: Tue, 03 Dec 2024 23:53:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 49786
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.greatsoftwares.com.br/arquivos/paginas_editor/84254-fd8971f1a4f9843fbed830b611579e96.jpg

172.64.149.117

200 OK

13 kB

URL GET HTTP/3
cdn.greatsoftwares.com.br/arquivos/paginas_editor/84254-fd8971f1a4f9843fbed830b611579e96.jpg
IP
172.64.149.117:443
ASN
#13335 CLOUDFLARENET

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerGoogle Trust Services LLC
Subjectgreatsoftwares.com.br
Fingerprint67:7E:DB:D2:DC:14:C7:7B:17:48:17:20:56:DB:AB:72:C3:C7:85:09
ValidityFri, 13 Oct 2023 04:27:26 GMT - Thu, 11 Jan 2024 04:27:25 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x640, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
13 kB (12736 bytes)
Hash
1b1b9615da7365c8c59b46c63e42f720
fb5ffe76a032f67838a7e240e0efb3dce44ac536
427fd0b0f5ff5ebd563a6a433d14ac29892d1e30b533454107615772732bc163

HTTP Headers

GET /arquivos/paginas_editor/84254-fd8971f1a4f9843fbed830b611579e96.jpg HTTP/1.1
Host: cdn.greatsoftwares.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 13:43:28 GMT
content-type: image/webp
content-length: 12736
access-control-allow-origin: *
access-control-expose-headers: Content-Type
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=52662
content-disposition: inline; filename="84254-fd8971f1a4f9843fbed830b611579e96.webp"
etag: "a7d979a1c4447303b14a1be812d6cb45"
expires: Wed, 04 Dec 2024 13:43:28 GMT
last-modified: Mon, 04 Dec 2023 23:46:35 GMT
vary: Accept
x-guploader-uploadid: ABPtcPr08CxZ7pOLp6CyHN-qorsSXoa5WOZ-ryr_CMqGW4BELTLj9I0igwq7ywR_Y-UGZwoN2lM
x-goog-generation: 1701733595313988
x-goog-hash: crc32c=0q5YaA==, md5=p9l5ocREcwOxShvoEtbLRQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 52662
cf-cache-status: HIT
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830cb7e02f45b4f7-OSL

fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap

216.58.211.10

200 OK

17 kB

URL GET HTTP/3
fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap
IP
216.58.211.10:443
ASN
#15169 GOOGLE

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
17 kB (16618 bytes)
Hash
bbb1f2872926812a827158042b583a7a
32753baef4c140edd24bcb7789fb7cfa6af4e37c
1de3e8ddbe22c292a85f1fbf2e68d7eaf7b8a496c089fad83e11cbf852dd2dfd

HTTP Headers

GET /css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 05 Dec 2023 13:43:27 GMT
date: Tue, 05 Dec 2023 13:43:27 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

5235-87855.pages.net.br/cdn-cgi/rum?

104.18.43.16

204 No Content

0 B

URL POST HTTP/3
5235-87855.pages.net.br/cdn-cgi/rum?
IP
104.18.43.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://5235-87855.pages.net.br/1/
Certificate
IssuerLet's Encrypt
Subjectpages.net.br
Fingerprint2A:B8:BD:0E:47:67:1C:F8:0C:AF:EC:13:67:64:73:7E:1D:6D:A3:07
ValiditySat, 14 Oct 2023 21:43:21 GMT - Fri, 12 Jan 2024 21:43:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: 5235-87855.pages.net.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 452
Origin: https://5235-87855.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Tue, 05 Dec 2023 13:43:36 GMT
access-control-allow-origin: https://5235-87855.pages.net.br
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 830cb817b9e9b524-OSL
x-frame-options: DENY
x-content-type-options: nosniff

static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

104.16.56.101

200 OK

20 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
IP
104.16.56.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint89:79:35:ED:04:A2:CA:50:F7:9A:B8:FE:DF:A5:0C:B1:F2:E6:DD:E8
ValidityMon, 10 Apr 2023 00:00:00 GMT - Tue, 09 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (19986), with no line terminators
Size
20 kB (19986 bytes)
Hash
dd1d068fdb5fe90b6c05a5b3940e088c
0d96f9df8772633a9df4c81cf323a4ef8998ba59
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

HTTP Headers

GET /beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://5235-87855.pages.net.br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 13:43:27 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.10.0"
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 830cb7dccaa3069b-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.greatsoftwares.com.br/arquivos/paginas_editor/84254-55b34fe0958965015af287fc5d8f7be2.jpg

172.64.149.117

200 OK

16 kB

URL GET HTTP/3
cdn.greatsoftwares.com.br/arquivos/paginas_editor/84254-55b34fe0958965015af287fc5d8f7be2.jpg
IP
172.64.149.117:443
ASN
#13335 CLOUDFLARENET

Requested by
https://5235-87855.pages.net.br/2
Certificate
IssuerGoogle Trust Services LLC
Subjectgreatsoftwares.com.br
Fingerprint67:7E:DB:D2:DC:14:C7:7B:17:48:17:20:56:DB:AB:72:C3:C7:85:09
ValidityFri, 13 Oct 2023 04:27:26 GMT - Thu, 11 Jan 2024 04:27:25 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x614, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
16 kB (15450 bytes)
Hash
3621fd6ec02308dd0e1bc7f5663ed6f1
304b7ecfe7f5c9bee43a5413843fa43df6ae60dd
5b31feb1d038672e6313971c099d63e68fed2d82209b7b7f263d9718a7653857

HTTP Headers

GET /arquivos/paginas_editor/84254-55b34fe0958965015af287fc5d8f7be2.jpg HTTP/1.1
Host: cdn.greatsoftwares.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://5235-87855.pages.net.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 05 Dec 2023 13:43:28 GMT
content-type: image/webp
content-length: 15450
access-control-allow-origin: *
access-control-expose-headers: Content-Type
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=31536000
cf-bgj: imgq:85,h2pri
cf-polished: qual=85, origFmt=jpeg, origSize=62632
content-disposition: inline; filename="84254-55b34fe0958965015af287fc5d8f7be2.webp"
etag: "080563b6d4fc2e57906609aa2db4e7be"
expires: Wed, 04 Dec 2024 13:43:28 GMT
last-modified: Mon, 04 Dec 2023 23:42:05 GMT
vary: Accept
x-guploader-uploadid: ABPtcPoz-L8t8BoJ7k5M8vuzMNpMLSbCwU6v-I4apHa0YJNZBDGU8ImmiedSEmkR1lmMjXVbauw
x-goog-generation: 1701733325533704
x-goog-hash: crc32c=gpOJrA==, md5=CAVjttT8LleQZgmqLbTnvg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62632
cf-cache-status: HIT
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830cb7e02f44b4f7-OSL

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (23)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN