Overview

URLwww.casadoscontos.com.br/texto/200704268
IP 176.9.117.105 (Germany)
ASN#24940 Hetzner Online GmbH
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-09-25 01:05:11 UTC
StatusLoading report..
IDS alerts0
Blocklist alert3
urlquery alerts No alerts detected
Tags None

Domain Summary (21)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-09-24 07:11:24 UTC 216.239.34.36 Domain (google-analytics.com) ranked at: 8401
e1.o.lencr.org (2) 6159 2021-08-20 07:36:30 UTC 2022-09-24 06:20:21 UTC 23.36.77.32
ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.88
precedentadministrator.com (1) 0 2022-09-19 02:40:19 UTC 2022-09-24 19:13:16 UTC 192.243.59.13 Unknown ranking
www.casadoscontos.com.br (13) 0 2014-06-01 04:22:05 UTC 2022-09-11 04:05:07 UTC 176.9.117.105 Domain (casadoscontos.com.br) ranked at: 99220
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-24 04:26:56 UTC 143.204.55.110
ocsp.pki.goog (1) 175 2017-06-14 07:23:31 UTC 2022-09-24 04:23:20 UTC 142.250.74.3
ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-24 19:30:16 UTC 93.184.220.29
addresseepaper.com (1) 18169 2021-11-01 21:11:31 UTC 2022-09-24 21:49:20 UTC 104.21.235.2
unseenreport.com (1) 0 2022-03-30 14:33:17 UTC 2022-09-24 12:54:18 UTC 192.243.59.13 Unknown ranking
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-24 19:48:02 UTC 143.204.55.36
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-24 04:22:23 UTC 34.117.237.239
www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-24 04:22:33 UTC 142.250.74.72
www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-09-24 19:39:32 UTC 142.250.74.174
simplewebanalysis.com (1) 0 2022-02-25 04:06:25 UTC 2022-09-24 16:22:13 UTC 3.66.118.16 Unknown ranking
r3.o.lencr.org (9) 344 2020-12-02 08:52:13 UTC 2022-09-24 04:21:50 UTC 23.36.76.226
webstats1.com (5) 855670 2019-02-02 18:41:57 UTC 2022-09-20 16:07:01 UTC 172.64.99.25
push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-24 05:36:42 UTC 34.215.56.181
plaitvaccination.com (1) 0 2022-06-25 01:31:16 UTC 2022-08-24 07:44:04 UTC 192.243.59.20 Unknown ranking
getpocket.cdn.mozilla.net (1) 1369 2017-08-31 07:41:15 UTC 2022-09-24 11:51:39 UTC 34.120.5.221
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-24 04:22:29 UTC 34.120.237.76

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-25 2 plaitvaccination.com Sinkholed
2022-09-24 2 precedentadministrator.com Sinkholed
2022-09-24 2 unseenreport.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 176.9.117.105
Date UQ / IDS / BL URL IP
2022-09-25 01:05:11 +0000 0 - 0 - 3 www.casadoscontos.com.br/texto/200704268 176.9.117.105


Last 5 reports on ASN: Hetzner Online GmbH
Date UQ / IDS / BL URL IP
2023-02-05 04:47:18 +0000 0 - 1 - 0 dl.iranzirnevis.com/Series/M/Mare.of.Easttown (...) 46.4.26.109
2023-02-05 04:37:49 +0000 0 - 5 - 1 transfer.sh/get/sHTlSb/Exitlag%204.20-1%20Lif (...) 144.76.136.153
2023-02-05 04:11:32 +0000 0 - 0 - 34 piove-dz.org/ 65.108.201.83
2023-02-05 04:01:02 +0000 0 - 1 - 0 bluemaxima.org/flashpoint/Flashpoint%2011.1%2 (...) 136.243.163.183
2023-02-05 03:59:41 +0000 0 - 2 - 2 shop-house.cc/8e3jxE 136.243.75.205


Last 1 reports on domain: casadoscontos.com.br
Date UQ / IDS / BL URL IP
2022-09-25 01:05:11 +0000 0 - 0 - 3 www.casadoscontos.com.br/texto/200704268 176.9.117.105


No other reports with similar screenshot

JavaScript

Executed Scripts (14)

Executed Evals (1)
#1 JavaScript::Eval (size: 2881) - SHA256: 13cf5c3d93c672addf8fdc7d1d2b4a5fb8d8d361097965d070a1a84496822545
document.addEventListener("DOMContentLoaded", function() {
    const json = sessionStorage.getItem('comentario_guardado');
    if (json) {
        const data = JSON.parse(json);
        const form = document.getElementById(data.id ? `form-resposta-${data.id}` : 'form-comentario-conto');
        form.classList.remove('oculto');
        form.elements.texto.value = data.texto;
        form.elements.texto.focus();
        sessionStorage.removeItem('comentario_guardado')
    }
});
async
function votar_comentario(comentario, nota) {
    try {
        const response = await fetch(`/api/comentarios/${comentario}/voto`, {
            method: 'PUT',
            credentials: 'same-origin',
            headers: {
                'Accept': 'application/json',
                'Content-Type': 'application/json'
            },
            body: JSON.stringify({
                valor: nota
            }),
        });
        if (!(response.ok || response.status == 410)) {
            alert("Accept�o foi poss�vel enviar o voto. Tente novamente em alguns instantes.");
            return
        }
        const co = await response.json();
        if (co.no_user) {
            sessionStorage.setItem('voto_comentario_guardado', JSON.stringify({
                comentario_id: comentario,
                nota: nota,
            }));
            window.location = '/login?returns=' + encodeURIComponent(window.location) + '#comentario.' + comentario;
            return
        }
        const contador_up = document.getElementById(`comentario-contador-up-${comentario}`);
        const contador_down = document.getElementById(`comentario-contador-down-${comentario}`);
        if (contador_up) contador_up.innerText = co.up;
        if (contador_down) contador_down.innerText = co.down
    } catch (e) {
        alert("Accept�o foi poss�vel enviar o voto. Tente novamente em alguns instantes.")
    }
}
async
function comentar_v2(form) {
    try {
        form.querySelector('button').disabled = true;
        const mensagem = form.elements.texto.value;
        if (mensagem.trim() === '') {
            alert("Coment�rio em branco");
            return
        }
        const response = await fetch('/api/comentarios', {
            method: 'PUT',
            credentials: 'same-origin',
            headers: {
                'Accept': 'application/json'
            },
            body: new FormData(form),
        });
        if (!response.ok) {
            if (response.status == 302) alert("Coment�rio repetido!");
            else alert("Accept�o foi poss�vel enviar o coment�rio. Tente novamente em alguns instantes.");
            form.querySelector('button').disabled = false;
            return
        }
        const co = await response.json();
        if (co.no_user) {
            sessionStorage.setItem('comentario_guardado', JSON.stringify({
                id: form.elements.anterior_id ? .value,
                texto: form.elements.texto.value,
            }));
            window.location = '/login?returns=' + encodeURIComponent(window.location);
            return
        }
        form.insertAdjacentHTML('afterend', `<article id="comentario.${co.id}"><div class="remetente"><a href="/perfil/31694">Voc� fez este coment�rio!</a></div><time class="data">${(new Date()).toLocaleTimeString('pt-BR')}</time><div class="conteudo"> ${co.texto.replace(/\(/,'&#40;').replace(/\</,'&lt;')}</div></article>`);
        form.elements.texto.value = '';
        form.querySelector('button').disabled = false
    } catch (e) {
        alert("Accept�o foi poss�vel enviar o coment�rio. Tente novamente em alguns instantes.");
        return
    }
    return false
}

function toggle_form_resposta(comentario) {
    const form = document.querySelector(`#form-resposta-${comentario}`);
    form.classList.toggle('oculto')
}

Executed Writes (0)


HTTP Transactions (52)


Request Response
                                        
                                            GET /texto/200704268 HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         176.9.117.105
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 25 Sep 2022 01:04:59 GMT
Content-Length: 178
Connection: keep-alive
Location: https://www.casadoscontos.com.br/texto/200704268


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   178
Md5:    bd2695f4b079c71dbddde3436286fb9c
Sha1:   733c05da132193d6cf1d8e242d12e2525c03bab4
Sha256: 2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8667
Expires: Sun, 25 Sep 2022 03:29:26 GMT
Date: Sun, 25 Sep 2022 01:04:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "3E2AF0DE9417181121AD7F17EA3C4921AFBE84C9BEB5F2BD5287C3CEC3D4A9C6"
Last-Modified: Thu, 22 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12320
Expires: Sun, 25 Sep 2022 04:30:19 GMT
Date: Sun, 25 Sep 2022 01:04:59 GMT
Connection: keep-alive

                                        
                                            GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1 
Host: getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.5.221
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: MIQFbMj6o3ybI1ooZc54DVNGbXPaDcnMSLZGsqH7kI2UgZCZ_4LYBA==
content-encoding: gzip
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 00:56:42 GMT
age: 725
content-length: 42096
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size:   42096
Md5:    d6e1015da6e34a8baf058f06f64e1ffb
Sha1:   66c0cf01f4ada2e7f0faecd7e95bdb77054b64bb
Sha256: e3a5e1e0a84cae9f4a8c108c9521922b5a7336a9ee0fdda36c5566b851333e22
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: x6N3fNayd3Ii-y0NmlF_XlMmzE1pZBNadKtto3bVnZJtc27AhTwjyQ==
age: 73785
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 00:14:42 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 60FcWPCPFLxBbGEltlA0NwfnjAdH2QbJzNSl67q9A4NgOqCUyKx0ug==
Age: 3018


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A1DC331C968B8721626BB45C4A1E6895AEAD3018EAE62A450B160962C5282ACC"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=283
Expires: Sun, 25 Sep 2022 01:09:43 GMT
Date: Sun, 25 Sep 2022 01:05:00 GMT
Connection: keep-alive

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 25 Sep 2022 01:04:59 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /static/logo.png HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         176.9.117.105
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-length: 16913
last-modified: Thu, 14 Oct 2021 05:51:19 GMT
etag: "6167c557-4211"
expires: Sun, 02 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=604800, public
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 236 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size:   16913
Md5:    6e9332d8f136d47d7d9c61d679917bfc
Sha1:   e35da58c9be097da9c9a721deeb0df1486236efe
Sha256: 9a2e8757a8c6cde067df223500eeb0238918f76c61d26f2863e062758c65a8e2
                                        
                                            GET /texto/siga-insta.svg HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: push1234=1; CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         176.9.117.105
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-length: 9610
last-modified: Fri, 09 Jul 2021 19:17:43 GMT
etag: "60e8a0d7-258a"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (9570)
Size:   9610
Md5:    e5cac52262d581af97e0c1b628659d21
Sha1:   b8a79dad856b6d5da8d205f367e8e135fb17f8cf
Sha256: 7fbccbf61760d23992a9989996a41d40d5390617f79ba3af1c1a5922964c54d9
                                        
                                            GET /imagens/perfil4.svg HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         176.9.117.105
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-length: 1572
last-modified: Thu, 29 Jul 2021 07:22:53 GMT
etag: "6102574d-624"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1571)
Size:   1572
Md5:    e41423c53759ff634dc4439e5abc17ad
Sha1:   505e883023e11c7f27d0277dabf61d52774b318d
Sha256: 0de39d9d880189827d48579035d4530a5746b0187a1320e4d04251792b4eb061
                                        
                                            GET /static/grass_pattern.webp HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/static/style-202108240506.css
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         176.9.117.105
HTTP/2 200 OK
content-type: image/webp
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-length: 4006
last-modified: Sun, 19 Sep 2021 05:23:29 GMT
etag: "6146c951-fa6"
expires: Sun, 02 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=604800, public
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 261x82, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   4006
Md5:    42443583c5ae07e82933d5e9d7560cf5
Sha1:   a4740c289a8a9a581f568aaeee644538aa54295e
Sha256: cc66b9d247c6deb97793bffaee12c2d9bef46b78b285c09830f62289c62cf1f2
                                        
                                            GET /static/casa-202107290419.js HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         176.9.117.105
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
last-modified: Thu, 29 Jul 2021 20:41:14 GMT
vary: Accept-Encoding
etag: W/"6103126a-fc7"
expires: Sun, 02 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=604800, public
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2185
Md5:    5ba2a6d540ec6e2e9a5a4d95e24e6850
Sha1:   c96eb0fb1df4d90489baae146ce52787050a9cf7
Sha256: 686a4b02a4a39e7b6821431d7e563ad7431808f81fcf3242d719d1cf7355db71
                                        
                                            GET /gtag/js?id=G-K971KD8MT5 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 25 Sep 2022 01:05:00 GMT
expires: Sun, 25 Sep 2022 01:05:00 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75072
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (20189)
Size:   75072
Md5:    7806a3a3cb01bfbc8d1f3ef236501b7f
Sha1:   225f011f5a8e0f9bc27ed45dde9459958c67b704
Sha256: be35a29e5a6399796fba8dd7b4a49fbea58359a037c4ae52eaf776af256dbc68
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 01:05:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ensaios/aurora/propaganda2.jpg HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         176.9.117.105
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-length: 21822
last-modified: Wed, 07 Apr 2021 09:37:34 GMT
etag: "606d7d5e-553e"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 336x336, components 3\012- data
Size:   21822
Md5:    4d515b2876670b10ac5a50ae99f28145
Sha1:   ae0b35feb9093b1ba586a1781fd2bfe0cb9f2c90
Sha256: 336a9b8a94d1a53dbc77977dfacdd1b9c7d757f351e424d38e88c2e999eed9fd
                                        
                                            GET /ads/ads.json HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.casadoscontos.com.br/texto/200704268
Connection: keep-alive
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         176.9.117.105
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-length: 147
last-modified: Mon, 29 Aug 2022 23:08:15 GMT
etag: "630d46df-93"
expires: Tue, 25 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=2592000, public
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   147
Md5:    ccc5a4e5d2243a68c565a93ce7faff64
Sha1:   e86617dc8e959bbbb5240d5d403d751fc97f36c8
Sha256: ec4609e8cd12181964d281828bcfff0b6e6f4b85366bef38fc0f37915917e32a
                                        
                                            GET /static/casa.png HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         176.9.117.105
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
content-length: 3626
last-modified: Mon, 30 May 2016 02:50:19 GMT
etag: "574baa6b-e2a"
expires: Sun, 02 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=604800, public
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 32x27, 32 bits/pixel\012- data
Size:   3626
Md5:    c5df0cb48dd6e2d7ec6f42b3a60c4ef5
Sha1:   31c8587ae5ae31ce07853a7c5f5d32f3ab42d403
Sha256: 27671ac6100cf6ce56248647194b76df796744683ad1bf01fd0ee665fd105481
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sun, 25 Sep 2022 00:41:09 GMT
expires: Sun, 25 Sep 2022 02:41:09 GMT
cache-control: public, max-age=7200
age: 1431
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            GET /www/images/36bfa178bd56e04315f699e296343626.jpg HTTP/1.1 
Host: webstats1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webstats1.com/www/delivery/afr.php?zoneid=123
Cookie: OAID=01000111010001000101000001010010
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.64.99.25
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 01:05:00 GMT
content-length: 28780
last-modified: Fri, 29 Apr 2022 22:59:40 GMT
etag: "626c6ddc-706c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
cf-cache-status: HIT
age: 10491029
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PrTWPHXLIBpVViUs1mWrFju9QJ%2BEw1%2FM6O5qlBADtq51Lg42iTzi0RwFy5A86rmXuyTj1EiUoeDZnVPTSmkHMS7jMXo8GBa43f0wk1Q%2FA4MtR1effr6vjzeFLJ6%2FG79A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ffd95a2d588877-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, components 3\012- data
Size:   28780
Md5:    36bfa178bd56e04315f699e296343626
Sha1:   0ac6791b0d4899247d2575486f9de8bafa3d6ae8
Sha256: ec8ff71912ff3d7d5cc630825a6c599529f65cd12b7a88a87e1ea571c4a49806
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sun, 25 Sep 2022 01:04:17 GMT
Expires: Sun, 25 Sep 2022 01:04:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: onRNLQWGFQ2XxD73z6kluA37kAm68j778HMPMksfMKcoL9LVtor5dg==
Age: 43


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4614
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 01:05:00 GMT
Last-Modified: Sat, 24 Sep 2022 23:48:06 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: S9wLRVdnbOoiizmaYfcDpQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         34.215.56.181
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5ZXXxoAXbuupZ0mop/2ckEgGkfc=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "CF1D8A6208EBC5541FB3DE598FE09AE79FA876DA28BD2928F0CE20B110A02C38"
Last-Modified: Fri, 23 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21581
Expires: Sun, 25 Sep 2022 07:04:42 GMT
Date: Sun, 25 Sep 2022 01:05:01 GMT
Connection: keep-alive

                                        
                                            POST /g/collect?v=2&tid=G-K971KD8MT5&gtm=2oe9l0&_p=861752593&cid=1943194146.1664067899&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664067899&sct=1&seg=0&dl=https%3A%2F%2Fwww.casadoscontos.com.br%2Ftexto%2F200704268&dt=calcinha%20da%20irm%C3%A3&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.casadoscontos.com.br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         216.239.34.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://www.casadoscontos.com.br
date: Sun, 25 Sep 2022 01:05:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /44/12/0e/44120ebab0b46af97fa4633c720e738d.js HTTP/1.1 
Host: plaitvaccination.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.9
Date: Sun, 25 Sep 2022 01:05:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_hd-28118_1=1; expires=Mon, 03 Oct 2022 01:05:01 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 61bbbe03fc5400b2b19e1739128ed93b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (59891)
Size:   20341
Md5:    617639efaf229309a25b433dd28638aa
Sha1:   4b2a0e959b538343c3cc755adef1e1ccd224db87
Sha256: 23caea6368c91283cfddf4a4dfb99cb5ce2b354c0f3c5d8605a99da23fae0dba

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "672008D20D4594FEF781C0F8DC413A0C5C33DB1470B3C84774FDE2C85E1B6058"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17251
Expires: Sun, 25 Sep 2022 05:52:32 GMT
Date: Sun, 25 Sep 2022 01:05:01 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 01:05:01 GMT
Last-Modified: Sat, 24 Sep 2022 23:29:40 GMT
Server: ECS (nyb/1D11)
X-Cache: Miss from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WuO21rO6A5QmgT7rz3plp1rCRyzMko_u0ndLkc0NWsvVXOSyy4Eatw==
Age: 5721

                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.casadoscontos.com.br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         3.66.118.16
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sun, 25 Sep 2022 01:05:01 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.casadoscontos.com.br
access-control-allow-credentials: true
set-cookie: uid_id2=7b782838-713d-4690-81b4-07f8a0c69d51:1:1; expires=Wed, 22 Sep 2032 01:05:01 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    bf41a808bb696abfce7011a9b0f4667d
Sha1:   7b1df4045201c0e430537ee702fc7ed2046ae741
Sha256: ac9042d4e025911a8a395c938a5362551e24c538049ec3caa547889a4b5c6e22
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0A2E757C138563BCDD8C7763535BBD73B20BEFEA1A62661575FE32BBF5A5D782"
Last-Modified: Sat, 24 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17314
Expires: Sun, 25 Sep 2022 05:53:36 GMT
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "672008D20D4594FEF781C0F8DC413A0C5C33DB1470B3C84774FDE2C85E1B6058"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17250
Expires: Sun, 25 Sep 2022 05:52:32 GMT
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3412
Expires: Sun, 25 Sep 2022 02:01:54 GMT
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3412
Expires: Sun, 25 Sep 2022 02:01:54 GMT
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3412
Expires: Sun, 25 Sep 2022 02:01:54 GMT
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73844595-b7d7-4585-a846-ab38b27af847.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11435
x-amzn-requestid: e1288aca-0375-4ce8-9daa-81afe23c9c5c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_ETHE6oAMFqGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7881-01a836ab57a326356f838bfc;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: X8xpMQCKuQGx46BrQ_851U0HhXIALy0k22WRO-zp8TuFhK0KaHItBw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:06 GMT
age: 12476
etag: "27f05479fd4fbe68993748fdb043850807ddebdd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11435
Md5:    1a9f4d93ea4a06628bc31a00a9c4e692
Sha1:   27f05479fd4fbe68993748fdb043850807ddebdd
Sha256: 31b0809297c7e8acbb46b544cf6f3f4ffaa6bda7a8896fe8678fbfc839a115ab
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8914
x-amzn-requestid: 8cfdc32e-f04a-4fd6-a1f1-632934a682fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EUHqJoAMF7MQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7881-14a6d8ef126409964607e0aa;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kdF6En2vbJhRH1bkYMOuNm5XOIsT1qs3FE281N1SKn1FbyW-oNZsEw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:06 GMT
age: 12476
etag: "2b6e37596e88b62f288dc8e8c937fd904fae28d5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8914
Md5:    dfdacc8edea3c24dad020d7e9c11b3f4
Sha1:   2b6e37596e88b62f288dc8e8c937fd904fae28d5
Sha256: 338a44f3bcc01bdd197f037dd8f8bf58a18dea00127465488efe76fb72a6fdff
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3056f6d6-1a08-46ac-94a1-eb08e1b784e1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7404
x-amzn-requestid: ef623ade-f397-40a9-b88d-0394f22a8d8b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJPGYyoAMFVEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-2da73ceb54b36ade5bf4ce1a;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jqPyyJr0H9dHTBuQb9Z8bNBwMXhBz5pz09u_j1R0Qpp-iGUGFXm0VQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 13:56:57 GMT
age: 40085
etag: "3a69c08b4d25d1dae1abbabd103d6d295a2f5425"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7404
Md5:    9bbdad67489e993cebd23ffb04ebd02c
Sha1:   3a69c08b4d25d1dae1abbabd103d6d295a2f5425
Sha256: ee3839246f3bada3e3190c240c8ac64d8012a87c062c5e006ed80a7edcd773a5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6307cf78-7c68-41f1-9dfd-ba063eeb3f4b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5172
x-amzn-requestid: d366d3e0-71d7-404c-a93b-3267852824ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_T5F5PoAMFqWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f78e5-52362b5f0dc1ee8951eebc07;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: E5AjrYJrZjEREIaYV21riZZIvhquVUTRRwArp-UNXAEKlwHUL1CtIw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:58:23 GMT
age: 11199
etag: "a881666627e1077859ed1941cee576caf600d798"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5172
Md5:    d7bd3afd3069904500c28e9bb16587e8
Sha1:   a881666627e1077859ed1941cee576caf600d798
Sha256: 78a7b0a2127c583aba569abace503cff376cde67d5faa9a346c1494d91e8f3cf
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0693f3eb-ed7b-4594-b2db-7432590f4d49.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4723
x-amzn-requestid: 4be5e73a-e648-40a4-8566-cb3417e5843b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EKHYcoAMFgMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7880-4682134275162910149d09ec;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: NdyoW-aALNbALUNnUAWgJafG47WQBKHxeOEQhLHWS1ie8YlUH9z9uA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:58:11 GMT
age: 11211
etag: "8324b383c89771a2b1155ec6d069bf5a47338acd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4723
Md5:    3d35df1f57d0736995615b0d8f50b8a3
Sha1:   8324b383c89771a2b1155ec6d069bf5a47338acd
Sha256: 9f381d59d2e4b086d43d784d7660e27f6f7760dc2b4eb9beee4b6e94801cb6db
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:32 GMT
age: 12450
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Size:   12826
Md5:    b3a72e81317074689a71dac7059e4b6a
Sha1:   b6d56333d7f1ea7ddc8838d84de498ff913c5464
Sha256: e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
                                        
                                            GET /pixel/purst?dl=0&th=0&sc=0&rs=1958&rd=1958&fd=993&bv=22.9.v.2&tmpl=70 HTTP/1.1 
Host: precedentadministrator.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.6
Date: Sun, 25 Sep 2022 01:05:02 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /ws/conto/17956 HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://www.casadoscontos.com.br
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Fevws1x9c0jccfrqsYrErw==
Connection: keep-alive, Upgrade
Cookie: CDC-VIP=0; CDC-Authenticated=0; _ga=GA1.1.1943194146.1664067899; _gid=GA1.3.1133230152.1664067899; _gat=1; _ga_K971KD8MT5=GS1.1.1664067899.1.0.1664067899.0.0.0; dom3ic8zudi28v8lr6fgphwffqoz0j6c=7b782838-713d-4690-81b4-07f8a0c69d51%3A1%3A1; ppu_main_44120ebab0b46af97fa4633c720e738d=1
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         176.9.117.105
HTTP/1.1 101 WebSocket Protocol Handshake
                                        
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: upgrade
Upgrade: WebSocket
Sec-WebSocket-Accept: r33htlGnNSbiZVkDqjcMypOYJdw=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A1E32C91CF7312EABF7F0A087636D5CB272659C639B987BAEDF0D296B21C0CB6"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2725
Expires: Sun, 25 Sep 2022 01:50:27 GMT
Date: Sun, 25 Sep 2022 01:05:02 GMT
Connection: keep-alive

                                        
                                            GET /pxf.gif?uuid=7b782838-713d-4690-81b4-07f8a0c69d51&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=44120ebab0b46af97fa4633c720e738d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=1 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.13
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.6
Date: Sun, 25 Sep 2022 01:05:02 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ff644021cfb070f96380a83853be2a5b
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /texto/200704268 HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         176.9.117.105
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
vary: Accept-Encoding
set-cookie: CDC-VIP=0; path=/; SameSite=Lax CDC-Authenticated=0; path=/; SameSite=Lax push1234=1
x-pagecache: Catalyst
link: </static/logo.png>; rel=preload, </static/style-202108240506.css>; rel=preload, </static/casa-202107290419.js>; rel=preload, </static/grass_pattern.webp>; rel=preload, </static/casa.png>; rel=preload
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /www/delivery/afr.php?zoneid=123 HTTP/1.1 
Host: webstats1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         172.64.99.25
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sun, 25 Sep 2022 01:05:00 GMT
vary: Accept-Encoding
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=01000111010001000101000001010010; expires=Mon, 25-Sep-2023 01:05:00 GMT; Max-Age=31536000; path=/; secure; SameSite=none
strict-transport-security: max-age=15768000;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOwz9a%2FWQtGTiP4mP7SrB31qiId0XuNTl%2FRE2h%2BGVALijlD1vyCipiFt7C2j6QnKfp0z8xErOfCeHI8vSm4Qibtnm4qi5MExzPxv0mF4BlSol1k2NTOZSv2o5mma6lgD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ffd9594c858877-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /www/delivery/afr.php?zoneid=122 HTTP/1.1 
Host: webstats1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.99.25
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sun, 25 Sep 2022 01:05:00 GMT
vary: Accept-Encoding
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=01000111010001000101000001010010; expires=Mon, 25-Sep-2023 01:05:00 GMT; Max-Age=31536000; path=/; secure; SameSite=none
strict-transport-security: max-age=15768000;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q6nHf4C5uJafLtSkZM3ecolJaqi8NCKNeOZ0erkUFS%2FIVkvOvqJQujI6C%2BapIdBGvCKEFRGRkAr2RsrPmd4Cr%2BhQ3JCKFI7HhdMczXUZAt51Z95UOg8Yt8s%2FUdui0%2BBF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ffd9595c878877-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sfp.js HTTP/1.1 
Host: addresseepaper.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.235.2
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sun, 25 Sep 2022 01:05:02 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: b419966f1b730137414fd50b78dff83f
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 25 Sep 2022 01:05:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5PddCgdughVv2DtKzJvpLIydC%2Fz66vo2qAFWENf7nsq6%2BwlZYuxmP4eaJlfOJYu2AhSkA1SuHLut4DyR1lkZ6Rq%2FZa%2B%2B9qbt6R3sJ%2F%2FGaHHb0koMVD%2B34EZyrKbDajhCXWzOpkw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ffd9615fe376fb-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/style-202108240506.css HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         176.9.117.105
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
last-modified: Thu, 17 Mar 2022 22:32:33 GMT
vary: Accept-Encoding
etag: W/"6233b701-6e41"
expires: Sun, 02 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=604800, public
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/chat-202003180524.js HTTP/1.1 
Host: www.casadoscontos.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/texto/200704268
Cookie: CDC-VIP=0; CDC-Authenticated=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         176.9.117.105
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 25 Sep 2022 01:05:00 GMT
last-modified: Tue, 01 Dec 2020 07:43:59 GMT
vary: Accept-Encoding
etag: W/"5fc5f43f-1184"
expires: Sun, 02 Oct 2022 01:05:00 GMT
pragma: public
cache-control: max-age=604800, public
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /www/delivery/afr.php?zoneid=124 HTTP/1.1 
Host: webstats1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.casadoscontos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.99.25
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sun, 25 Sep 2022 01:05:00 GMT
vary: Accept-Encoding
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=01000111010001000101000001010010; expires=Mon, 25-Sep-2023 01:05:00 GMT; Max-Age=31536000; path=/; secure; SameSite=none
strict-transport-security: max-age=15768000;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HTYiJWZleUqmo%2FkjC7FE4MQpjqlF%2Bl2G5uI4dKERfyC7Ym7yQD6%2BE2RJ2pE0Rw%2BmVi%2BEnWPcajt7npHhY0zsQQfKb0W6RaXq9gLqJ6DrKICzhn4Wr2TLVF3%2BGSm%2B2Cc9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ffd9595c8a8877-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /www/delivery/lg.php?bannerid=1048&campaignid=21&zoneid=123&loc=https%3A%2F%2Fwww.casadoscontos.com.br%2F&cb=7e9a46c02c HTTP/1.1 
Host: webstats1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://webstats1.com/www/delivery/afr.php?zoneid=123
Cookie: OAID=01000111010001000101000001010010
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.64.99.25
HTTP/2 200 OK
content-type: image/gif
                                        
date: Sun, 25 Sep 2022 01:05:00 GMT
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
p3p: CP="CUR ADM OUR NOR STA NID"
set-cookie: OAID=01000111010001000101000001010010; expires=Mon, 25-Sep-2023 01:05:00 GMT; Max-Age=31536000; path=/; secure; SameSite=none
strict-transport-security: max-age=15768000;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2FgErC8VAt3ofBYMxwHhEvENJ8lXXMOXxqGbT4HOxkP0nmP3%2FF0jLbbU4qyOM6t2Epiei09OPstrONyAjgbCWnfpe%2BHwHlxDvNXprJ%2BLbGtxD4P%2Fhc9o95Dcdx8JsQj4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ffd95a2d598877-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---