mpdobrasil.br.com/tt/tt-advice.scr
54.153.56.183301 Moved Permanently 162 B URL User Request GET HTTP/1.1 mpdobrasil.br.com/tt/tt-advice.scr
IP 54.153.56.183:80
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
NIDS Severity Alert suricata low ET HUNTING HTTP request for resource ending in .scr
GET /tt/tt-advice.scr HTTP/1.1
Host: mpdobrasil.br.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 07 Jun 2023 04:47:04 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://br.com/
54.153.56.183200 OK 3.5 kB URL User Request GET HTTP/1.1 IP 54.153.56.183:443
Certificate IssuerLet's Encrypt
Subjectbr.com
FingerprintEA:F1:29:B1:0F:4E:A4:EB:89:88:1B:3A:05:1D:73:B5:34:6D:DB:69
ValiditySun, 04 Jun 2023 20:21:29 GMT - Sat, 02 Sep 2023 20:21:28 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1794)
Hash 88768cc0eb527e76ab60193d9b93617a
e860a9eb356a600e93cbc4ec3551d060b8efaaff
7974d8555451579a3759f668a0f665fb6e5b2492701a4ffd19d279d7272c53e9
GET / HTTP/1.1
Host: br.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Jun 2023 04:47:04 GMT
Content-Type: text/html
Last-Modified: Fri, 19 May 2023 19:03:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"6467c7eb-2248"
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash fca7925d7c1a1c76360af29ed6eaba8a
942a1bce3f9f64d89586b5138952004ea9da86d9
dad98384ece0c3c5c70c34027bb5e8e558e65922713ef20af6c6560c2c762c4c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Jun 2023 04:47:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-WVKR5ZB
142.250.74.40200 OK 50 kB URL GET HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-WVKR5ZB
IP 142.250.74.40:443
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint73:BF:B0:D4:62:48:8E:EF:09:5F:00:57:95:98:82:16:BB:07:35:0C
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT
File type ASCII text, with very long lines (2271)
Hash 1110f0dcf5da696b92507651e90c62df
0288fe98ec144cd66e73bcb4c86899686075bf1c
9aa907be417d1e1062305f653ca3f8f430f356bd044c5542cdaa8c5bf016b3e1
GET /gtm.js?id=GTM-WVKR5ZB HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 07 Jun 2023 04:47:05 GMT
expires: Wed, 07 Jun 2023 04:47:05 GMT
cache-control: private, max-age=900
last-modified: Wed, 07 Jun 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 49710
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
br.com/logo_insta.jpg
54.153.56.183200 OK 10 kB IP 54.153.56.183:443
Certificate IssuerLet's Encrypt
Subjectbr.com
FingerprintEA:F1:29:B1:0F:4E:A4:EB:89:88:1B:3A:05:1D:73:B5:34:6D:DB:69
ValiditySun, 04 Jun 2023 20:21:29 GMT - Sat, 02 Sep 2023 20:21:28 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 245x115, components 3\012- data
Hash 2ed602a981d6bafb0969519cf1ffccaf
6c3dbb03355a05887282f3993bcb35466731e656
ca7d91f916b159c5cfc3c8f7c6fbb99144d9b0e849aa4e5340958baa60f5522f
GET /logo_insta.jpg HTTP/1.1
Host: br.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Jun 2023 04:47:05 GMT
Content-Type: image/jpeg
Content-Length: 10152
Last-Modified: Fri, 19 May 2023 19:03:07 GMT
Connection: keep-alive
ETag: "6467c7eb-27a8"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash fca7925d7c1a1c76360af29ed6eaba8a
942a1bce3f9f64d89586b5138952004ea9da86d9
dad98384ece0c3c5c70c34027bb5e8e558e65922713ef20af6c6560c2c762c4c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Jun 2023 04:47:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-6PED8PDW5M&l=dataLayer&cx=c
142.250.74.40200 OK 86 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-6PED8PDW5M&l=dataLayer&cx=c
IP 142.250.74.40:443
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint73:BF:B0:D4:62:48:8E:EF:09:5F:00:57:95:98:82:16:BB:07:35:0C
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT
File type ASCII text, with very long lines (4537)
Hash 899a94840900b0ef77d343ad82ef40dc
e938f6cfbd2ff9a6b50b2362130df98c5a1088e3
772f06af23d6e25517ffe2bf23f0f747b2955a94e62573465a7ca89f161ee907
GET /gtag/js?id=G-6PED8PDW5M&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 07 Jun 2023 04:47:05 GMT
expires: Wed, 07 Jun 2023 04:47:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86482
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
br.com/logo_gandi.png
54.153.56.183200 OK 5.5 kB IP 54.153.56.183:443
Certificate IssuerLet's Encrypt
Subjectbr.com
FingerprintEA:F1:29:B1:0F:4E:A4:EB:89:88:1B:3A:05:1D:73:B5:34:6D:DB:69
ValiditySun, 04 Jun 2023 20:21:29 GMT - Sat, 02 Sep 2023 20:21:28 GMT
File type PNG image data, 245 x 115, 8-bit/color RGBA, non-interlaced\012- data
Hash 0dc6a130163b35a369bcc30996e4e0d3
caf52793fd958b59386028d0585cb61de22e49f2
c0dea6a83144b8c7723178434c3fdd73eb10a412b2ca8801ee717d94ae79de68
GET /logo_gandi.png HTTP/1.1
Host: br.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Jun 2023 04:47:05 GMT
Content-Type: image/png
Content-Length: 5454
Last-Modified: Fri, 19 May 2023 19:03:07 GMT
Connection: keep-alive
ETag: "6467c7eb-154e"
Accept-Ranges: bytes
br.com/logo_101domain.jpg
54.153.56.183200 OK 11 kB URL GET HTTP/1.1 br.com/logo_101domain.jpg
IP 54.153.56.183:443
Certificate IssuerLet's Encrypt
Subjectbr.com
FingerprintEA:F1:29:B1:0F:4E:A4:EB:89:88:1B:3A:05:1D:73:B5:34:6D:DB:69
ValiditySun, 04 Jun 2023 20:21:29 GMT - Sat, 02 Sep 2023 20:21:28 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 245x115, components 3\012- data
Hash 3374fb72142004d195fab1f2f97f1e52
e255cb3df7bdb186d754efebc0afd2dc820d18d3
54ad9884bcf0735623bf18a34a982d59b518675dd16176594b8e872fcb6356bf
GET /logo_101domain.jpg HTTP/1.1
Host: br.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Jun 2023 04:47:05 GMT
Content-Type: image/jpeg
Content-Length: 10682
Last-Modified: Fri, 19 May 2023 19:03:07 GMT
Connection: keep-alive
ETag: "6467c7eb-29ba"
Accept-Ranges: bytes
br.com/favicon.ico
54.153.56.183200 OK 1.1 kB IP 54.153.56.183:443
Certificate IssuerLet's Encrypt
Subjectbr.com
FingerprintEA:F1:29:B1:0F:4E:A4:EB:89:88:1B:3A:05:1D:73:B5:34:6D:DB:69
ValiditySun, 04 Jun 2023 20:21:29 GMT - Sat, 02 Sep 2023 20:21:28 GMT
File type MS Windows icon resource - 1 icon, 15x16, 32 bits/pixel\012- data
Hash 892dba39ac1f0d147464d6e185c9ebd8
1f984b1329e4bd8d8273dd1964cee0b84d8f254b
374820b7c24636dff100f77f68b3ad8483bbc1623efeb5f4d3b2bdfa5dc8c58b
GET /favicon.ico HTTP/1.1
Host: br.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://br.com/
Cookie: _ga_6PED8PDW5M=GS1.1.1686113224.1.0.1686113224.0.0.0; _ga=GA1.1.1817340088.1686113225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Jun 2023 04:47:05 GMT
Content-Type: image/x-icon
Content-Length: 1086
Last-Modified: Fri, 19 May 2023 19:03:07 GMT
Connection: keep-alive
ETag: "6467c7eb-43e"
Accept-Ranges: bytes