r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3716
Expires: Wed, 28 Sep 2022 09:28:42 GMT
Date: Wed, 28 Sep 2022 08:26:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 07:42:53 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8xbpJ5IFt3hPsydjgN8KBfB45-Vik3XvzDxIVCUnse3Quc_3YXhAjg==
Age: 2633
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fPW_e1luPlxeZpPob5saf0t9nWpW52_j4wzrNlhLlK2entq1L9eZGw==
age: 82953
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 08:26:46 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
20.225.72.108/ruxitagentjs_ICA2Vfghjqru_10235220309135426.js
20.225.72.108404 Not Found 299 B URL HTTP/1.1 20.225.72.108/ruxitagentjs_ICA2Vfghjqru_10235220309135426.js
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash babb0c56360cc0940e9c47bbfe656d5e
22fdeb6bfafe562fdcfa1795aab442760f6c9d6c
8d27f3215bc56be8d90c8ee790e49dc08cca563e4535a568411438618b8fb7b1
Analyzer Verdict Alert fortinet Phishing
GET /ruxitagentjs_ICA2Vfghjqru_10235220309135426.js HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
HTTP/1.1 404 Not Found
Date: Wed, 28 Sep 2022 08:26:46 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Content-Length: 299
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
20.225.72.108/cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js
20.225.72.108404 Not Found 299 B URL HTTP/1.1 20.225.72.108/cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash babb0c56360cc0940e9c47bbfe656d5e
22fdeb6bfafe562fdcfa1795aab442760f6c9d6c
8d27f3215bc56be8d90c8ee790e49dc08cca563e4535a568411438618b8fb7b1
Analyzer Verdict Alert fortinet Phishing
GET /cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
HTTP/1.1 404 Not Found
Date: Wed, 28 Sep 2022 08:26:46 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Content-Length: 299
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-N2FTFQ
142.250.74.72200 OK 49 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-N2FTFQ
IP 142.250.74.72:0
File type ASCII text, with very long lines (3707)
Hash 7b65291c3a88f538fda10b34f1a155be
c0068b0e3bf03de4a0415b1ee06d1d78cb98b27d
7a94c2db46d83368dd1d49c018712f0dfe84d2680967a7e4ab002016f56a53f1
GET /gtm.js?id=GTM-N2FTFQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.225.72.108/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 08:26:47 GMT
expires: Wed, 28 Sep 2022 08:26:47 GMT
cache-control: private, max-age=900
last-modified: Wed, 28 Sep 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 48897
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 07:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 08:18:59 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Vl6JkjqLgFon6bq0NYaa4ZSEWz1hFTzvst5yCrw746gxW6nZ-YdAmQ==
Age: 3434
20.225.72.108/Renner/js/3.bundle-d6a6baaa0dc3faae26db.js
20.225.72.108200 OK 38 kB URL HTTP/1.1 20.225.72.108/Renner/js/3.bundle-d6a6baaa0dc3faae26db.js
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (37515), with no line terminators
Hash 39e850b2f21e44f7c83c5bfbf71a1a23
3610d538fb093eec2940764418eff51e72fe8f8f
4ab4958c63bd706e031161717896c8fbe22f133a4c9ff285cc053e75ceb13d06
Analyzer Verdict Alert fortinet Phishing
GET /Renner/js/3.bundle-d6a6baaa0dc3faae26db.js HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:26:46 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Last-Modified: Sun, 25 Sep 2022 03:27:23 GMT
ETag: "93a0-5e977fd4febec"
Accept-Ranges: bytes
Content-Length: 37792
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 09de3f9b993678d3283307dbef6e3445
c57a8146f99bc641a8a067265e277b0e79fd94f7
0173661df06b9c63a9ca182b5c1b8d2d545999afe41b0a3084e36951924e4299
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 08:26:47 GMT
Last-Modified: Wed, 28 Sep 2022 06:38:39 GMT
Server: ECS (nyb/1D24)
X-Cache: Miss from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: uTxjwvdAPqWuQEGhilC8UilkqgoiuM251nxXItzoWmhWcRqEPP2HZw==
Age: 6488
20.225.72.108/cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js
20.225.72.108404 Not Found 299 B URL HTTP/1.1 20.225.72.108/cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash babb0c56360cc0940e9c47bbfe656d5e
22fdeb6bfafe562fdcfa1795aab442760f6c9d6c
8d27f3215bc56be8d90c8ee790e49dc08cca563e4535a568411438618b8fb7b1
Analyzer Verdict Alert fortinet Phishing
GET /cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 404 Not Found
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Content-Length: 299
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5e01e4cfb215a3f052b4c716bc77c1a6
6e63b3e883051319571310c44b87591f0312d83f
aebb544e0762c6c3eb289d85c20299baa3f742dc46cfa5bcc33ac6df411285ae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.106200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.106:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.225.72.108/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 08:20:49 GMT
expires: Mon, 25 Sep 2023 08:20:49 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 259558
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR
142.250.74.164200 OK 577 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR
IP 142.250.74.164:0
File type ASCII text, with very long lines (913), with no line terminators
Hash 1cabadc7c2f1772988eada3a342c7d4b
c567f9c6f4b23c49d6215d90ccafcd311f0adbac
2a506a2727b89bcd5b033d98a80f5be4251d9d453924d3dcde3a77037db054af
GET /recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.225.72.108/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Wed, 28 Sep 2022 08:26:47 GMT
date: Wed, 28 Sep 2022 08:26:47 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 577
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5352
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:26:47 GMT
Last-Modified: Wed, 28 Sep 2022 06:57:35 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
20.225.72.108/Renner/login/index.php
20.225.72.108200 OK 735 kB URL HTTP/1.1 20.225.72.108/Renner/login/index.php
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1242)
Size 735 kB (735044 bytes)
Hash 9383d4360081b49564355115db113aa9
b4e68164f068196beeccfa9f1785e7495846f171
20b19848cf16afc93e01685ca532b0e36f7ec5bdd41b701440e9fe383533ef88
Analyzer Verdict Alert openphish Lojas Renner
fortinet Phishing
GET /Renner/login/index.php HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:26:46 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
X-Powered-By: PHP/8.1.6
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
20.225.72.108/Renner/vectors/google-play-badge-reverse.svg
20.225.72.108200 OK 11 kB URL HTTP/1.1 20.225.72.108/Renner/vectors/google-play-badge-reverse.svg
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (10788)
Hash dd500e2468aecaccb46e64859f38ed87
6922b1027cf980cf19ed84c94732c3b704798cc8
e946d863a136a09089fd275d574ff3346bad8327d4ef378c06af35872d9fe56d
Analyzer Verdict Alert fortinet Phishing
GET /Renner/vectors/google-play-badge-reverse.svg HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Last-Modified: Sun, 25 Sep 2022 03:27:27 GMT
ETag: "2a25-5e977fd82b4ba"
Accept-Ranges: bytes
Content-Length: 10789
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash be52dbe2d47697a7f007d69c486b77b4
fe445ea87749e97423e7865bc559ad78f672a62d
65d16df2b3095c658d2bdf39b06d57486967bba7b43c43108e5025d7af5b7ab6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz
142.250.74.164200 OK 23 kB URL HTTP/2 www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (35915)
Hash d85e7679a2bb769588555ab5112a6742
284245dc111e084c72232ea1a0d8ad00f7cc3ac7
df27c614201c01114d884a1edd458a137a06a8aab0c76c9965eea01acdbd06ef
GET /recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.225.72.108/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 28 Sep 2022 08:26:47 GMT
content-security-policy: script-src 'nonce-GlOT1cWKoOmt1p4GSpqC1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 23307
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
20.225.72.108/Renner/fonts/Roboto-Regular.woff2
20.225.72.108200 OK 15 kB URL HTTP/1.1 20.225.72.108/Renner/fonts/Roboto-Regular.woff2
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 14600, version 1.0\012- data
Hash a2647ffe169bbbd94a3238020354c732
0a59a3b17c93c1093c2514b3a9d51c91395aabd0
db44c6b7985f942465865cfe688770803ab464ec35fb9aefaeccc052e9b74b2a
Analyzer Verdict Alert fortinet Phishing
GET /Renner/fonts/Roboto-Regular.woff2 HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Last-Modified: Sun, 25 Sep 2022 03:27:23 GMT
ETag: "3908-5e977fd4dc698"
Accept-Ranges: bytes
Content-Length: 14600
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff2
20.225.72.108/Renner/fonts/Roboto-Bold.woff2
20.225.72.108200 OK 15 kB URL HTTP/1.1 20.225.72.108/Renner/fonts/Roboto-Bold.woff2
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 14680, version 1.0\012- data
Hash aa3e87117db2b3c27801cbb8dfe40c6c
a1118c5362e2dd34ac5cf34e135042c3ad827b58
36eea693231e39de5efd21718fea8fc98005b580b264522ffbef360939b8d75c
Analyzer Verdict Alert fortinet Phishing
GET /Renner/fonts/Roboto-Bold.woff2 HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Last-Modified: Sun, 25 Sep 2022 03:27:23 GMT
ETag: "3958-5e977fd4cd264"
Accept-Ranges: bytes
Content-Length: 14680
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
20.225.72.108/Renner/vectors/app-store-badge.svg
20.225.72.108200 OK 14 kB URL HTTP/1.1 20.225.72.108/Renner/vectors/app-store-badge.svg
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (14261)
Hash 34683b771a7e7e258b2aaa2e1d7b37f1
cbd7c1053fe89019d386d1676ffa086ddbf0a8b5
3dd08d21a5c010294a50355af3565a50d08ea4aef83e822114be29171209f109
Analyzer Verdict Alert fortinet Phishing
GET /Renner/vectors/app-store-badge.svg HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Last-Modified: Sun, 25 Sep 2022 03:27:27 GMT
ETag: "37b6-5e977fd81fd9f"
Accept-Ranges: bytes
Content-Length: 14262
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
20.225.72.108/Renner/vectors/google-play-badge.svg
20.225.72.108200 OK 11 kB URL HTTP/1.1 20.225.72.108/Renner/vectors/google-play-badge.svg
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (10785)
Hash f1a5450f21493625afbc619436ad14e0
e641815fd9bd38b5827c9e65821ed5a8fa05b0fb
8827f96ace2afe4aeff4c33db4ac86193f38a62cb30d9fbba949e0b72c2a55ff
Analyzer Verdict Alert fortinet Phishing
GET /Renner/vectors/google-play-badge.svg HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Last-Modified: Sun, 25 Sep 2022 03:27:27 GMT
ETag: "2a22-5e977fd832ecc"
Accept-Ranges: bytes
Content-Length: 10786
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml
www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/styles__ltr.css
142.250.74.163404 Not Found 1.6 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/styles__ltr.css
IP 142.250.74.163:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash 617f87016391056cbfa3087f986bd536
57c63621d5e3657f9add4229143eb54909902bd0
a38edb7c355cb03d028c7aebd49d71de4b673368cbf77dec0c95088930a90c73
GET /recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Wed, 28 Sep 2022 08:26:47 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1620
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.pmweb.com.br/df/tag.js?id=PM-N2FTFQ
54.207.135.96200 OK 9.2 kB URL HTTP/1.1 cdn.pmweb.com.br/df/tag.js?id=PM-N2FTFQ
IP 54.207.135.96:0
File type ASCII text, with very long lines (22651), with no line terminators
Hash bb462b00b14c20c1058237a188f4033b
6cb3f0724e5b750d6d1ae92518a9126314368e7b
ff1a4463eadc1c7e0bce4edd7635a026f7106130efd1c27bd4bb8af6104edf08
GET /df/tag.js?id=PM-N2FTFQ HTTP/1.1
Host: cdn.pmweb.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.225.72.108/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=300
Content-Encoding: gzip
Content-Type: application/javascript
Date: Wed, 28 Sep 2022 08:26:47 GMT
ETag: W/"63335e7e-587b"
Expires: Wed, 28 Sep 2022 08:31:47 GMT
Last-Modified: Tue, 27 Sep 2022 20:35:10 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Vary: Accept-Encoding
Content-Length: 9197
Connection: keep-alive
www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js
142.250.74.163404 Not Found 1.6 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js
IP 142.250.74.163:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash 3ab3a3944f881ad31c89d08f5e8bb435
3dffffd915706b6f3a4be103ef99b293fd89d2dc
a2b4316623904892860acbdf726e13f1b33e07244baaae92fb9bb0c01e70d69c
GET /recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Wed, 28 Sep 2022 08:26:47 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 08:26:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
20.225.72.108/Renner/fonts/Roboto-Black.woff2
20.225.72.108200 OK 15 kB URL HTTP/1.1 20.225.72.108/Renner/fonts/Roboto-Black.woff2
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 14592, version 1.0\012- data
Hash fa058128ab6fcaa61257208d085b4d57
71c4e4b88c8049ef87ab6ede1ed4c9934eff778e
6e85391e451421ec1d47481273c0b97555ee880504b0fe96c5cec1edd4b0c57f
Analyzer Verdict Alert fortinet Phishing
GET /Renner/fonts/Roboto-Black.woff2 HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Last-Modified: Sun, 25 Sep 2022 03:27:23 GMT
ETag: "3900-5e977fd4c95cd"
Accept-Ranges: bytes
Content-Length: 14592
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2
20.225.72.108/Renner/vectors/bg-login.svg
20.225.72.108200 OK 664 B URL HTTP/1.1 20.225.72.108/Renner/vectors/bg-login.svg
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (663)
Hash bbba81daa6feeed173485552f13c0f2a
aa3778c907487f06760a88ed95fa98522512f292
3bb71cec41dd0b3c5782f72d32b1b028fdc9558f0acace778d1a2c312d50f382
Analyzer Verdict Alert fortinet Phishing
GET /Renner/vectors/bg-login.svg HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Last-Modified: Sun, 25 Sep 2022 03:27:27 GMT
ETag: "298-5e977fd8277b1"
Accept-Ranges: bytes
Content-Length: 664
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
20.225.72.108/cartoes-renner/vectors/whatsapp.svg
20.225.72.108404 Not Found 299 B URL HTTP/1.1 20.225.72.108/cartoes-renner/vectors/whatsapp.svg
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash babb0c56360cc0940e9c47bbfe656d5e
22fdeb6bfafe562fdcfa1795aab442760f6c9d6c
8d27f3215bc56be8d90c8ee790e49dc08cca563e4535a568411438618b8fb7b1
Analyzer Verdict Alert fortinet Phishing
GET /cartoes-renner/vectors/whatsapp.svg HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 404 Not Found
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Content-Length: 299
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
push.services.mozilla.com/
34.208.31.97101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.208.31.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nJ1QtXYWh1EuoOYUGzUu0Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PuN7bBBIRs9RIkLUfMlQ45Iow6c=
20.225.72.108/cartoes-renner/fonts/Roboto-Regular.woff
20.225.72.108404 Not Found 299 B URL HTTP/1.1 20.225.72.108/cartoes-renner/fonts/Roboto-Regular.woff
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash babb0c56360cc0940e9c47bbfe656d5e
22fdeb6bfafe562fdcfa1795aab442760f6c9d6c
8d27f3215bc56be8d90c8ee790e49dc08cca563e4535a568411438618b8fb7b1
Analyzer Verdict Alert fortinet Phishing
GET /cartoes-renner/fonts/Roboto-Regular.woff HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 404 Not Found
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Content-Length: 299
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
20.225.72.108/Renner/images/celular-login.png
20.225.72.108200 OK 155 kB URL HTTP/1.1 20.225.72.108/Renner/images/celular-login.png
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 379 x 485, 8-bit/color RGBA, non-interlaced\012- data
Size 155 kB (155176 bytes)
Hash e624d089f9b2fff768b6b592285a4f12
bef94cbbf3c93e3cc8cc45975065216efc046336
7db4ada57262fbacd47bef4e96e3cedda276b9267e6ca4d20adeeb1c24d870b6
GET /Renner/images/celular-login.png HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Last-Modified: Sun, 25 Sep 2022 03:27:23 GMT
ETag: "25e28-5e977fd4ef7c6"
Accept-Ranges: bytes
Content-Length: 155176
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
20.225.72.108/cartoes-renner/fonts/Roboto-Bold.woff
20.225.72.108404 Not Found 299 B URL HTTP/1.1 20.225.72.108/cartoes-renner/fonts/Roboto-Bold.woff
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash babb0c56360cc0940e9c47bbfe656d5e
22fdeb6bfafe562fdcfa1795aab442760f6c9d6c
8d27f3215bc56be8d90c8ee790e49dc08cca563e4535a568411438618b8fb7b1
Analyzer Verdict Alert fortinet Phishing
GET /cartoes-renner/fonts/Roboto-Bold.woff HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 404 Not Found
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Content-Length: 299
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
20.225.72.108/cartoes-renner/fonts/Roboto-Black.woff
20.225.72.108404 Not Found 299 B URL HTTP/1.1 20.225.72.108/cartoes-renner/fonts/Roboto-Black.woff
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash babb0c56360cc0940e9c47bbfe656d5e
22fdeb6bfafe562fdcfa1795aab442760f6c9d6c
8d27f3215bc56be8d90c8ee790e49dc08cca563e4535a568411438618b8fb7b1
Analyzer Verdict Alert fortinet Phishing
GET /cartoes-renner/fonts/Roboto-Black.woff HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-; _pm_id=271821664353605301; _pm_sid=864521664353605302
HTTP/1.1 404 Not Found
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Content-Length: 299
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
20.225.72.108/cartoes-renner/fonts/Roboto-Regular.ttf
20.225.72.108404 Not Found 299 B URL HTTP/1.1 20.225.72.108/cartoes-renner/fonts/Roboto-Regular.ttf
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash babb0c56360cc0940e9c47bbfe656d5e
22fdeb6bfafe562fdcfa1795aab442760f6c9d6c
8d27f3215bc56be8d90c8ee790e49dc08cca563e4535a568411438618b8fb7b1
Analyzer Verdict Alert fortinet Phishing
GET /cartoes-renner/fonts/Roboto-Regular.ttf HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-; _pm_id=271821664353605301; _pm_sid=864521664353605302
HTTP/1.1 404 Not Found
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Content-Length: 299
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
20.225.72.108/Renner/js/vendors.bundle-859d26788acf215a201a.js
20.225.72.108200 OK 686 kB URL HTTP/1.1 20.225.72.108/Renner/js/vendors.bundle-859d26788acf215a201a.js
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (65518), with no line terminators
Size 686 kB (686470 bytes)
Hash ba8db3e4745ef4402e6c1011c9227191
e155466c79dd3823ff0ce99802093d80e40ebd1f
40d596025119e99448ba247d9ad58248525a484a971dabdd366e0724453e3e36
Analyzer Verdict Alert fortinet Phishing
GET /Renner/js/vendors.bundle-859d26788acf215a201a.js HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-
HTTP/1.1 200 OK
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Last-Modified: Sun, 25 Sep 2022 03:27:24 GMT
ETag: "a7986-5e977fd53bc84"
Accept-Ranges: bytes
Content-Length: 686470
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
20.225.72.108/cartoes-renner/fonts/Roboto-Black.ttf
20.225.72.108404 Not Found 299 B URL HTTP/1.1 20.225.72.108/cartoes-renner/fonts/Roboto-Black.ttf
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash babb0c56360cc0940e9c47bbfe656d5e
22fdeb6bfafe562fdcfa1795aab442760f6c9d6c
8d27f3215bc56be8d90c8ee790e49dc08cca563e4535a568411438618b8fb7b1
Analyzer Verdict Alert fortinet Phishing
GET /cartoes-renner/fonts/Roboto-Black.ttf HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-; _pm_id=271821664353605301; _pm_sid=864521664353605302
HTTP/1.1 404 Not Found
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Content-Length: 299
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
20.225.72.108/cartoes-renner/fonts/Roboto-Bold.ttf
20.225.72.108404 Not Found 299 B URL HTTP/1.1 20.225.72.108/cartoes-renner/fonts/Roboto-Bold.ttf
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash babb0c56360cc0940e9c47bbfe656d5e
22fdeb6bfafe562fdcfa1795aab442760f6c9d6c
8d27f3215bc56be8d90c8ee790e49dc08cca563e4535a568411438618b8fb7b1
Analyzer Verdict Alert fortinet Phishing
GET /cartoes-renner/fonts/Roboto-Bold.ttf HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-; _pm_id=271821664353605301; _pm_sid=864521664353605302
HTTP/1.1 404 Not Found
Date: Wed, 28 Sep 2022 08:26:47 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Content-Length: 299
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
s3-sa-east-1.amazonaws.com/frame-image-br/bg.png?x-id=real&x-r=
52.95.164.104200 OK 0 B URL HTTP/1.1 s3-sa-east-1.amazonaws.com/frame-image-br/bg.png?x-id=real&x-r=
IP 52.95.164.104:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /frame-image-br/bg.png?x-id=real&x-r= HTTP/1.1
Host: s3-sa-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.225.72.108/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: dJnd9HfSDc12m50xcWt214YpOPeEglIf5WDZ7EuvS3kPaVEpZ64mX0U9jppx+AmSGfYgn3mKZ2s=
x-amz-request-id: 1H5YBJTV5YQ09X4A
Date: Wed, 28 Sep 2022 08:26:49 GMT
Last-Modified: Thu, 04 May 2017 08:21:21 GMT
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-meta-s3cmd-attrs: uid:502/gname:staff/uname:user/gid:20/mode:33188/mtime:1493416832/atime:1493796970/md5:d41d8cd98f00b204e9800998ecf8427e/ctime:1493416832
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 0
www.google-analytics.com/gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470
142.250.74.174200 OK 43 kB URL HTTP/2 www.google-analytics.com/gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470
IP 142.250.74.174:0
File type ASCII text, with very long lines (2039)
Hash 3fb143f9a6916f6295e3abd9f0403651
c3b2ac0d209178041f24c96715650b7dfd0673bf
cd5d8a27b16a88019fae4f526ac12cde2f4763753f3e84ef3992027e16bfa100
GET /gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.225.72.108/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 08:26:48 GMT
expires: Wed, 28 Sep 2022 08:26:48 GMT
cache-control: private, max-age=900
last-modified: Wed, 28 Sep 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42786
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
20.225.72.108/cartoes-renner/images/lojas-renner.png
20.225.72.108404 Not Found 299 B URL HTTP/1.1 20.225.72.108/cartoes-renner/images/lojas-renner.png
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash babb0c56360cc0940e9c47bbfe656d5e
22fdeb6bfafe562fdcfa1795aab442760f6c9d6c
8d27f3215bc56be8d90c8ee790e49dc08cca563e4535a568411438618b8fb7b1
GET /cartoes-renner/images/lojas-renner.png HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-; _pm_id=271821664353605301; _pm_sid=864521664353605302
HTTP/1.1 404 Not Found
Date: Wed, 28 Sep 2022 08:26:48 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Content-Length: 299
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
20.225.72.108/cartoes-renner/images/favicon.ico
20.225.72.108404 Not Found 299 B URL HTTP/1.1 20.225.72.108/cartoes-renner/images/favicon.ico
IP 20.225.72.108:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash babb0c56360cc0940e9c47bbfe656d5e
22fdeb6bfafe562fdcfa1795aab442760f6c9d6c
8d27f3215bc56be8d90c8ee790e49dc08cca563e4535a568411438618b8fb7b1
GET /cartoes-renner/images/favicon.ico HTTP/1.1
Host: 20.225.72.108
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.225.72.108/Renner/login/index.php
Cookie: dtCookie=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9; rxVisitor=1664353604547NQ8638GSO2030UFU4T0HPDMKJI8BMV4A; dtPC=-40$553604541_965h1vALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0e0; rxvt=1664355404553|1664353604548; dtLatC=61; dtSa=-; _pm_id=271821664353605301; _pm_sid=864521664353605302
HTTP/1.1 404 Not Found
Date: Wed, 28 Sep 2022 08:26:48 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
Content-Length: 299
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
df.pmweb.com.br/push/?aid=PM-N2FTFQ&cid=271821664353605301&sid=864521664353605302&pvw=833496b5-7b39-4615-a9bf-f65df906d168&v=1.19.0&rs=1280x1024&tt=Cart%C3%B5es%20Renner&ws=1280x1024&os=Linux%20x86_64&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&url=http%3A%2F%2F20.225.72.108%2FRenner%2Flogin%2Findex.php
18.229.51.77200 OK 2 B URL HTTP/1.1 df.pmweb.com.br/push/?aid=PM-N2FTFQ&cid=271821664353605301&sid=864521664353605302&pvw=833496b5-7b39-4615-a9bf-f65df906d168&v=1.19.0&rs=1280x1024&tt=Cart%C3%B5es%20Renner&ws=1280x1024&os=Linux%20x86_64&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&url=http%3A%2F%2F20.225.72.108%2FRenner%2Flogin%2Findex.php
IP 18.229.51.77:0
File type ASCII text, with no line terminators
Hash 50585be4e3159a71c874c590d2ba12ec
fb17882585bbfe9c55733a6e46a265ddaea6957a
54d626e08c1c802b305dad30b7e54a82f102390cc92c7d4db112048935236e9c
GET /push/?aid=PM-N2FTFQ&cid=271821664353605301&sid=864521664353605302&pvw=833496b5-7b39-4615-a9bf-f65df906d168&v=1.19.0&rs=1280x1024&tt=Cart%C3%B5es%20Renner&ws=1280x1024&os=Linux%20x86_64&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&url=http%3A%2F%2F20.225.72.108%2FRenner%2Flogin%2Findex.php HTTP/1.1
Host: df.pmweb.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://20.225.72.108
Connection: keep-alive
Referer: http://20.225.72.108/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://20.225.72.108
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/plain
Date: Wed, 28 Sep 2022 08:26:48 GMT
Expires: 0
Pragma: no-cache
Server: nginx
Set-Cookie: _pm_uid=271821664353605301; path=/; domain=pmweb.com.br; secure; Expires=Fri, 27-Sep-2024 08:26:48 GMT
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Content-Length: 2
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11871
Expires: Wed, 28 Sep 2022 11:44:39 GMT
Date: Wed, 28 Sep 2022 08:26:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11871
Expires: Wed, 28 Sep 2022 11:44:39 GMT
Date: Wed, 28 Sep 2022 08:26:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11871
Expires: Wed, 28 Sep 2022 11:44:39 GMT
Date: Wed, 28 Sep 2022 08:26:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11871
Expires: Wed, 28 Sep 2022 11:44:39 GMT
Date: Wed, 28 Sep 2022 08:26:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6139c878a7d2bd32c61fc8287996eb5b
9c4692ea64832895fbd107d91f879728b6a440c7
3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8500
x-amzn-requestid: 626c21ec-f29b-4b69-b275-c22c864c2409
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3VmENnIAMFeTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c23-75eccc381fbd6e5d4ff59c06;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Eyy8qoYVCJbt6b6hTGJ-rOrYex9RuX1InyZbpHkeu9yQqPUEvowKcw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:58 GMT
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
content-type: image/jpeg
age: 38270
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52d10f53-5e95-4bc8-aa34-09983b7221cd.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52d10f53-5e95-4bc8-aa34-09983b7221cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c4a66beda24621e812a929933c52025d
e951f6b11e473b68d2fdd95b822cef120d37b1eb
28efb1495fdb363cea9ccc6c38f84b2731dbd44dd4dbbe42996fa6fab74e1ce6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52d10f53-5e95-4bc8-aa34-09983b7221cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6721
x-amzn-requestid: ea4416a4-ffbe-4006-bb09-aa0a70763ab2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3xTGNOoAMFXeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336cd4-6634cd372bd677227f755769;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:36:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: EbkbN72NJbDqfnJjnaUcitG0W6yk8vR__5zLvdidXuWqh7VQK2O8OA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:18:40 GMT
age: 36488
etag: "e951f6b11e473b68d2fdd95b822cef120d37b1eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee83d08d024d127fad5918e1ffacb78b
8ad289a77705358ab660b6123e9d90de991b6c13
aaab3590ef3777ce8b7a9a34f18866fa20ecaa554cbcdcdb3f1fa3c34c88ceb4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5653a1a-a7d7-4b1e-a27e-4eb6b032901d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11314
x-amzn-requestid: 0ceafc65-764c-4367-b031-257061eb65d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF00oAMFUpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-0d46481b7394081b14a81131;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ve8l6PxpMuBLt5BxwywNpqM2ISt0zy2r_gweYnVw4X65PBEhpMbckg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:00 GMT
age: 38448
etag: "8ad289a77705358ab660b6123e9d90de991b6c13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40456fc-e6ad-484b-8754-8b2b0e7abc7c.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40456fc-e6ad-484b-8754-8b2b0e7abc7c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1fa8cb4f4be5057788cd1a2a4d0e76d6
1aec1d67a36867bee8069a144fb1b0d95ff2cb54
5193131db8040ef254554d59109002ec7b8cfc2eab1e872b63e5f65db7cf5105
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40456fc-e6ad-484b-8754-8b2b0e7abc7c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5944
x-amzn-requestid: 040b4452-4120-4ae5-9ad2-c5b341abbb13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI34BFdmIAMFmew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336cff-103adde82b57535e4f3fb16a;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:37:04 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: q03mXCSikJcsTBGqk1Xq7452EiDz4t9PFbp5Qj4xwobiFgqtPwGCBw==
via: 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:21:35 GMT
age: 36313
etag: "1aec1d67a36867bee8069a144fb1b0d95ff2cb54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff14e2acf-9d43-48bc-ab80-1dc73fa7dfc8.webp
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff14e2acf-9d43-48bc-ab80-1dc73fa7dfc8.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c301dff6ddda16fd64692c19173cfa8c
2afdfb716192540a61327137706462c53588bf23
fd0f33a778fec87dbfa323ffa6b24ca5f94aa16d102e62683ad54b759208058b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff14e2acf-9d43-48bc-ab80-1dc73fa7dfc8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5377
x-amzn-requestid: 28ddd5cd-c299-4b36-98be-b6dbeaadc1ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI4KRGo7oAMFUiQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336d74-27ebe6e974ee5b7d06227fca;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TEv_Z7_1FsPBC2ugxBvTbts1ubHFeZjRhrSFAGt2liOt-Z5GQhmu-g==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:28:53 GMT
age: 35875
etag: "2afdfb716192540a61327137706462c53588bf23"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7723c423-9c9b-4e58-93cc-7198e8ff6f62.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7723c423-9c9b-4e58-93cc-7198e8ff6f62.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 46dc8f1499f4de5f03bd87a68c3c6c7b
0cd28a243f9704140ccb9eb1415a77fcccc7cf87
3d7a5cdc0812857efabd7ab941aea6d6582790b86a9587809d222c0a8546262b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7723c423-9c9b-4e58-93cc-7198e8ff6f62.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7359
x-amzn-requestid: 6e3123b2-ea7e-4e3e-8399-19a66d27923f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI34CEYtIAMF01w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336d00-5995316c70da7a0c460ac432;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:37:04 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: t_uz9vKifWkMj014gCS83STU-fnM39a49_LB5By3j9NqLpqfl8tKSA==
via: 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:57:38 GMT
age: 37750
etag: "0cd28a243f9704140ccb9eb1415a77fcccc7cf87"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash a22907a20661d4f4729ddce23a1f5479
9682e795445a23ef65560eedd3b81c20fc612d5c
51d5e050faff08d6340c57ff6ea4560e1a32db71d297efe725277f2a2a88befe
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 08:26:49 GMT
Last-Modified: Wed, 28 Sep 2022 07:21:35 GMT
Server: ECS (nyb/1D11)
X-Cache: Miss from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: eD6trVHUPJAMGQZp-AE01KwacziefjvikvvFK5MsDzZzj9CcmM48Yg==
Age: 3914
bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9&svrid=-40&flavor=cors&vi=ALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0&modifiedSince=1647975459642&rf=http%3A%2F%2F20.225.72.108%2FRenner%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=501993964&en=ovxxhecl&end=1
52.71.122.73200 OK 760 B URL HTTP/2 bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9&svrid=-40&flavor=cors&vi=ALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0&modifiedSince=1647975459642&rf=http%3A%2F%2F20.225.72.108%2FRenner%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=501993964&en=ovxxhecl&end=1
IP 52.71.122.73:0
File type ASCII text, with very long lines (760), with no line terminators
Hash 838a622b4a1b7efd6fae51b11d5b4c26
d453ca1b235b12fc46ec15b9920143ff6315cf80
c391e7dba76cf5d0e6c268ac755e12820e5972e0d894bfabd00086db2367a999
POST /bf?type=js3&sn=v_4_srv_-2D40_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9&svrid=-40&flavor=cors&vi=ALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0&modifiedSince=1647975459642&rf=http%3A%2F%2F20.225.72.108%2FRenner%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=501993964&en=ovxxhecl&end=1 HTTP/1.1
Host: bf73995led.bf.dynatrace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 527
Origin: http://20.225.72.108
Connection: keep-alive
Referer: http://20.225.72.108/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:26:49 GMT
content-type: text/plain;charset=utf-8
content-length: 760
set-cookie: dtCookie=v_4_srv_7_sn_024BB04BB0D84C7FF87D10202DB78182_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1; Path=/; Domain=.dynatrace.com
x-oneagent-js-injection: true
access-control-allow-origin: http://20.225.72.108
cache-control: no-cache
X-Firefox-Spdy: h2
bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_4_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1_rcs-3Acss_0&svrid=4&flavor=cors&vi=ALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0&modifiedSince=1664350154142&rf=http%3A%2F%2F20.225.72.108%2FRenner%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=3737011756&en=ovxxhecl&end=1
52.71.122.73200 OK 222 B URL HTTP/2 bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_4_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1_rcs-3Acss_0&svrid=4&flavor=cors&vi=ALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0&modifiedSince=1664350154142&rf=http%3A%2F%2F20.225.72.108%2FRenner%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=3737011756&en=ovxxhecl&end=1
IP 52.71.122.73:0
File type ASCII text, with no line terminators
Hash 88a312bde331307866996f1aa6e7ddb5
5343aa0e08b940bea41c32768251402099abfe00
0221266cf22808e862c20440f1a77dc35a8318ecc6b492f7b319775e1b517d11
POST /bf?type=js3&sn=v_4_srv_4_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1_rcs-3Acss_0&svrid=4&flavor=cors&vi=ALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0&modifiedSince=1664350154142&rf=http%3A%2F%2F20.225.72.108%2FRenner%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=3737011756&en=ovxxhecl&end=1 HTTP/1.1
Host: bf73995led.bf.dynatrace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1177
Origin: http://20.225.72.108
Connection: keep-alive
Referer: http://20.225.72.108/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:26:49 GMT
content-type: text/plain;charset=utf-8
content-length: 222
set-cookie: dtCookie=v_4_srv_11_sn_D09091DAE4BF3B88C75AD3A626F40C77_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1; Path=/; Domain=.dynatrace.com
x-oneagent-js-injection: true
access-control-allow-origin: http://20.225.72.108
cache-control: no-cache
X-Firefox-Spdy: h2
bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_4_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1_rcs-3Acss_0&svrid=4&flavor=cors&vi=ALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0&modifiedSince=1664350154142&rf=http%3A%2F%2F20.225.72.108%2FRenner%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=3424496968&en=ovxxhecl&end=1
52.71.122.73200 OK 222 B URL HTTP/2 bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_4_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1_rcs-3Acss_0&svrid=4&flavor=cors&vi=ALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0&modifiedSince=1664350154142&rf=http%3A%2F%2F20.225.72.108%2FRenner%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=3424496968&en=ovxxhecl&end=1
IP 52.71.122.73:0
File type ASCII text, with no line terminators
Hash 88a312bde331307866996f1aa6e7ddb5
5343aa0e08b940bea41c32768251402099abfe00
0221266cf22808e862c20440f1a77dc35a8318ecc6b492f7b319775e1b517d11
POST /bf?type=js3&sn=v_4_srv_4_sn_5Q4GST3IO4IUELUKR03RF1E9G983RHJ9_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1_rcs-3Acss_0&svrid=4&flavor=cors&vi=ALVMIMVHWTVUECGTCJKNEQPFKQPFROUN-0&modifiedSince=1664350154142&rf=http%3A%2F%2F20.225.72.108%2FRenner%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=3424496968&en=ovxxhecl&end=1 HTTP/1.1
Host: bf73995led.bf.dynatrace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 4940
Origin: http://20.225.72.108
Connection: keep-alive
Referer: http://20.225.72.108/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 28 Sep 2022 08:26:52 GMT
content-type: text/plain;charset=utf-8
content-length: 222
set-cookie: dtCookie=v_4_srv_9_sn_36156837A615019AEAB9303B7FA8F9C9_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1; Path=/; Domain=.dynatrace.com
x-oneagent-js-injection: true
access-control-allow-origin: http://20.225.72.108
cache-control: no-cache
X-Firefox-Spdy: h2
js-cdn.dynatrace.com/jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js
54.230.111.106200 OK 0 B URL HTTP/2 js-cdn.dynatrace.com/jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js
IP 54.230.111.106:0
GET /jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js HTTP/1.1
Host: js-cdn.dynatrace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://20.225.72.108
Connection: keep-alive
Referer: http://20.225.72.108/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
date: Wed, 28 Sep 2022 08:08:06 GMT
x-oneagent-js-injection: true
traffic-source: UNKNOWN
dynatrace-response-source: Cluster
dynatrace-response-id: OPV9EKE44SXJ
expires: Wed, 28 Sep 2022 09:08:06 GMT
cache-control: public, max-age=3600
access-control-allow-origin: *
timing-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FZlm2Y8LCbi-oYqiKXJqZWf5OpxZwD23EfyMjmHKUODy_ObyA-G-Rw==
age: 1120
X-Firefox-Spdy: h2