Report - 135.148.160.112/login/index.php

Report Overview

Submitted URL
135.148.160.112/login/index.php
IP
135.148.160.112
ASN
#16276 OVH SAS
Submitted
2023-01-27 09:37:18
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
90

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	1.1 kB	142.250.74.164
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.201.249.32
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	172 kB	142.250.74.35
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	1.9 kB	54.230.245.118
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	777 B	66 kB	216.58.207.206
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
df.pmweb.com.br	85780	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	729 B	504 B	18.228.227.3
s3-sa-east-1.amazonaws.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	418 B	514 B	16.12.0.4
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	51 kB	34.120.237.76
js-cdn.dynatrace.com	8478	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	441 B	630 B	54.230.111.96
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	8.0 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	379 B	51 kB	142.250.74.72
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390 B	32 kB	142.250.74.106
cdn.pmweb.com.br	88781	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	9.6 kB	54.207.21.48
135.148.160.112	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	11 kB	970 kB	135.148.160.112
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	6.3 kB	142.250.74.131
bf73995led.bf.dynatrace.com	150040	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	1.7 kB	52.204.31.54

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/login/index.php	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner
2023-01-25	medium	135.148.160.112/	Lojas Renner

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-27	medium	135.148.160.112/login/index.php	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed
2023-01-27	medium	135.148.160.112	Sinkholed

ThreatFox

No alerts detected

JavaScript (19)

	URL	Size	First Seen	Last Seen
	135.148.160.112/login/index.php	319 B	2023-03-07	2024-04-19
Pretty URL 135.148.160.112/login/index.php IP 135.148.160.112 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-19 17:49:05 Times Seen109 Hash 0aa85448af49ac037f596b65e02055bb 3ba4e00c488e589ca7105ba1e6b636c26d5dbb46 d86afbc7c14fe6998bfa2278a6135c5aaea3ee08cdced45008c973203af98954 Loading...

	135.148.160.112/login/index.php	340 B	2023-03-07	2024-04-19
Pretty URL 135.148.160.112/login/index.php IP 135.148.160.112 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-19 17:49:06 Times Seen231 Hash 7d22fa43ea844257d3c27156de231f41 c5cb8fc0f38e55ac197038c1618ee6d5d52e1a95 ab835297b781118c1df72f5acd63e186befc6085b50724f60ff2b92d21ccd3da Loading...

	135.148.160.112/js/vendors.bundle-859d26788acf215a201a.js	686 kB	2023-03-07	2024-04-19
Pretty URL 135.148.160.112/js/vendors.bundle-859d26788acf215a201a.js IP 135.148.160.112 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-19 17:49:06 Times Seen74 Hash ba8db3e4745ef4402e6c1011c9227191 e155466c79dd3823ff0ce99802093d80e40ebd1f 40d596025119e99448ba247d9ad58248525a484a971dabdd366e0724453e3e36 Loading...

	www.google.com/recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR	913 B	2023-03-13	2023-03-13
Pretty URL www.google.com/recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:21:08 Last Seen2023-03-13 15:24:19 Times Seen1 Hash 6873cfb19c581c334af3b8ddc8788801 f7afd355eb64b13cc21b52d9ecb12b4d15b7e926 cb31608f609f166bfcff3b317de18543b6cd182ed2d8923a7a31e42498e40a63 Loading...

	www.google-analytics.com/gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470	113 kB	2023-03-13	2023-03-13
Pretty URL www.google-analytics.com/gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470 IP 216.58.207.206 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:21:08 Last Seen2023-03-13 08:21:08 Times Seen1 Hash 46e81f050986b20a333ef341aeca0cc6 3390743fa5f516a66b0338e85d61ea3a8fd8d64b aab72ff19918d24d6c00a43ba90d5fd315d13ced05d66d5e00dc826649b70312 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-N2FTFQ	133 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-N2FTFQ IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:21:08 Last Seen2023-03-13 08:21:08 Times Seen1 Hash 800cab8aeb6e87552b6a036556dab351 837d22a66e230927e1cfb76eb29db60690f81d2d 36feb3ac0ec6d4761ae653cf6afbf6fd21249a608852089f6378ec70b90d8add Loading...

	135.148.160.112/js/3.bundle-d6a6baaa0dc3faae26db.js	38 kB	2023-03-07	2024-04-19
Pretty URL 135.148.160.112/js/3.bundle-d6a6baaa0dc3faae26db.js IP 135.148.160.112 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-19 17:49:06 Times Seen83 Hash 39e850b2f21e44f7c83c5bfbf71a1a23 3610d538fb093eec2940764418eff51e72fe8f8f 4ab4958c63bd706e031161717896c8fbe22f133a4c9ff285cc053e75ceb13d06 Loading...

	135.148.160.112/login/index.php	167 B	2023-03-07	2024-04-19
Pretty URL 135.148.160.112/login/index.php IP 135.148.160.112 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-19 17:49:06 Times Seen117 Hash 6cd972d3942bfab3e7b0db2d0a20b59d 3d31783bd0ffb1597828a00f9aa0d32430696557 e37629f4c44ae8a1b49d3fa597383eadb6571f0c6369716c93505fba00a792d6 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz	36 kB	2023-03-13	2023-03-13
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:21:08 Last Seen2023-03-13 08:21:08 Times Seen1 Hash b5d303a4d5c4563eddb7bdc54ffb3099 58ad40898b76ef2b549f1542a21ceb74dd1ac55d ecadf63fbce153725678fda2ce85d250b1bd78f844306cb1153c9a9c9dc3d78b Loading...

	www.google.com/recaptcha/api2/bframe?hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV	178 B	2023-03-07	2023-03-26
Pretty URL www.google.com/recaptcha/api2/bframe?hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:01:37 Last Seen2023-03-26 13:50:02 Times Seen10 Hash f6f9ab35c21b9f900ea2e702554cf8d8 5ef852b128b888fed590cd17eba7a6672b3568a0 0ae51b76c5d42672bd49f4527bbe460b1113fca271d0ef64b2b496b601958a8e Loading...

	js-cdn.dynatrace.com/jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js	261 kB	2023-03-13	2023-03-14
Pretty URL js-cdn.dynatrace.com/jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js IP 54.230.111.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:14:26 Last Seen2023-03-14 07:18:45 Times Seen1 Hash 8a9f9a6d825ff593c27eec6947e4f0bb a138980ad8715116a168527c20984d130aee9983 13f351ccb5f7b9ddbce3c2b724d1fc4eb7ac9427686a8d3795d33def5b7f5121 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	87 kB	2023-03-07	2024-04-23
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-23 08:20:17 Times Seen105691 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	135.148.160.112/login/index.php	190 B	2023-03-07	2024-04-19
Pretty URL 135.148.160.112/login/index.php IP 135.148.160.112 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-19 17:49:06 Times Seen117 Hash 5277d75a77568c9218e68bfd098c497f b4da266046746a411096571dd28c7de8eb328ac5 010e99ac10b3b4302b818de0762b36ca9abc2188067ab1b7d30c8b16fb03a6fb Loading...

	135.148.160.112/login/index.php	298 B	2023-03-07	2023-03-26
Pretty URL 135.148.160.112/login/index.php IP 135.148.160.112 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2023-03-26 11:05:58 Times Seen2 Hash ba4924f84b8e51dead9e709076b66bd0 13d857e88b180c749a90d8fb2d9e1e1d4b9f0fae cb7cc915ab91df696c6c3c4b8f7706047e5606d4ee11a96ec022199c34e9059d Loading...

	cdn.pmweb.com.br/df/tag.js?id=PM-N2FTFQ	23 kB	2023-03-07	2024-04-19
Pretty URL cdn.pmweb.com.br/df/tag.js?id=PM-N2FTFQ IP 54.207.21.48 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-19 17:49:07 Times Seen479 Hash 901b9ac2e48f558fcbb4df2bd0216e70 8af18bbefb6da1cc3cad31d2a598c09bab0d78a2 94c081e2ae2f0618d1661bb9267a2ae65addb921bef6464fb1dd7169bd5f55c6 Loading...

	135.148.160.112/login/index.php	275 B	2023-03-07	2024-04-19
Pretty URL 135.148.160.112/login/index.php IP 135.148.160.112 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-19 17:49:06 Times Seen116 Hash e1207fc0753299049746ae4a23f9f169 efaf1b7d2f99fbdd6c2e986472a363074cb4e5d5 e6c9ec6fca91480d0e02578470bf59e13986b3ec39700dc32c580a14e79f91e9 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 216.58.207.206 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	unknown	0 B	2023-03-07	2024-04-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-23 10:15:13 Times Seen37018546 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz	69 B	2023-03-07	2024-04-23
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-04-23 09:19:52 Times Seen99246 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

HTTP Transactions (68)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
58ffdcb539c3b250fdf31ed761627fc1
5b55b1522ef84c39b5c42f9bbfbc62b806c1269f
eb783cfa8c8544b0574b345abc0bf3c150979d4efce1a013f17b6cd48076fc63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17288
Expires: Fri, 27 Jan 2023 14:25:15 GMT
Date: Fri, 27 Jan 2023 09:37:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3468
Expires: Fri, 27 Jan 2023 10:34:55 GMT
Date: Fri, 27 Jan 2023 09:37:07 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 08:42:58 GMT
content-type: application/json
age: 3249
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4050
Expires: Fri, 27 Jan 2023 10:44:37 GMT
Date: Fri, 27 Jan 2023 09:37:07 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: amwZqQbDgCr7s2E+nv5zvwrKWMwxVEVtZPioSYCrPm2x/EOsDAVXp8lrqf0AbWXm5Df/PzMW+hY=
x-amz-request-id: GCSW73NRC20A8X0K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 08:49:21 GMT
age: 2866
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 09:37:07 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

135.148.160.112/ruxitagentjs_ICA2Vfghjqru_10235220309135426.js

135.148.160.112

404 Not Found

302 B

URL HTTP/1.1
135.148.160.112/ruxitagentjs_ICA2Vfghjqru_10235220309135426.js
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
302 B (302 bytes)
Hash
aeb94cfeea8e1ec6ef6483c70f0b25aa
d38b0c18c5f117c407d22e5c3011e24a644a04d5
edb9f221f64e352b25e0f6b7239ee24caacfcff1a8c483f89793f307e337d9ed

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /ruxitagentjs_ICA2Vfghjqru_10235220309135426.js HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php

HTTP/1.1 404 Not Found
Date: Fri, 27 Jan 2023 09:37:07 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 302
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

135.148.160.112/cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js

135.148.160.112

404 Not Found

302 B

URL HTTP/1.1
135.148.160.112/cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
302 B (302 bytes)
Hash
aeb94cfeea8e1ec6ef6483c70f0b25aa
d38b0c18c5f117c407d22e5c3011e24a644a04d5
edb9f221f64e352b25e0f6b7239ee24caacfcff1a8c483f89793f307e337d9ed

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php

HTTP/1.1 404 Not Found
Date: Fri, 27 Jan 2023 09:37:07 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 302
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
82e3abc4a7b17efedca67cf215f4bb60
e20e55d87591af7db3a4bcfc429048f85e389b85
df8901d4d87686fb11e17986f5d53cf513f675b4dd71f0a2e35c7ffbefa7fb9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-N2FTFQ

142.250.74.72

200 OK

50 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-N2FTFQ
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3707)
Size
50 kB (50418 bytes)
Hash
5821ce0c849b0dce41c36ad27e694c8c
ccc436b8acc0ef4bdf0f2d966345eee0aafbb04b
769f45c64551911a577593436b2da6cdcb3034186644ac93f96421090ce2a567

HTTP Headers

GET /gtm.js?id=GTM-N2FTFQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://135.148.160.112/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 27 Jan 2023 09:37:07 GMT
expires: Fri, 27 Jan 2023 09:37:07 GMT
cache-control: private, max-age=900
last-modified: Fri, 27 Jan 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50418
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 08:41:40 GMT
age: 3327
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
82e3abc4a7b17efedca67cf215f4bb60
e20e55d87591af7db3a4bcfc429048f85e389b85
df8901d4d87686fb11e17986f5d53cf513f675b4dd71f0a2e35c7ffbefa7fb9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2ebcc7cd4c50e87a984668828c1e612e
f693d36335f333e3647f9fb2460e34dd73e17421
27f1d63422ccd02a6af514c2c0a36ac6f4e0d6f74ad6d9fc8c32e8ea487ffe15

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3ebf9d7211aba4c70b84fb470a61b414
28fe29a24e47d6abda88eeeb5e22eddda03c7fca
a8276e099d9d8452b65b70d161a459fae25afb37cea7eff9cc5563b7de972acc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.106

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://135.148.160.112/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 07:28:22 GMT
expires: Fri, 26 Jan 2024 07:28:22 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 94125
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

135.148.160.112/js/3.bundle-d6a6baaa0dc3faae26db.js

135.148.160.112

200 OK

38 kB

URL HTTP/1.1
135.148.160.112/js/3.bundle-d6a6baaa0dc3faae26db.js
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (37515), with no line terminators
Size
38 kB (37792 bytes)
Hash
39e850b2f21e44f7c83c5bfbf71a1a23
3610d538fb093eec2940764418eff51e72fe8f8f
4ab4958c63bd706e031161717896c8fbe22f133a4c9ff285cc053e75ceb13d06

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /js/3.bundle-d6a6baaa0dc3faae26db.js HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:37:07 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 25 Jan 2023 13:28:30 GMT
ETag: "93a0-5f3169baa1b80"
Accept-Ranges: bytes
Content-Length: 37792
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

www.google.com/recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR

142.250.74.164

200 OK

580 B

URL HTTP/2
www.google.com/recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (913), with no line terminators
Size
580 B (580 bytes)
Hash
d05b013587209a7fa83dc3399be863a8
e93b6f7bd9457e21e12edc5c749a535e7f787f54
1630ce2dd9263e75d063a96815119fe5a6bb39b53b13d6339df0db3eb0af0cde

HTTP Headers

GET /recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://135.148.160.112/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Fri, 27 Jan 2023 09:37:07 GMT
date: Fri, 27 Jan 2023 09:37:07 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 580
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16196
Expires: Fri, 27 Jan 2023 14:07:04 GMT
Date: Fri, 27 Jan 2023 09:37:08 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2ebcc7cd4c50e87a984668828c1e612e
f693d36335f333e3647f9fb2460e34dd73e17421
27f1d63422ccd02a6af514c2c0a36ac6f4e0d6f74ad6d9fc8c32e8ea487ffe15

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:37:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
97ccaa279f6ade845b71b57615d40388
5186089108dca0136feab418da66a9e027c7e427
515128c713e98c9a0546c35d9a1e0719057136509b5b2312e4af56a9acc80ec2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:37:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

135.148.160.112/vectors/google-play-badge-reverse.svg

135.148.160.112

200 OK

11 kB

URL HTTP/1.1
135.148.160.112/vectors/google-play-badge-reverse.svg
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (10788)
Size
11 kB (10789 bytes)
Hash
dd500e2468aecaccb46e64859f38ed87
6922b1027cf980cf19ed84c94732c3b704798cc8
e946d863a136a09089fd275d574ff3346bad8327d4ef378c06af35872d9fe56d

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /vectors/google-play-badge-reverse.svg HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:37:07 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 25 Jan 2023 13:28:26 GMT
ETag: "2a25-5f3169b6d1280"
Accept-Ranges: bytes
Content-Length: 10789
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

135.148.160.112/vectors/google-play-badge.svg

135.148.160.112

200 OK

11 kB

URL HTTP/1.1
135.148.160.112/vectors/google-play-badge.svg
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (10785)
Size
11 kB (10786 bytes)
Hash
f1a5450f21493625afbc619436ad14e0
e641815fd9bd38b5827c9e65821ed5a8fa05b0fb
8827f96ace2afe4aeff4c33db4ac86193f38a62cb30d9fbba949e0b72c2a55ff

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /vectors/google-play-badge.svg HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:37:07 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 25 Jan 2023 13:28:26 GMT
ETag: "2a22-5f3169b6d1280"
Accept-Ranges: bytes
Content-Length: 10786
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

135.148.160.112/login/index.php

135.148.160.112

200 OK

471 B

URL HTTP/1.1
135.148.160.112/login/index.php
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
data
Size
471 B (471 bytes)
Hash
ba5a84c7821a388986f3142642229852
ecc676c25d949b196d07faedb7e75101dfd24f57
03faf4012aca9a16a7e49dce62a4e02e043ac0fe4f1811f460d73655ba0d0d42

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /login/index.php HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:37:07 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
X-Powered-By: PHP/7.4.33
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

135.148.160.112/cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js

135.148.160.112

404 Not Found

302 B

URL HTTP/1.1
135.148.160.112/cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
302 B (302 bytes)
Hash
aeb94cfeea8e1ec6ef6483c70f0b25aa
d38b0c18c5f117c407d22e5c3011e24a644a04d5
edb9f221f64e352b25e0f6b7239ee24caacfcff1a8c483f89793f307e337d9ed

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-

HTTP/1.1 404 Not Found
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 302
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

135.148.160.112/js/vendors.bundle-859d26788acf215a201a.js

135.148.160.112

200 OK

686 kB

URL HTTP/1.1
135.148.160.112/js/vendors.bundle-859d26788acf215a201a.js
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (65518), with no line terminators
Size
686 kB (686470 bytes)
Hash
ba8db3e4745ef4402e6c1011c9227191
e155466c79dd3823ff0ce99802093d80e40ebd1f
40d596025119e99448ba247d9ad58248525a484a971dabdd366e0724453e3e36

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /js/vendors.bundle-859d26788acf215a201a.js HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:37:07 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 25 Jan 2023 13:28:30 GMT
ETag: "a7986-5f3169baa1b80"
Accept-Ranges: bytes
Content-Length: 686470
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

135.148.160.112/vectors/app-store-badge.svg

135.148.160.112

200 OK

14 kB

URL HTTP/1.1
135.148.160.112/vectors/app-store-badge.svg
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (14261)
Size
14 kB (14262 bytes)
Hash
34683b771a7e7e258b2aaa2e1d7b37f1
cbd7c1053fe89019d386d1676ffa086ddbf0a8b5
3dd08d21a5c010294a50355af3565a50d08ea4aef83e822114be29171209f109

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /vectors/app-store-badge.svg HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:37:07 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 25 Jan 2023 13:28:26 GMT
ETag: "37b6-5f3169b6d1280"
Accept-Ranges: bytes
Content-Length: 14262
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml

push.services.mozilla.com/

54.201.249.32

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.201.249.32:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: f1evnwGkxcnK/zk+Q+uosg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dbMCM4Sy5tJczJXZkm5/rlTH7rU=

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:37:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:37:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

135.148.160.112/cartoes-renner/vectors/whatsapp.svg

135.148.160.112

404 Not Found

302 B

URL HTTP/1.1
135.148.160.112/cartoes-renner/vectors/whatsapp.svg
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
302 B (302 bytes)
Hash
aeb94cfeea8e1ec6ef6483c70f0b25aa
d38b0c18c5f117c407d22e5c3011e24a644a04d5
edb9f221f64e352b25e0f6b7239ee24caacfcff1a8c483f89793f307e337d9ed

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/vectors/whatsapp.svg HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-

HTTP/1.1 404 Not Found
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 302
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

135.148.160.112/vectors/bg-login.svg

135.148.160.112

200 OK

664 B

URL HTTP/1.1
135.148.160.112/vectors/bg-login.svg
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (663)
Size
664 B (664 bytes)
Hash
bbba81daa6feeed173485552f13c0f2a
aa3778c907487f06760a88ed95fa98522512f292
3bb71cec41dd0b3c5782f72d32b1b028fdc9558f0acace778d1a2c312d50f382

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /vectors/bg-login.svg HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 25 Jan 2023 13:28:26 GMT
ETag: "298-5f3169b6d1280"
Accept-Ranges: bytes
Content-Length: 664
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

135.148.160.112/fonts/Roboto-Black.woff2

135.148.160.112

200 OK

15 kB

URL HTTP/1.1
135.148.160.112/fonts/Roboto-Black.woff2
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
Web Open Font Format (Version 2), TrueType, length 14592, version 1.0\012- data
Size
15 kB (14592 bytes)
Hash
fa058128ab6fcaa61257208d085b4d57
71c4e4b88c8049ef87ab6ede1ed4c9934eff778e
6e85391e451421ec1d47481273c0b97555ee880504b0fe96c5cec1edd4b0c57f

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /fonts/Roboto-Black.woff2 HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 25 Jan 2023 13:28:30 GMT
ETag: "3900-5f3169baa1b80"
Accept-Ranges: bytes
Content-Length: 14592
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2

135.148.160.112/fonts/Roboto-Regular.woff2

135.148.160.112

200 OK

15 kB

URL HTTP/1.1
135.148.160.112/fonts/Roboto-Regular.woff2
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
Web Open Font Format (Version 2), TrueType, length 14600, version 1.0\012- data
Size
15 kB (14600 bytes)
Hash
a2647ffe169bbbd94a3238020354c732
0a59a3b17c93c1093c2514b3a9d51c91395aabd0
db44c6b7985f942465865cfe688770803ab464ec35fb9aefaeccc052e9b74b2a

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /fonts/Roboto-Regular.woff2 HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 25 Jan 2023 13:28:30 GMT
ETag: "3908-5f3169baa1b80"
Accept-Ranges: bytes
Content-Length: 14600
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2

135.148.160.112/images/celular-login.png

135.148.160.112

200 OK

155 kB

URL HTTP/1.1
135.148.160.112/images/celular-login.png
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
PNG image data, 379 x 485, 8-bit/color RGBA, non-interlaced\012- data
Size
155 kB (155176 bytes)
Hash
e624d089f9b2fff768b6b592285a4f12
bef94cbbf3c93e3cc8cc45975065216efc046336
7db4ada57262fbacd47bef4e96e3cedda276b9267e6ca4d20adeeb1c24d870b6

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /images/celular-login.png HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:37:07 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 25 Jan 2023 13:28:26 GMT
ETag: "25e28-5f3169b6d1280"
Accept-Ranges: bytes
Content-Length: 155176
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

cdn.pmweb.com.br/df/tag.js?id=PM-N2FTFQ

54.207.21.48

200 OK

9.2 kB

URL HTTP/1.1
cdn.pmweb.com.br/df/tag.js?id=PM-N2FTFQ
IP
54.207.21.48:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (22651), with no line terminators
Size
9.2 kB (9197 bytes)
Hash
bb462b00b14c20c1058237a188f4033b
6cb3f0724e5b750d6d1ae92518a9126314368e7b
ff1a4463eadc1c7e0bce4edd7635a026f7106130efd1c27bd4bb8af6104edf08

HTTP Headers

GET /df/tag.js?id=PM-N2FTFQ HTTP/1.1
Host: cdn.pmweb.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://135.148.160.112/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=300
Content-Encoding: gzip
Content-Type: application/javascript
Date: Fri, 27 Jan 2023 09:37:08 GMT
ETag: W/"63b8250b-587b"
Expires: Fri, 27 Jan 2023 09:42:08 GMT
Last-Modified: Fri, 06 Jan 2023 13:41:31 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Vary: Accept-Encoding
Content-Length: 9197
Connection: keep-alive

135.148.160.112/fonts/Roboto-Bold.woff2

135.148.160.112

200 OK

15 kB

URL HTTP/1.1
135.148.160.112/fonts/Roboto-Bold.woff2
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
Web Open Font Format (Version 2), TrueType, length 14680, version 1.0\012- data
Size
15 kB (14680 bytes)
Hash
aa3e87117db2b3c27801cbb8dfe40c6c
a1118c5362e2dd34ac5cf34e135042c3ad827b58
36eea693231e39de5efd21718fea8fc98005b580b264522ffbef360939b8d75c

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /fonts/Roboto-Bold.woff2 HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 25 Jan 2023 13:28:30 GMT
ETag: "3958-5f3169baa1b80"
Accept-Ranges: bytes
Content-Length: 14680
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff2

135.148.160.112/cartoes-renner/fonts/Roboto-Regular.woff

135.148.160.112

404 Not Found

302 B

URL HTTP/1.1
135.148.160.112/cartoes-renner/fonts/Roboto-Regular.woff
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
302 B (302 bytes)
Hash
aeb94cfeea8e1ec6ef6483c70f0b25aa
d38b0c18c5f117c407d22e5c3011e24a644a04d5
edb9f221f64e352b25e0f6b7239ee24caacfcff1a8c483f89793f307e337d9ed

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/fonts/Roboto-Regular.woff HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-

HTTP/1.1 404 Not Found
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 302
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

135.148.160.112/cartoes-renner/fonts/Roboto-Black.woff

135.148.160.112

404 Not Found

302 B

URL HTTP/1.1
135.148.160.112/cartoes-renner/fonts/Roboto-Black.woff
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
302 B (302 bytes)
Hash
aeb94cfeea8e1ec6ef6483c70f0b25aa
d38b0c18c5f117c407d22e5c3011e24a644a04d5
edb9f221f64e352b25e0f6b7239ee24caacfcff1a8c483f89793f307e337d9ed

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/fonts/Roboto-Black.woff HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-

HTTP/1.1 404 Not Found
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 302
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js

142.250.74.35

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1624 bytes)
Hash
3ab3a3944f881ad31c89d08f5e8bb435
3dffffd915706b6f3a4be103ef99b293fd89d2dc
a2b4316623904892860acbdf726e13f1b33e07244baaae92fb9bb0c01e70d69c

HTTP Headers

GET /recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Fri, 27 Jan 2023 09:37:08 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 09:37:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

135.148.160.112/cartoes-renner/fonts/Roboto-Bold.woff

135.148.160.112

404 Not Found

302 B

URL HTTP/1.1
135.148.160.112/cartoes-renner/fonts/Roboto-Bold.woff
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
302 B (302 bytes)
Hash
aeb94cfeea8e1ec6ef6483c70f0b25aa
d38b0c18c5f117c407d22e5c3011e24a644a04d5
edb9f221f64e352b25e0f6b7239ee24caacfcff1a8c483f89793f307e337d9ed

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/fonts/Roboto-Bold.woff HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-; _pm_id=523701674812228213; _pm_sid=161201674812228214

HTTP/1.1 404 Not Found
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 302
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

135.148.160.112/cartoes-renner/fonts/Roboto-Regular.ttf

135.148.160.112

404 Not Found

302 B

URL HTTP/1.1
135.148.160.112/cartoes-renner/fonts/Roboto-Regular.ttf
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
302 B (302 bytes)
Hash
aeb94cfeea8e1ec6ef6483c70f0b25aa
d38b0c18c5f117c407d22e5c3011e24a644a04d5
edb9f221f64e352b25e0f6b7239ee24caacfcff1a8c483f89793f307e337d9ed

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/fonts/Roboto-Regular.ttf HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-; _pm_id=523701674812228213; _pm_sid=161201674812228214

HTTP/1.1 404 Not Found
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 302
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

135.148.160.112/cartoes-renner/fonts/Roboto-Black.ttf

135.148.160.112

404 Not Found

302 B

URL HTTP/1.1
135.148.160.112/cartoes-renner/fonts/Roboto-Black.ttf
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
302 B (302 bytes)
Hash
aeb94cfeea8e1ec6ef6483c70f0b25aa
d38b0c18c5f117c407d22e5c3011e24a644a04d5
edb9f221f64e352b25e0f6b7239ee24caacfcff1a8c483f89793f307e337d9ed

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/fonts/Roboto-Black.ttf HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-; _pm_id=523701674812228213; _pm_sid=161201674812228214

HTTP/1.1 404 Not Found
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 302
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js

142.250.74.35

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1624 bytes)
Hash
3ab3a3944f881ad31c89d08f5e8bb435
3dffffd915706b6f3a4be103ef99b293fd89d2dc
a2b4316623904892860acbdf726e13f1b33e07244baaae92fb9bb0c01e70d69c

HTTP Headers

GET /recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Fri, 27 Jan 2023 09:37:08 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

135.148.160.112/cartoes-renner/fonts/Roboto-Bold.ttf

135.148.160.112

404 Not Found

302 B

URL HTTP/1.1
135.148.160.112/cartoes-renner/fonts/Roboto-Bold.ttf
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
302 B (302 bytes)
Hash
aeb94cfeea8e1ec6ef6483c70f0b25aa
d38b0c18c5f117c407d22e5c3011e24a644a04d5
edb9f221f64e352b25e0f6b7239ee24caacfcff1a8c483f89793f307e337d9ed

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/fonts/Roboto-Bold.ttf HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-; _pm_id=523701674812228213; _pm_sid=161201674812228214

HTTP/1.1 404 Not Found
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 302
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
7362c085de15ade4c718880ac495d84c
dc9b16946a3aa65d521221476e77b37115cda9b8
4537f79e4d28022d3d315461bd109123d54bd4d31634bdf5fd6cf3833a75af93

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=126024
Date: Fri, 27 Jan 2023 09:37:08 GMT
Etag: "63d2da7c-1d7"
Expires: Sat, 28 Jan 2023 20:37:32 GMT
Last-Modified: Thu, 26 Jan 2023 19:54:36 GMT
Server: ECS (nyb/1D04)
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 4eDoKDgLyYd5N4kAaEepjXtmhBrAy8glelQZpMp_pB149WD3ABRdUg==
Age: 2576

www.google-analytics.com/analytics.js

216.58.207.206

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
216.58.207.206:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://135.148.160.112/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 27 Jan 2023 07:46:59 GMT
expires: Fri, 27 Jan 2023 09:46:59 GMT
cache-control: public, max-age=7200
age: 6609
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__pt_br.js

142.250.74.35

200 OK

165 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__pt_br.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (844)
Size
165 kB (164850 bytes)
Hash
878e9477715d2f5c11b98f2383e258a4
0d16a3a589814ed08f9f0dc836eafc333b00d69d
1f18e966911092359bdab807d43e0deef464223ca0222a858dca21e9562c888c

HTTP Headers

GET /recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__pt_br.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://135.148.160.112
Connection: keep-alive
Referer: http://135.148.160.112/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 164850
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 01:23:10 GMT
expires: Wed, 24 Jan 2024 01:23:10 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
content-type: text/javascript
age: 288838
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470

216.58.207.206

200 OK

44 kB

URL HTTP/2
www.google-analytics.com/gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470
IP
216.58.207.206:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1759)
Size
44 kB (44464 bytes)
Hash
4024cfab507404dc5982c467d0fbfec6
93a30f6e3a819e4eff51c06c9264ce5b4af3a943
4c60fe0a8f6168917db41814312df51c53810f68b2f667cb4d2e5e7744e5cec1

HTTP Headers

GET /gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://135.148.160.112/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 27 Jan 2023 09:37:08 GMT
expires: Fri, 27 Jan 2023 09:37:08 GMT
cache-control: private, max-age=900
last-modified: Fri, 27 Jan 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44464
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

135.148.160.112/cartoes-renner/images/lojas-renner.png

135.148.160.112

404 Not Found

302 B

URL HTTP/1.1
135.148.160.112/cartoes-renner/images/lojas-renner.png
IP
135.148.160.112:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
302 B (302 bytes)
Hash
aeb94cfeea8e1ec6ef6483c70f0b25aa
d38b0c18c5f117c407d22e5c3011e24a644a04d5
edb9f221f64e352b25e0f6b7239ee24caacfcff1a8c483f89793f307e337d9ed

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/images/lojas-renner.png HTTP/1.1
Host: 135.148.160.112
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://135.148.160.112/login/index.php
Cookie: dtCookie=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE; rxVisitor=1674812227711K7DC9EUHCKN2KVUU7D95RCQ17A3J1CUJ; dtPC=-83$212227691_252h1vDEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0e0; rxvt=1674814027717|1674812227712; dtLatC=49; dtSa=-; _pm_id=523701674812228213; _pm_sid=161201674812228214

HTTP/1.1 404 Not Found
Date: Fri, 27 Jan 2023 09:37:08 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 302
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/styles__ltr.css

142.250.74.35

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/styles__ltr.css
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1620 bytes)
Hash
617f87016391056cbfa3087f986bd536
57c63621d5e3657f9add4229143eb54909902bd0
a38edb7c355cb03d028c7aebd49d71de4b673368cbf77dec0c95088930a90c73

HTTP Headers

GET /recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Fri, 27 Jan 2023 09:37:09 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1620
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

s3-sa-east-1.amazonaws.com/frame-image-br/bg.png?x-id=real&x-r=

16.12.0.4

200 OK

0 B

URL HTTP/1.1
s3-sa-east-1.amazonaws.com/frame-image-br/bg.png?x-id=real&x-r=
IP
16.12.0.4:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /frame-image-br/bg.png?x-id=real&x-r= HTTP/1.1
Host: s3-sa-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://135.148.160.112/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: 65FHaE9ikdqPZo90kvd0Nth4HU89xlbyx41kSe0E/gqzCH3Nh0/whQyQJ0DRB9Lq32b+5zYp8jc=
x-amz-request-id: 5TBFXP0R3GC2S2X3
Date: Fri, 27 Jan 2023 09:37:09 GMT
Last-Modified: Thu, 04 May 2017 08:21:21 GMT
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-meta-s3cmd-attrs: uid:502/gname:staff/uname:user/gid:20/mode:33188/mtime:1493416832/atime:1493796970/md5:d41d8cd98f00b204e9800998ecf8427e/ctime:1493416832
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 0

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3748
Expires: Fri, 27 Jan 2023 10:39:37 GMT
Date: Fri, 27 Jan 2023 09:37:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3748
Expires: Fri, 27 Jan 2023 10:39:37 GMT
Date: Fri, 27 Jan 2023 09:37:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3748
Expires: Fri, 27 Jan 2023 10:39:37 GMT
Date: Fri, 27 Jan 2023 09:37:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3748
Expires: Fri, 27 Jan 2023 10:39:37 GMT
Date: Fri, 27 Jan 2023 09:37:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3748
Expires: Fri, 27 Jan 2023 10:39:37 GMT
Date: Fri, 27 Jan 2023 09:37:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5943 bytes)
Hash
ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MeE0Qrn_yZvUApGQTbOKQ14Z2ipPLbPFPyVqkKTk0Bs7ETn0UU6yMg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:48:43 GMT
age: 42506
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5737 bytes)
Hash
5e7158416f60576804ccff03307319fe
a342f94625e913fa6b8d862a59979f1e3ad80dd1
5c525df7d169cc7e033d920c11f4a0163a781c025a22b70530882b56964a9a52

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5737
x-amzn-requestid: cc977ea9-c418-4a5a-a13b-c86e16bbe6ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRGPFGL5oAMFiSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d050c6-2d540cac5ca7d4e64cfdb8bc;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 21:42:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uZnA5gkRlZyqamh_n3992G9PlMJa4gJ-mjSOQEysII73dDKLXmeXsg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:26:22 GMT
age: 76247
etag: "a342f94625e913fa6b8d862a59979f1e3ad80dd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4272 bytes)
Hash
6e96f3ea585b5fa8ed6446ed16e2b4b2
f90c205f370a2426dffe3c21b24bfa551b385556
6967ba25887f87200fcb39a3e6f065fd27596b2ebcf0d33a2751c655d6e724f2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4272
x-amzn-requestid: e051c22b-c2ec-4e59-b29b-ba1464d8015b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRz28G13oAMFeeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d099c5-48b013ff34b9702a6d2fd560;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 02:53:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: X4SfAYS0JvW4sUNqSuBERNBwaI_xgKugxZ76_fsih_LSnImMC7Pnzg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 03:37:14 GMT
age: 85438
etag: "f90c205f370a2426dffe3c21b24bfa551b385556"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9056 bytes)
Hash
dc869235086902c4acc379733b6bfdb8
0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae
e614e29b14e69209fd4b82a688290f7a3f541909833a6558cf480aca899bab6d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9056
x-amzn-requestid: 81cf473d-8dc6-49e7-b012-d0b7dfaec7f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fB4COHTlIAMFtRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca3a0e-0848461c054db5c66fde9107;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 06:51:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fdefZSZfSJi1-C7ZTSahawckLN-To4P91H-n1cyPqw34f18VzTeHRg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:54:06 GMT
age: 74583
etag: "0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5623b111-3a93-4843-8a40-550089a3d3eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7804 bytes)
Hash
a5de6b54196befa95e9291a051c645d0
e3100707a4e9b1d5c30223d31f58cd6ee8ad010b
5bcc3dd7011df4e17d7ef86d892fedeca14b0d0eabbe782fecf35c9a82b25e40

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5623b111-3a93-4843-8a40-550089a3d3eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7804
x-amzn-requestid: 4cd6ed50-202c-4e57-94db-cc6585dca5b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLQWuH20oAMFxzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdfa91-05441777646d154650c97512;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:10:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D6nD7sD6FQavjUir9rxJlh9U2reSno5qNQ0qQdG4iS6hscVfSHdBCQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 22:01:13 GMT
age: 41756
etag: "e3100707a4e9b1d5c30223d31f58cd6ee8ad010b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11568 bytes)
Hash
b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 23:01:22 GMT
age: 38147
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

df.pmweb.com.br/push/?aid=PM-N2FTFQ&cid=523701674812228213&sid=161201674812228214&pvw=f2968274-1ae0-4047-a023-cb411b461828&v=1.19.0&rs=1280x1024&tt=Cart%C3%B5es%20Renner&ws=1280x1024&os=Linux%20x86_64&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&url=http%3A%2F%2F135.148.160.112%2Flogin%2Findex.php

18.228.227.3

200 OK

2 B

URL HTTP/1.1
df.pmweb.com.br/push/?aid=PM-N2FTFQ&cid=523701674812228213&sid=161201674812228214&pvw=f2968274-1ae0-4047-a023-cb411b461828&v=1.19.0&rs=1280x1024&tt=Cart%C3%B5es%20Renner&ws=1280x1024&os=Linux%20x86_64&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&url=http%3A%2F%2F135.148.160.112%2Flogin%2Findex.php
IP
18.228.227.3:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
50585be4e3159a71c874c590d2ba12ec
fb17882585bbfe9c55733a6e46a265ddaea6957a
54d626e08c1c802b305dad30b7e54a82f102390cc92c7d4db112048935236e9c

HTTP Headers

GET /push/?aid=PM-N2FTFQ&cid=523701674812228213&sid=161201674812228214&pvw=f2968274-1ae0-4047-a023-cb411b461828&v=1.19.0&rs=1280x1024&tt=Cart%C3%B5es%20Renner&ws=1280x1024&os=Linux%20x86_64&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&url=http%3A%2F%2F135.148.160.112%2Flogin%2Findex.php HTTP/1.1
Host: df.pmweb.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://135.148.160.112
Connection: keep-alive
Referer: http://135.148.160.112/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://135.148.160.112
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/plain
Date: Fri, 27 Jan 2023 09:37:09 GMT
Expires: 0
Pragma: no-cache
Server: nginx
Set-Cookie: _pm_uid=523701674812228213; path=/; domain=pmweb.com.br; secure; Expires=Sun, 26-Jan-2025 09:37:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Content-Length: 2
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
3690cf650542bf68300fffd7b7967fb1
0a69d360c454b31637d8df5200cefdf61a50340f
cd6af80099c242da006be11a5bea10faa20573ae1ef9c24b4e7c27a131a2c9b8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 27 Jan 2023 09:37:11 GMT
Last-Modified: Fri, 27 Jan 2023 08:50:00 GMT
Server: ECS (nyb/1D25)
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PTosqNy4113pJCAUR8v2N50yyfeGd5-92MhaChsVlkKBQnEb7-f9Vg==
Age: 2831

bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE&svrid=-83&flavor=cors&vi=DEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0&modifiedSince=1647975459642&rf=http%3A%2F%2F135.148.160.112%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=418258879&en=ovxxhecl&end=1

52.204.31.54

200 OK

703 B

URL HTTP/2
bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE&svrid=-83&flavor=cors&vi=DEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0&modifiedSince=1647975459642&rf=http%3A%2F%2F135.148.160.112%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=418258879&en=ovxxhecl&end=1
IP
52.204.31.54:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (703), with no line terminators
Size
703 B (703 bytes)
Hash
eee5a4ab12f3d43797a1418c1a9b0518
d2358dd61725550462548101a3a071721e8a283a
d59efe2db1dbbbf561f87a73fca4e7e98764805da7656f5ece7b3c24e7b0f85e

HTTP Headers

POST /bf?type=js3&sn=v_4_srv_-2D83_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE&svrid=-83&flavor=cors&vi=DEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0&modifiedSince=1647975459642&rf=http%3A%2F%2F135.148.160.112%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=418258879&en=ovxxhecl&end=1 HTTP/1.1
Host: bf73995led.bf.dynatrace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1218
Origin: http://135.148.160.112
Connection: keep-alive
Referer: http://135.148.160.112/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 27 Jan 2023 09:37:11 GMT
content-type: text/plain;charset=utf-8
content-length: 703
set-cookie: dtCookie=v_4_srv_7_sn_6D6FBBD87FD130FCFA298DC4730999A0_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1_rcs-3Acss_0; Path=/; Domain=.dynatrace.com
x-oneagent-js-injection: true
access-control-allow-origin: http://135.148.160.112
cache-control: no-cache
X-Firefox-Spdy: h2

bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_11_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1&svrid=11&flavor=cors&vi=DEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0&modifiedSince=1674804586561&rf=http%3A%2F%2F135.148.160.112%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=2593642049&en=ovxxhecl&end=1

52.204.31.54

200 OK

211 B

URL HTTP/2
bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_11_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1&svrid=11&flavor=cors&vi=DEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0&modifiedSince=1674804586561&rf=http%3A%2F%2F135.148.160.112%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=2593642049&en=ovxxhecl&end=1
IP
52.204.31.54:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
211 B (211 bytes)
Hash
3cccdaad4802c03fc49bb91241f996b1
4aba3a06e8f175686ddf2e5b22f3b08e6d27e660
d68d6eafc086673693dc803fb1ee173902b067b968014976e7d7cee0fe18863d

HTTP Headers

POST /bf?type=js3&sn=v_4_srv_11_sn_GMQR8TFP8924PBQKCMA51GU1VQTBT4LE_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1&svrid=11&flavor=cors&vi=DEMNFEPKAFPRRCVCPPHNCDKJRDPHFVUK-0&modifiedSince=1674804586561&rf=http%3A%2F%2F135.148.160.112%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=2593642049&en=ovxxhecl&end=1 HTTP/1.1
Host: bf73995led.bf.dynatrace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 4861
Origin: http://135.148.160.112
Connection: keep-alive
Referer: http://135.148.160.112/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 27 Jan 2023 09:37:13 GMT
content-type: text/plain;charset=utf-8
content-length: 211
set-cookie: dtCookie=v_4_srv_5_sn_EE0A5C1D4AA630F57509522A5C9FCD69_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1_rcs-3Acss_0; Path=/; Domain=.dynatrace.com
x-oneagent-js-injection: true
access-control-allow-origin: http://135.148.160.112
cache-control: no-cache
X-Firefox-Spdy: h2

js-cdn.dynatrace.com/jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js

54.230.111.96

200 OK

0 B

URL HTTP/2
js-cdn.dynatrace.com/jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js
IP
54.230.111.96:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js HTTP/1.1
Host: js-cdn.dynatrace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://135.148.160.112
Connection: keep-alive
Referer: http://135.148.160.112/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
date: Fri, 27 Jan 2023 09:37:07 GMT
x-oneagent-js-injection: true
traffic-source: UNKNOWN
dynatrace-response-source: Cluster
dynatrace-response-id: BLAMOU9EH5M2
expires: Fri, 27 Jan 2023 10:37:07 GMT
cache-control: public, max-age=3600
access-control-allow-origin: *
timing-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YdUmpcZ21Wfjpul35DOyylDcOiVqGiIYR9rJ16ljpyK-UiNjD7qF2w==
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML