Report - www.casadoscontos.com.br/texto/200704268

Report Overview

Submitted URL
www.casadoscontos.com.br/texto/200704268
IP
176.9.117.105
ASN
#24940 Hetzner Online GmbH
Submitted
2022-09-25 01:05:11
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
simplewebanalysis.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	397 B	417 B	3.66.118.16
getpocket.cdn.mozilla.net	1369	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	423 B	43 kB	34.120.5.221
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	331 B	699 B	142.250.74.3
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	369 B	20 kB	142.250.74.174
plaitvaccination.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	397 B	21 kB	192.243.59.20
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	57 kB	34.120.237.76
www.casadoscontos.com.br	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.3 kB	64 kB	176.9.117.105
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.215.56.181
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	689 B	571 B	216.239.34.36
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	944 B	143.204.42.88
addresseepaper.com	18169	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	357 B	968 B	104.21.235.2
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.9 kB	8.0 kB	23.36.76.226
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	380 B	76 kB	142.250.74.72
webstats1.com	855670	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	33 kB	172.64.99.25
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	652 B	1.5 kB	23.36.77.32
precedentadministrator.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	449 B	467 B	192.243.59.13
unseenreport.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	690 B	423 B	192.243.59.13

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-25	medium	plaitvaccination.com	Sinkholed
2022-09-24	medium	precedentadministrator.com	Sinkholed
2022-09-24	medium	unseenreport.com	Sinkholed

JavaScript (15)

	URL	Size	First Seen	Last Seen
	www.casadoscontos.com.br/texto/200704268	993 B	2023-03-08	2023-03-08
Pretty URL www.casadoscontos.com.br/texto/200704268 IP 176.9.117.105 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash 90a25f50a275e38935c0224fa2065d12 9478df45841ce7ea2799e025460f7ea6594a1124 ca91417bb528a4d289453aab731f7f01c5ee8d585edd7f5ecf39ca301a3a528d Loading...

	plaitvaccination.com/44/12/0e/44120ebab0b46af97fa4633c720e738d.js	60 kB	2023-03-08	2023-03-08
Pretty URL plaitvaccination.com/44/12/0e/44120ebab0b46af97fa4633c720e738d.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash 3986ccd39ac5b6a012f968bc78f3ab08 c1742ac0feac4760f202d3a5603ed4267b9192b2 7f79ef74d4da9968c0180752d165ae2f95c192db18412e555492d91794a1b933 Loading...

	www.casadoscontos.com.br/texto/200704268	18 B	2023-03-08	2023-03-08
Pretty URL www.casadoscontos.com.br/texto/200704268 IP 176.9.117.105 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash c8f9bbd4bef1c02c6709f1467a58b0d0 3325d7962f4dcc02a29ffa792ef67bb129fcca1e 5890ded768c71334fe48b0150d6e8ceb34bde6eacda64c7b1166e02b076b4246 Loading...

	www.casadoscontos.com.br/texto/200704268	345 B	2023-03-08	2023-03-08
Pretty URL www.casadoscontos.com.br/texto/200704268 IP 176.9.117.105 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash 94d5cbc35a92e9b574eac58865145e6f cbe40b43790b448a238d9c105a208e7233957276 2c1975897ac2fb2245d99aa5bafa8a16044ae81cba8effcd62fe15530f243ba7 Loading...

	www.casadoscontos.com.br/static/chat-202003180524.js	4.5 kB	2023-03-08	2023-03-08
Pretty URL www.casadoscontos.com.br/static/chat-202003180524.js IP 176.9.117.105 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash 14e3153a51fd69f8701a77d742b60f5d d992b55708df84cd7ff0e2bddbbc8f5ab9867c3b 2d9a267d0a6ccda72d51f2c53d251a20691529dd950ab68a8176438cb2cc9026 Loading...

	www.casadoscontos.com.br/texto/200704268	137 B	2023-03-08	2023-03-08
Pretty URL www.casadoscontos.com.br/texto/200704268 IP 176.9.117.105 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash 6100b51ec4df827c28a2e3b348cad8e9 76a0118a8949304906337719620c838b73a59de3 58f65cf37f18495d4ae9ea8ddfa913ebbd3760d878f20ccca4742436fdccbccb Loading...

	www.casadoscontos.com.br/texto/200704268	1.0 kB	2023-03-08	2023-03-08
Pretty URL www.casadoscontos.com.br/texto/200704268 IP 176.9.117.105 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash ffe5fb8e4a3a1e460e1e2ebbb1aea395 74a276ac15b26b020a1d8ed0c2ef6f980f6b523a c52dc05670cb9f5379f159485f33d59479a080febab45acf88b015838123c713 Loading...

	www.casadoscontos.com.br/texto/200704268	2.5 kB	2023-03-08	2023-03-08
Pretty URL www.casadoscontos.com.br/texto/200704268 IP 176.9.117.105 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash 43a9337a145992c0183783ac01a6e199 2a42073a71ded902a7fb0e2e177f5cb15eb777d5 7003fb40ab63bd1fb4e778319e435e88dc594ddc3f47b07b00c41be0d55dfb00 Loading...

	www.googletagmanager.com/gtag/js?id=G-K971KD8MT5	215 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-K971KD8MT5 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash c3eddcd8f2c3b8e5258b126d64c62068 b09c69b3a1a8e6101f9acf404aaf0dfaa8e06320 2d7fd5b8806917bacb4f116afac716c13bdc48e05638afdf022356956bae2691 Loading...

	www.casadoscontos.com.br/texto/200704268	132 B	2023-03-08	2023-03-08
Pretty URL www.casadoscontos.com.br/texto/200704268 IP 176.9.117.105 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash c36b6a7b9e76e54e43dbe4f5be19b316 62af5db7d1f735c03ab7aa1e7788ea024d5a66bc 3b5b334cbc6bb05604b078d27ecb357dfe44964c7abad2899bf2c41af07c293a Loading...

	www.casadoscontos.com.br/texto/200704268	281 B	2023-03-08	2023-03-08
Pretty URL www.casadoscontos.com.br/texto/200704268 IP 176.9.117.105 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash 6a59c35300d153bee7fe20d46a2441fd 649f36ac6b7f0223ab512c5c1c2d68450c4ce60b 28d595bdfe5fbf212eabbb6074edbd4f6435ec9891a0c91efbe1f4a4d0a26caa Loading...

	www.casadoscontos.com.br/texto/200704268	2.3 kB	2023-03-08	2023-03-08
Pretty URL www.casadoscontos.com.br/texto/200704268 IP 176.9.117.105 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash e0cf7f3a0d96ef4fd257417caa260a77 7bffc7bce0a13d895793243828872c6b4fe4900e 82289624f124a80d220b1576fd2b6ab75c40d08e64646a5224b153e59a4e75a2 Loading...

	www.casadoscontos.com.br/static/casa-202107290419.js	4.0 kB	2023-03-08	2023-03-08
Pretty URL www.casadoscontos.com.br/static/casa-202107290419.js IP 176.9.117.105 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash 34c5b3b0a054f84a51f2508b4c785e62 7bc3b5bc2f6ee7b66d5bb77ca6f46aceb562ad1e b5bdf0987c86d073af47022a7ed25717288cde3dc8b3ef867204a59d674e3ed8 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-01-06
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:05:31 Last Seen2024-01-06 17:39:53 Times Seen66 Hash 99ba52a15d2da967b023016d1af58cbd 5c2246049c43834d17113877b4731bd4f9803d55 9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f Loading...

		Size	First Seen	Last Seen
	#1 Eval - 5263af4f0ba630e21f643e8e8f112e05	2.9 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 00:46:08 Last Seen2023-03-08 00:46:08 Times Seen1 Hash 5263af4f0ba630e21f643e8e8f112e05 64372db0dd2d3cc14d0c6ff44a157d5b34da7584 13cf5c3d93c672addf8fdc7d1d2b4a5fb8d8d361097965d070a1a84496822545 Loading...

HTTP Transactions (52)

URL IP Response Size

www.casadoscontos.com.br/texto/200704268

176.9.117.105

301 Moved Permanently

178 B

URL HTTP/1.1
www.casadoscontos.com.br/texto/200704268
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
bd2695f4b079c71dbddde3436286fb9c
733c05da132193d6cf1d8e242d12e2525c03bab4
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b

HTTP Headers

GET /texto/200704268 HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 25 Sep 2022 01:04:59 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.casadoscontos.com.br/texto/200704268

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8667
Expires: Sun, 25 Sep 2022 03:29:26 GMT
Date: Sun, 25 Sep 2022 01:04:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
999cba3a77eef9ee50947f38c9ee6c5d
818310602249f4512f252835c27e62914f39d584
3e2af0de9417181121ad7f17ea3c4921afbe84c9beb5f2bd5287c3cec3d4a9c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E2AF0DE9417181121AD7F17EA3C4921AFBE84C9BEB5F2BD5287C3CEC3D4A9C6"
Last-Modified: Thu, 22 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12320
Expires: Sun, 25 Sep 2022 04:30:19 GMT
Date: Sun, 25 Sep 2022 01:04:59 GMT
Connection: keep-alive

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

42 kB

URL HTTP/2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP
34.120.5.221:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
42 kB (42096 bytes)
Hash
d6e1015da6e34a8baf058f06f64e1ffb
66c0cf01f4ada2e7f0faecd7e95bdb77054b64bb
e3a5e1e0a84cae9f4a8c108c9521922b5a7336a9ee0fdda36c5566b851333e22

HTTP Headers

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: MIQFbMj6o3ybI1ooZc54DVNGbXPaDcnMSLZGsqH7kI2UgZCZ_4LYBA==
content-encoding: gzip
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 00:56:42 GMT
age: 725
content-type: application/json
content-length: 42096
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: x6N3fNayd3Ii-y0NmlF_XlMmzE1pZBNadKtto3bVnZJtc27AhTwjyQ==
age: 73785
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 00:14:42 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 60FcWPCPFLxBbGEltlA0NwfnjAdH2QbJzNSl67q9A4NgOqCUyKx0ug==
Age: 3018

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3a09ceab7cac090e8107344111a74900
1f9044547efe1b83139c6c2a853344f572042fc0
a1dc331c968b8721626bb45c4a1e6895aead3018eae62a450b160962c5282acc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1DC331C968B8721626BB45C4A1E6895AEAD3018EAE62A450B160962C5282ACC"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=283
Expires: Sun, 25 Sep 2022 01:09:43 GMT
Date: Sun, 25 Sep 2022 01:05:00 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:04:59 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.casadoscontos.com.br/static/logo.png

176.9.117.105

200 OK

17 kB

URL HTTP/2
www.casadoscontos.com.br/static/logo.png
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 236 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (16913 bytes)
Hash
6e9332d8f136d47d7d9c61d679917bfc
e35da58c9be097da9c9a721deeb0df1486236efe
9a2e8757a8c6cde067df223500eeb0238918f76c61d26f2863e062758c65a8e2

HTTP Headers

GET /static/logo.png HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: image/png
content-length: 16913
last-modified: Thu, 14 Oct 2021 05:51:19 GMT
etag: "6167c557-4211"
expires: Sun, 02 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=604800, public
accept-ranges: bytes
X-Firefox-Spdy: h2

www.casadoscontos.com.br/texto/siga-insta.svg

176.9.117.105

200 OK

9.6 kB

URL HTTP/2
www.casadoscontos.com.br/texto/siga-insta.svg
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (9570)
Size
9.6 kB (9610 bytes)
Hash
e5cac52262d581af97e0c1b628659d21
b8a79dad856b6d5da8d205f367e8e135fb17f8cf
7fbccbf61760d23992a9989996a41d40d5390617f79ba3af1c1a5922964c54d9

HTTP Headers

GET /texto/siga-insta.svg HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: push1234=1; CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: image/svg+xml
content-length: 9610
last-modified: Fri, 09 Jul 2021 19:17:43 GMT
etag: "60e8a0d7-258a"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.casadoscontos.com.br/imagens/perfil4.svg

176.9.117.105

200 OK

1.6 kB

URL HTTP/2
www.casadoscontos.com.br/imagens/perfil4.svg
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1571)
Size
1.6 kB (1572 bytes)
Hash
e41423c53759ff634dc4439e5abc17ad
505e883023e11c7f27d0277dabf61d52774b318d
0de39d9d880189827d48579035d4530a5746b0187a1320e4d04251792b4eb061

HTTP Headers

GET /imagens/perfil4.svg HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: image/svg+xml
content-length: 1572
last-modified: Thu, 29 Jul 2021 07:22:53 GMT
etag: "6102574d-624"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.casadoscontos.com.br/static/grass_pattern.webp

176.9.117.105

200 OK

4.0 kB

URL HTTP/2
www.casadoscontos.com.br/static/grass_pattern.webp
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 261x82, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
4.0 kB (4006 bytes)
Hash
42443583c5ae07e82933d5e9d7560cf5
a4740c289a8a9a581f568aaeee644538aa54295e
cc66b9d247c6deb97793bffaee12c2d9bef46b78b285c09830f62289c62cf1f2

HTTP Headers

GET /static/grass_pattern.webp HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/static/style-202108240506.css
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: image/webp
content-length: 4006
last-modified: Sun, 19 Sep 2021 05:23:29 GMT
etag: "6146c951-fa6"
expires: Sun, 02 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=604800, public
accept-ranges: bytes
X-Firefox-Spdy: h2

www.casadoscontos.com.br/static/casa-202107290419.js

176.9.117.105

200 OK

2.2 kB

URL HTTP/2
www.casadoscontos.com.br/static/casa-202107290419.js
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
2.2 kB (2185 bytes)
Hash
5ba2a6d540ec6e2e9a5a4d95e24e6850
c96eb0fb1df4d90489baae146ce52787050a9cf7
686a4b02a4a39e7b6821431d7e563ad7431808f81fcf3242d719d1cf7355db71

HTTP Headers

GET /static/casa-202107290419.js HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: application/javascript
last-modified: Thu, 29 Jul 2021 20:41:14 GMT
vary: Accept-Encoding
etag: W/"6103126a-fc7"
expires: Sun, 02 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=604800, public
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-K971KD8MT5

142.250.74.72

200 OK

75 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-K971KD8MT5
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (20189)
Size
75 kB (75072 bytes)
Hash
7806a3a3cb01bfbc8d1f3ef236501b7f
225f011f5a8e0f9bc27ed45dde9459958c67b704
be35a29e5a6399796fba8dd7b4a49fbea58359a037c4ae52eaf776af256dbc68

HTTP Headers

GET /gtag/js?id=G-K971KD8MT5 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 25 Sep 2022 01:05:00 GMT
expires: Sun, 25 Sep 2022 01:05:00 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75072
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
58b52380a6b5c598d1ad88e8da148137
a56206a0277aea6e8e2f7629793aba713d8edd0c
561a57c27dfa1f8651a89292428576b626e8700b9cd6b8173a0ce121aa8f9f4a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:05:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.casadoscontos.com.br/ensaios/aurora/propaganda2.jpg

176.9.117.105

200 OK

22 kB

URL HTTP/2
www.casadoscontos.com.br/ensaios/aurora/propaganda2.jpg
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 336x336, components 3\012- data
Size
22 kB (21822 bytes)
Hash
4d515b2876670b10ac5a50ae99f28145
ae0b35feb9093b1ba586a1781fd2bfe0cb9f2c90
336a9b8a94d1a53dbc77977dfacdd1b9c7d757f351e424d38e88c2e999eed9fd

HTTP Headers

GET /ensaios/aurora/propaganda2.jpg HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: image/jpeg
content-length: 21822
last-modified: Wed, 07 Apr 2021 09:37:34 GMT
etag: "606d7d5e-553e"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.casadoscontos.com.br/ads/ads.json

176.9.117.105

200 OK

147 B

URL HTTP/2
www.casadoscontos.com.br/ads/ads.json
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type
JSON data\012- , ASCII text
Size
147 B (147 bytes)
Hash
ccc5a4e5d2243a68c565a93ce7faff64
e86617dc8e959bbbb5240d5d403d751fc97f36c8
ec4609e8cd12181964d281828bcfff0b6e6f4b85366bef38fc0f37915917e32a

HTTP Headers

GET /ads/ads.json HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.casadoscontos.com.br/texto/200704268
Connection: keep-alive
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: application/json
content-length: 147
last-modified: Mon, 29 Aug 2022 23:08:15 GMT
etag: "630d46df-93"
expires: Tue, 25 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=2592000, public
accept-ranges: bytes
X-Firefox-Spdy: h2

www.casadoscontos.com.br/static/casa.png

176.9.117.105

200 OK

3.6 kB

URL HTTP/2
www.casadoscontos.com.br/static/casa.png
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type
MS Windows icon resource - 1 icon, 32x27, 32 bits/pixel\012- data
Size
3.6 kB (3626 bytes)
Hash
c5df0cb48dd6e2d7ec6f42b3a60c4ef5
31c8587ae5ae31ce07853a7c5f5d32f3ab42d403
27671ac6100cf6ce56248647194b76df796744683ad1bf01fd0ee665fd105481

HTTP Headers

GET /static/casa.png HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: image/png
content-length: 3626
last-modified: Mon, 30 May 2016 02:50:19 GMT
etag: "574baa6b-e2a"
expires: Sun, 02 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=604800, public
accept-ranges: bytes
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (19826 bytes)
Hash
cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sun, 25 Sep 2022 00:41:09 GMT
expires: Sun, 25 Sep 2022 02:41:09 GMT
cache-control: public, max-age=7200
age: 1431
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

webstats1.com/www/images/36bfa178bd56e04315f699e296343626.jpg

172.64.99.25

200 OK

29 kB

URL HTTP/2
webstats1.com/www/images/36bfa178bd56e04315f699e296343626.jpg
IP
172.64.99.25:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Size
29 kB (28780 bytes)
Hash
36bfa178bd56e04315f699e296343626
0ac6791b0d4899247d2575486f9de8bafa3d6ae8
ec8ff71912ff3d7d5cc630825a6c599529f65cd12b7a88a87e1ea571c4a49806

HTTP Headers

GET /www/images/36bfa178bd56e04315f699e296343626.jpg HTTP/1.1
Host: webstats1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webstats1.com/www/delivery/afr.php?zoneid=123
Cookie: OAID=01000111010001000101000001010010
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: image/jpeg
content-length: 28780
last-modified: Fri, 29 Apr 2022 22:59:40 GMT
etag: "626c6ddc-706c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
cf-cache-status: HIT
age: 10491029
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PrTWPHXLIBpVViUs1mWrFju9QJ%2BEw1%2FM6O5qlBADtq51Lg42iTzi0RwFy5A86rmXuyTj1EiUoeDZnVPTSmkHMS7jMXo8GBa43f0wk1Q%2FA4MtR1effr6vjzeFLJ6%2FG79A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ffd95a2d588877-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sun, 25 Sep 2022 01:04:17 GMT
Expires: Sun, 25 Sep 2022 01:04:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: onRNLQWGFQ2XxD73z6kluA37kAm68j778HMPMksfMKcoL9LVtor5dg==
Age: 43

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a7809de115ea73f8b61f3d20a9978493
01fc65a2b694d7aadd5204d21801e87b2b55b73e
72692486033feeb149424c59576c6c75b17228dfc89b4c369d2e17cc4bff3d52

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4614
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:05:00 GMT
Last-Modified: Sat, 24 Sep 2022 23:48:06 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.215.56.181

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.215.56.181:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: S9wLRVdnbOoiizmaYfcDpQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5ZXXxoAXbuupZ0mop/2ckEgGkfc=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
da10972f89b828d49369f1933835eac8
7c67a240255d8d6ce8c274622a44acfa6c57becb
cf1d8a6208ebc5541fb3de598fe09ae79fa876da28bd2928f0ce20b110a02c38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF1D8A6208EBC5541FB3DE598FE09AE79FA876DA28BD2928F0CE20B110A02C38"
Last-Modified: Fri, 23 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21581
Expires: Sun, 25 Sep 2022 07:04:42 GMT
Date: Sun, 25 Sep 2022 01:05:01 GMT
Connection: keep-alive

region1.google-analytics.com/g/collect?v=2&tid=G-K971KD8MT5&gtm=2oe9l0&_p=861752593&cid=1943194146.1664067899&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664067899&sct=1&seg=0&dl=https%3A%2F%2Fwww.casadoscontos.com.br%2Ftexto%2F200704268&dt=calcinha%20da%20irm%C3%A3&en=page_view&_fv=1&_ss=1&_ee=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-K971KD8MT5&gtm=2oe9l0&_p=861752593&cid=1943194146.1664067899&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664067899&sct=1&seg=0&dl=https%3A%2F%2Fwww.casadoscontos.com.br%2Ftexto%2F200704268&dt=calcinha%20da%20irm%C3%A3&en=page_view&_fv=1&_ss=1&_ee=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-K971KD8MT5&gtm=2oe9l0&_p=861752593&cid=1943194146.1664067899&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664067899&sct=1&seg=0&dl=https%3A%2F%2Fwww.casadoscontos.com.br%2Ftexto%2F200704268&dt=calcinha%20da%20irm%C3%A3&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.casadoscontos.com.br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.casadoscontos.com.br
date: Sun, 25 Sep 2022 01:05:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

plaitvaccination.com/44/12/0e/44120ebab0b46af97fa4633c720e738d.js

192.243.59.20

200 OK

20 kB

URL HTTP/1.1
plaitvaccination.com/44/12/0e/44120ebab0b46af97fa4633c720e738d.js
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (59891)
Size
20 kB (20341 bytes)
Hash
617639efaf229309a25b433dd28638aa
4b2a0e959b538343c3cc755adef1e1ccd224db87
23caea6368c91283cfddf4a4dfb99cb5ce2b354c0f3c5d8605a99da23fae0dba

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /44/12/0e/44120ebab0b46af97fa4633c720e738d.js HTTP/1.1
Host: plaitvaccination.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 25 Sep 2022 01:05:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_hd-28118_1=1; expires=Mon, 03 Oct 2022 01:05:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 61bbbe03fc5400b2b19e1739128ed93b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

e1.o.lencr.org/

23.36.77.32

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
470c3c3d2ebfbe6d7773c0191b7b978c
9d0f430c8d9b85d91e326317eba71c14e1b6d53d
672008d20d4594fef781c0f8dc413a0c5c33db1470b3c84774fde2c85e1b6058

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "672008D20D4594FEF781C0F8DC413A0C5C33DB1470B3C84774FDE2C85E1B6058"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17251
Expires: Sun, 25 Sep 2022 05:52:32 GMT
Date: Sun, 25 Sep 2022 01:05:01 GMT
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

143.204.42.88

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.88:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
0748503adde2cb95a8d0b7a1611c5f80
eee215487ae9ac3cae37a92a4c761fc6d01f3320
67f8645c49b34ea64abd33c9f9429c2b032517d904fd0cddaa5e3d1c44458fa3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 01:05:01 GMT
Last-Modified: Sat, 24 Sep 2022 23:29:40 GMT
Server: ECS (nyb/1D11)
X-Cache: Miss from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WuO21rO6A5QmgT7rz3plp1rCRyzMko_u0ndLkc0NWsvVXOSyy4Eatw==
Age: 5721

simplewebanalysis.com/stats

3.66.118.16

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
3.66.118.16:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
bf41a808bb696abfce7011a9b0f4667d
7b1df4045201c0e430537ee702fc7ed2046ae741
ac9042d4e025911a8a395c938a5362551e24c538049ec3caa547889a4b5c6e22

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.casadoscontos.com.br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:05:01 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.casadoscontos.com.br
access-control-allow-credentials: true
set-cookie: uid_id2=7b782838-713d-4690-81b4-07f8a0c69d51:1:1; expires=Wed, 22 Sep 2032 01:05:01 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dd0c641962f209f265ab10f7fc9fa10d
81bb99e27226cbbdae3f0968e0c410d260c23fbd
0a2e757c138563bcdd8c7763535bbd73b20befea1a62661575fe32bbf5a5d782

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0A2E757C138563BCDD8C7763535BBD73B20BEFEA1A62661575FE32BBF5A5D782"
Last-Modified: Sat, 24 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17314
Expires: Sun, 25 Sep 2022 05:53:36 GMT
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
470c3c3d2ebfbe6d7773c0191b7b978c
9d0f430c8d9b85d91e326317eba71c14e1b6d53d
672008d20d4594fef781c0f8dc413a0c5c33db1470b3c84774fde2c85e1b6058

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "672008D20D4594FEF781C0F8DC413A0C5C33DB1470B3C84774FDE2C85E1B6058"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17250
Expires: Sun, 25 Sep 2022 05:52:32 GMT
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3412
Expires: Sun, 25 Sep 2022 02:01:54 GMT
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3412
Expires: Sun, 25 Sep 2022 02:01:54 GMT
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3412
Expires: Sun, 25 Sep 2022 02:01:54 GMT
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73844595-b7d7-4585-a846-ab38b27af847.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73844595-b7d7-4585-a846-ab38b27af847.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11435 bytes)
Hash
1a9f4d93ea4a06628bc31a00a9c4e692
27f05479fd4fbe68993748fdb043850807ddebdd
31b0809297c7e8acbb46b544cf6f3f4ffaa6bda7a8896fe8678fbfc839a115ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73844595-b7d7-4585-a846-ab38b27af847.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11435
x-amzn-requestid: e1288aca-0375-4ce8-9daa-81afe23c9c5c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_ETHE6oAMFqGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7881-01a836ab57a326356f838bfc;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: X8xpMQCKuQGx46BrQ_851U0HhXIALy0k22WRO-zp8TuFhK0KaHItBw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:06 GMT
age: 12476
etag: "27f05479fd4fbe68993748fdb043850807ddebdd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8914 bytes)
Hash
dfdacc8edea3c24dad020d7e9c11b3f4
2b6e37596e88b62f288dc8e8c937fd904fae28d5
338a44f3bcc01bdd197f037dd8f8bf58a18dea00127465488efe76fb72a6fdff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8914
x-amzn-requestid: 8cfdc32e-f04a-4fd6-a1f1-632934a682fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EUHqJoAMF7MQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7881-14a6d8ef126409964607e0aa;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kdF6En2vbJhRH1bkYMOuNm5XOIsT1qs3FE281N1SKn1FbyW-oNZsEw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:06 GMT
age: 12476
etag: "2b6e37596e88b62f288dc8e8c937fd904fae28d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3056f6d6-1a08-46ac-94a1-eb08e1b784e1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7404 bytes)
Hash
9bbdad67489e993cebd23ffb04ebd02c
3a69c08b4d25d1dae1abbabd103d6d295a2f5425
ee3839246f3bada3e3190c240c8ac64d8012a87c062c5e006ed80a7edcd773a5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3056f6d6-1a08-46ac-94a1-eb08e1b784e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7404
x-amzn-requestid: ef623ade-f397-40a9-b88d-0394f22a8d8b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJPGYyoAMFVEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-2da73ceb54b36ade5bf4ce1a;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jqPyyJr0H9dHTBuQb9Z8bNBwMXhBz5pz09u_j1R0Qpp-iGUGFXm0VQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 13:56:57 GMT
age: 40085
etag: "3a69c08b4d25d1dae1abbabd103d6d295a2f5425"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6307cf78-7c68-41f1-9dfd-ba063eeb3f4b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5172 bytes)
Hash
d7bd3afd3069904500c28e9bb16587e8
a881666627e1077859ed1941cee576caf600d798
78a7b0a2127c583aba569abace503cff376cde67d5faa9a346c1494d91e8f3cf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6307cf78-7c68-41f1-9dfd-ba063eeb3f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5172
x-amzn-requestid: d366d3e0-71d7-404c-a93b-3267852824ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_T5F5PoAMFqWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f78e5-52362b5f0dc1ee8951eebc07;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: E5AjrYJrZjEREIaYV21riZZIvhquVUTRRwArp-UNXAEKlwHUL1CtIw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:58:23 GMT
age: 11199
etag: "a881666627e1077859ed1941cee576caf600d798"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0693f3eb-ed7b-4594-b2db-7432590f4d49.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4723 bytes)
Hash
3d35df1f57d0736995615b0d8f50b8a3
8324b383c89771a2b1155ec6d069bf5a47338acd
9f381d59d2e4b086d43d784d7660e27f6f7760dc2b4eb9beee4b6e94801cb6db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0693f3eb-ed7b-4594-b2db-7432590f4d49.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4723
x-amzn-requestid: 4be5e73a-e648-40a4-8566-cb3417e5843b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EKHYcoAMFgMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7880-4682134275162910149d09ec;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: NdyoW-aALNbALUNnUAWgJafG47WQBKHxeOEQhLHWS1ie8YlUH9z9uA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:58:11 GMT
age: 11211
etag: "8324b383c89771a2b1155ec6d069bf5a47338acd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Size
13 kB (12826 bytes)
Hash
b3a72e81317074689a71dac7059e4b6a
b6d56333d7f1ea7ddc8838d84de498ff913c5464
e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:32 GMT
age: 12450
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

precedentadministrator.com/pixel/purst?dl=0&th=0&sc=0&rs=1958&rd=1958&fd=993&bv=22.9.v.2&tmpl=70

192.243.59.13

200 OK

0 B

URL HTTP/1.1
precedentadministrator.com/pixel/purst?dl=0&th=0&sc=0&rs=1958&rd=1958&fd=993&bv=22.9.v.2&tmpl=70
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1958&rd=1958&fd=993&bv=22.9.v.2&tmpl=70 HTTP/1.1
Host: precedentadministrator.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 25 Sep 2022 01:05:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

www.casadoscontos.com.br/ws/conto/17956

176.9.117.105

101 WebSocket Protocol Handshake

0 B

URL HTTP/1.1
www.casadoscontos.com.br/ws/conto/17956
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ws/conto/17956 HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://www.casadoscontos.com.br
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Fevws1x9c0jccfrqsYrErw==
Connection: keep-alive, Upgrade
Cookie: CDC-VIP=0; CDC-Authenticated=0; _ga=GA1.1.1943194146.1664067899; _gid=GA1.3.1133230152.1664067899; _gat=1; _ga_K971KD8MT5=GS1.1.1664067899.1.0.1664067899.0.0.0; dom3ic8zudi28v8lr6fgphwffqoz0j6c=7b782838-713d-4690-81b4-07f8a0c69d51%3A1%3A1; ppu_main_44120ebab0b46af97fa4633c720e738d=1
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 WebSocket Protocol Handshake
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: upgrade
Upgrade: WebSocket
Sec-WebSocket-Accept: r33htlGnNSbiZVkDqjcMypOYJdw=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8b571d1dc5729ac5ec2c1e7c782f8df2
36597f9f382cd0206f107b8424325952ad3b0325
a1e32c91cf7312eabf7f0a087636d5cb272659c639b987baedf0d296b21c0cb6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A1E32C91CF7312EABF7F0A087636D5CB272659C639B987BAEDF0D296B21C0CB6"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2725
Expires: Sun, 25 Sep 2022 01:50:27 GMT
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: keep-alive

unseenreport.com/pxf.gif?uuid=7b782838-713d-4690-81b4-07f8a0c69d51&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=44120ebab0b46af97fa4633c720e738d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=1

192.243.59.13

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=7b782838-713d-4690-81b4-07f8a0c69d51&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=44120ebab0b46af97fa4633c720e738d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=1
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=7b782838-713d-4690-81b4-07f8a0c69d51&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=44120ebab0b46af97fa4633c720e738d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=1 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 25 Sep 2022 01:05:02 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ff644021cfb070f96380a83853be2a5b
Strict-Transport-Security: max-age=0; includeSubdomains

www.casadoscontos.com.br/texto/200704268

176.9.117.105

200 OK

0 B

URL HTTP/2
www.casadoscontos.com.br/texto/200704268
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /texto/200704268 HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: CDC-VIP=0; path=/; SameSite=Lax
CDC-Authenticated=0; path=/; SameSite=Lax
push1234=1
x-pagecache: Catalyst
link: </static/logo.png>; rel=preload, </static/style-202108240506.css>; rel=preload, </static/casa-202107290419.js>; rel=preload, </static/grass_pattern.webp>; rel=preload, </static/casa.png>; rel=preload
content-encoding: gzip
X-Firefox-Spdy: h2

webstats1.com/www/delivery/afr.php?zoneid=123

172.64.99.25

200 OK

0 B

URL HTTP/2
webstats1.com/www/delivery/afr.php?zoneid=123
IP
172.64.99.25:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /www/delivery/afr.php?zoneid=123 HTTP/1.1
Host: webstats1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=01000111010001000101000001010010; expires=Mon, 25-Sep-2023 01:05:00 GMT; Max-Age=31536000; path=/; secure; SameSite=none
strict-transport-security: max-age=15768000;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOwz9a%2FWQtGTiP4mP7SrB31qiId0XuNTl%2FRE2h%2BGVALijlD1vyCipiFt7C2j6QnKfp0z8xErOfCeHI8vSm4Qibtnm4qi5MExzPxv0mF4BlSol1k2NTOZSv2o5mma6lgD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ffd9594c858877-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

webstats1.com/www/delivery/afr.php?zoneid=122

172.64.99.25

200 OK

0 B

URL HTTP/2
webstats1.com/www/delivery/afr.php?zoneid=122
IP
172.64.99.25:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /www/delivery/afr.php?zoneid=122 HTTP/1.1
Host: webstats1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=01000111010001000101000001010010; expires=Mon, 25-Sep-2023 01:05:00 GMT; Max-Age=31536000; path=/; secure; SameSite=none
strict-transport-security: max-age=15768000;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q6nHf4C5uJafLtSkZM3ecolJaqi8NCKNeOZ0erkUFS%2FIVkvOvqJQujI6C%2BapIdBGvCKEFRGRkAr2RsrPmd4Cr%2BhQ3JCKFI7HhdMczXUZAt51Z95UOg8Yt8s%2FUdui0%2BBF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ffd9595c878877-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

addresseepaper.com/sfp.js

104.21.235.2

200 OK

0 B

URL HTTP/2
addresseepaper.com/sfp.js
IP
104.21.235.2:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:05:02 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: b419966f1b730137414fd50b78dff83f
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 01:05:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5PddCgdughVv2DtKzJvpLIydC%2Fz66vo2qAFWENf7nsq6%2BwlZYuxmP4eaJlfOJYu2AhSkA1SuHLut4DyR1lkZ6Rq%2FZa%2B%2B9qbt6R3sJ%2F%2FGaHHb0koMVD%2B34EZyrKbDajhCXWzOpkw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ffd9615fe376fb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.casadoscontos.com.br/static/style-202108240506.css

176.9.117.105

200 OK

0 B

URL HTTP/2
www.casadoscontos.com.br/static/style-202108240506.css
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/style-202108240506.css HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: text/css
last-modified: Thu, 17 Mar 2022 22:32:33 GMT
vary: Accept-Encoding
etag: W/"6233b701-6e41"
expires: Sun, 02 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=604800, public
content-encoding: gzip
X-Firefox-Spdy: h2

www.casadoscontos.com.br/static/chat-202003180524.js

176.9.117.105

200 OK

0 B

URL HTTP/2
www.casadoscontos.com.br/static/chat-202003180524.js
IP
176.9.117.105:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/chat-202003180524.js HTTP/1.1
Host: www.casadoscontos.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: application/javascript
last-modified: Tue, 01 Dec 2020 07:43:59 GMT
vary: Accept-Encoding
etag: W/"5fc5f43f-1184"
expires: Sun, 02 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=604800, public
content-encoding: gzip
X-Firefox-Spdy: h2

webstats1.com/www/delivery/afr.php?zoneid=124

172.64.99.25

200 OK

0 B

URL HTTP/2
webstats1.com/www/delivery/afr.php?zoneid=124
IP
172.64.99.25:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /www/delivery/afr.php?zoneid=124 HTTP/1.1
Host: webstats1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=01000111010001000101000001010010; expires=Mon, 25-Sep-2023 01:05:00 GMT; Max-Age=31536000; path=/; secure; SameSite=none
strict-transport-security: max-age=15768000;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HTYiJWZleUqmo%2FkjC7FE4MQpjqlF%2Bl2G5uI4dKERfyC7Ym7yQD6%2BE2RJ2pE0Rw%2BmVi%2BEnWPcajt7npHhY0zsQQfKb0W6RaXq9gLqJ6DrKICzhn4Wr2TLVF3%2BGSm%2B2Cc9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ffd9595c8a8877-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

webstats1.com/www/delivery/lg.php?bannerid=1048&campaignid=21&zoneid=123&loc=https%3A%2F%2Fwww.casadoscontos.com.br%2F&cb=7e9a46c02c

172.64.99.25

200 OK

0 B

URL HTTP/2
webstats1.com/www/delivery/lg.php?bannerid=1048&campaignid=21&zoneid=123&loc=https%3A%2F%2Fwww.casadoscontos.com.br%2F&cb=7e9a46c02c
IP
172.64.99.25:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /www/delivery/lg.php?bannerid=1048&campaignid=21&zoneid=123&loc=https%3A%2F%2Fwww.casadoscontos.com.br%2F&cb=7e9a46c02c HTTP/1.1
Host: webstats1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webstats1.com/www/delivery/afr.php?zoneid=123
Cookie: OAID=01000111010001000101000001010010
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:05:00 GMT
content-type: image/gif
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=01000111010001000101000001010010; expires=Mon, 25-Sep-2023 01:05:00 GMT; Max-Age=31536000; path=/; secure; SameSite=none
strict-transport-security: max-age=15768000;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2FgErC8VAt3ofBYMxwHhEvENJ8lXXMOXxqGbT4HOxkP0nmP3%2FF0jLbbU4qyOM6t2Epiei09OPstrONyAjgbCWnfpe%2BHwHlxDvNXprJ%2BLbGtxD4P%2Fhc9o95Dcdx8JsQj4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ffd95a2d598877-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations