Report - 189.89.61.50:8181/

Report Overview

Visited public
2023-11-17 10:34:52
Tags
Submit Tags
URL
189.89.61.50:8181/
Finishing URL
189.89.61.50:8181/
IP / ASN
189.89.61.50
#262751 LINK POINT SERVICOS LTDA-ME
Title
PEC

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
firebase.googleapis.com	4897	2005-01-25	2018-10-19 11:09:59	2023-11-16 19:14:46	1.2 kB	1.2 kB	216.58.207.202
189.89.61.50:8181	unknown	unknown	No data	No data	6.8 kB	3.8 MB	189.89.61.50
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-16 18:44:05	877 B	132 kB	142.250.74.168
vlibras.gov.br	95656	2015-12-04	2016-05-02 18:09:57	2023-11-16 19:30:04	413 B	723 B	52.67.214.65

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed
2023-11-17	medium	189.89.61.50	Sinkholed

ThreatFox

No alerts detected

JavaScript (38)

	URL	From	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?l=dataLayer	ScriptElement	114 kB	2023-11-17	2023-11-17
Pretty URL www.googletagmanager.com/gtag/js?l=dataLayer IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-17 10:02 Last Seen2023-11-17 14:50 Times Seen5 Hash 17c2e11459f8c7eac25aa47e3013d6db 356340b87e54d11ebb5be25fc6eb7152b2a5573f 432acb849eebfcc9bacf78d2a11234a16fd27f755ac6887e46ed2613041907da Loading...

	unknown	Function	43 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen789 Hash e0fab2f0792cf093c0aa86124dda7ffb 9a81b56862887a07164980e330edb7beb9723b0a aa3ffd23360618a42649786c2018b7d7afcbe8a88531cb14ad85cbfe02bc6681 Loading...

	unknown	Function	74 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen785 Hash dddf3eeb6e1752dbd54f0b10026d4698 7228f311adf82645a2a2b7e7bf3b5ce62bb3ac6b 86bbb65a07fa13c502a72f81c8363751bb06c1482427ed2949e823c7fe6c3f9f Loading...

	unknown	Function	71 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen788 Hash b5b7de72ff9d8737ba6ebb6b54c2baf6 2d62d868c1a2aa5a793b7b1e0e91469a652b6646 8e3b3165d3f4ed8c2f10b50c64df8bd551096bde71f06515a199fac6188f4cfc Loading...

	189.89.61.50:8181/	ScriptElement	714 B	2023-07-19	2025-01-26
Pretty URL 189.89.61.50:8181/ IP 189.89.61.50 ASN #262751 LINK POINT SERVICOS LTDA-ME Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-19 16:09 Last Seen2025-01-26 18:19 Times Seen18 Hash b2a3cbffd5c8b7bf645666bc6512034f 5d955925cf74f8e46ed63692726e7d15a1d3596e 9899618b62dd40788627eedbbfce5d2f63174e6d99fe2daab15e2ff6c7c10063 Loading...

	unknown	Function	53 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen788 Hash 3ad856cc213a6ea119e29bb21ea7a6b0 a8a75ae003040660dad1b2822b1296c0e45bd95f dc50b611ad56f62c8f1fe852961d523cd62c666964026c0f560d9a61a867fb15 Loading...

	unknown	Function	56 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen788 Hash 8db0e193e6ed9578d6cece467b8d9578 8fcf3b9e42261575bf0f69fd7a70d44b12967f33 e0cad576cc3b58fb7496ebb6cf8d702cc51e4c9c4cfdc3eabe5c4c84e2ea071a Loading...

	unknown	Function	70 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen784 Hash 9f48241705f2d123d41d8d4359004763 fbb6d79cd1addbb74eb782e82341137ef3a95711 dc3f2ff24460d775713e25a79da05cf3d431d4841c1168e4a3cab7870bcafc7a Loading...

	unknown	Function	50 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen778 Hash b64fb2d73edc93b0aa5a9794c9e888c8 26521ca6123c9d84a63e40344bbe1885b0d9af82 fdc1939d1f2b3ca18dd56f461357b1f84bd9c5879df11209b94c4022bf637429 Loading...

	unknown	Function	68 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen781 Hash cc9a07b5ef0278170555b71e4c8698e6 4f16deddc2feda3dcc1efed4f5aa03e293b04cff 8d375702b9fff3e7667ea2ff1f0c029e0ac703c081bac797cf310e36751f28a8 Loading...

	189.89.61.50:8181/static/barra-governo.min.js	ScriptElement	27 kB	2023-07-19	2025-01-26
Pretty URL 189.89.61.50:8181/static/barra-governo.min.js IP 189.89.61.50 ASN #262751 LINK POINT SERVICOS LTDA-ME Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-19 16:09 Last Seen2025-01-26 18:19 Times Seen11 Hash 57b661da8d59b643287b4ec6b37e43a9 74637332afe5b136182c557e23ec56065bf61d84 499a3a027a23519f403113f1067d14b22fedcbe09d8c3e3bcc29999388a1a4d4 Loading...

	unknown	Function	49 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen780 Hash 589eddf00912accfbf2bcfe4850c1f63 9e140d3678b8fd8c84ae047e17579ddf3f473bd1 e65cef966634dfd5734d5db1b94e47e8b714f9fa66217eee8db689bdbb0f5be0 Loading...

	unknown	Function	52 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen783 Hash e9b56eac7e72b674146ebed1836f4658 53be87e65bd916846cd3804a67992ac16f6b8b33 7e8545649d2230097c835329cac33b239d624b0390d2017c7cc8e62dc9d3fa00 Loading...

	www.googletagmanager.com/gtag/js?id=G-RXTX8LJCDF&l=dataLayer&cx=c	ScriptElement	264 kB	2023-11-17	2023-11-17
Pretty URL www.googletagmanager.com/gtag/js?id=G-RXTX8LJCDF&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-17 11:35 Last Seen2023-11-17 11:35 Times Seen1 Hash 598cc31d64209f0c5a94db17a879f640 b90242d6a8939c2d0a6810c6accc9052560322d5 3585080070b0e419eba335f90e8caa4eca57fb2a0728664c7c12ac2874abb62f Loading...

	unknown	Function	85 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen789 Hash 06f956bda3fb53fbf9e3f1dc894c0d7c 4a4b37b902b6c183dd07258945508725958f784c 922ecf6347b1babf489cef46868b4704745da0b73bb4947f7ef8d8fe6dc98589 Loading...

	unknown	Function	56 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen780 Hash f91ad5b9c2f107f6559f593fa38f2517 e31b1d6478887f233563321a9f2af5be0142eabd af81e59765f8c735f1ed52049a5c0f3540aaadeb1dcea645da9d1f21cd06c60a Loading...

	unknown	Function	59 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen791 Hash 47cf8c59ff024ffbeb1d70238e12ff15 a0c23993cbe451ed0596158aae3ef0a13b1f7fb2 f80307b2793d080b017b7a9bb0ef67f3885fda79ae95eda2908638d88f3fdcb7 Loading...

	unknown	Function	67 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen789 Hash f5f02fe60d4f4ea79edc665630bffe7b 2fa94c78155ee69d7511ccc7d98270a6ff4e98a7 fb3fed6873a2ff3401f4193ae41e8d4544ddfe95087dd42b2072d7c4069bf839 Loading...

	unknown	Function	74 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen778 Hash 5df6d6ab8b7a3072b1899a18efd994b1 2af6cece64181fb636aba3b35b83c7df88456262 acddc1d0260d20fd7089f3245d00591c2815fdf72a2259d85794a267e3c3385b Loading...

	189.89.61.50:8181/static/js/2.1881f6c0.chunk.js	ScriptElement	6.5 MB	2023-11-17	2023-11-17
Pretty URL 189.89.61.50:8181/static/js/2.1881f6c0.chunk.js IP 189.89.61.50 ASN #262751 LINK POINT SERVICOS LTDA-ME Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-17 11:35 Last Seen2023-11-17 11:35 Times Seen1 Hash f53adcb46ee480c96ac7df24a9e2f3a1 934c339a165581b592a5dad3b9744000cedb6b8e 96d5ecd1244e5cc56a26d8c13551461f087c5399621190f6a9047834c8fbbbab Loading...

	189.89.61.50:8181/static/js/main.d2fe57ee.chunk.js	ScriptElement	4.5 MB	2023-11-17	2023-11-17
Pretty URL 189.89.61.50:8181/static/js/main.d2fe57ee.chunk.js IP 189.89.61.50 ASN #262751 LINK POINT SERVICOS LTDA-ME Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-17 11:35 Last Seen2023-11-17 11:35 Times Seen1 Hash 7d59847491fa400379d2a7ac1f73b894 c2dc239056b0002a2a47e196a6bc50a71d480c78 c7413773168f4e17468677acf3c4fd6c801703725404b41232230f31a78263d3 Loading...

	unknown	Function	52 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen783 Hash 97512d47e32abfba7672f08c01674013 96c3a2149681b0231c87d3a89f8609a2f9be252b 5d43973d1d3c1ac627f41a8352f37a3ad19ab0f56fb599cfd2530f6e2716e363 Loading...

	189.89.61.50:8181/	ScriptElement	1.5 kB	2023-05-13	2025-01-26
Pretty URL 189.89.61.50:8181/ IP 189.89.61.50 ASN #262751 LINK POINT SERVICOS LTDA-ME Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-13 01:28 Last Seen2025-01-26 18:19 Times Seen17 Hash 055286772bdec5283478ceb0ae3b0ad6 7d3a25c2a07614e2b46613a36a26e8998c087a1e c11871835230e5dafc5643503a5b523bb69daa1fc868fff669ef489723cec2f4 Loading...

	unknown	Function	52 B	2023-04-12	2025-07-15
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 05:39 Last Seen2025-07-15 06:25 Times Seen789 Hash 41112d36429ebfb5a090e2896be77560 94ac6c19962df710477455f9e634ed6d430bd689 4a889513c80d97ca1ca2c81b678224da7bed2da71d7a1f490df57a7e7b8c7f09 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 91e368393951f9175362b3829cf4e7b8	130 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen175 Hash 91e368393951f9175362b3829cf4e7b8 0c98a7dd95f1688c31cd82520e81a17de2921301 60bb1d5eef678820c6bf92239516216af21268fac1c8b1e74ec1d9b94f428f1f Loading...

	#2 Eval - d20bc6266f3bd00e3e706e1ac7c30eeb	81 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen175 Hash d20bc6266f3bd00e3e706e1ac7c30eeb 28606f75a453e9ead9264fc923c5bbd6bff5a312 c750f99a5422c3dc1248d9fbdc03e75ea7b2fee462630b1239ffb1dec7e44fb2 Loading...

	#3 Eval - fe44c934b43b6e7137dba777acfe9449	97 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen177 Hash fe44c934b43b6e7137dba777acfe9449 5af967c1ee553e6ba36f6b087daebaf33b99b635 bcb3b4e0624fbde04fbdd6bbc03232893a885360fb5d3c5d1700ff8d54063f5e Loading...

	#4 Eval - 800dbec788a9ec22bf54c350e340c61c	130 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen177 Hash 800dbec788a9ec22bf54c350e340c61c ba001db9de649bbcea0f463f4b9209e5327e821c 467b672e66454c23e5a6cc5663d6d37ad947d85a347b036220e08da888b58d0c Loading...

	#5 Eval - 9eed7053d9235919d1c0fe7184969523	100 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen177 Hash 9eed7053d9235919d1c0fe7184969523 73546d49161257e0d9729b16b5c0bfed35a8357e ff0c130d363d331d18f684c5596b2c2241077fab8deb41a429e00188d75f94be Loading...

	#6 Eval - 89fdf3447e5979f576d178d3be6fb7bb	205 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen175 Hash 89fdf3447e5979f576d178d3be6fb7bb 1ab7cd4f5d5a78037f0b14d4df42f505b5cc1665 b90fe63ce7febac63a2908b21690b48a9ab917dc7bc7954fa48ac33b2a4c8785 Loading...

	#7 Eval - 5c899d49b7397e0786d5b35c9981ea38	74 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen177 Hash 5c899d49b7397e0786d5b35c9981ea38 42f1ee352e265690fd135c6727156a3a840cdf2f 64253f5322fc67e7b9cfa3ba776c65d1584262f1e7d3e3d8f23d0cd038446535 Loading...

	#8 Eval - d62e3b81a5a50fb5ec9e37fd29959ac9	69 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen178 Hash d62e3b81a5a50fb5ec9e37fd29959ac9 1fcabf1f2a010016b7328e0ebde14988ebf15a34 dc580038a80a4f22aef3a0c173fed02a81d0b41ed7b3452fd0207a6f9b3f408d Loading...

	#9 Eval - cfc16650b2e111a8d5a782d49227a133	95 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen177 Hash cfc16650b2e111a8d5a782d49227a133 b927047b2ef23aaff3244e41612003a89820a728 27764634ee8ffcf2a0494364f6b5e9f5b2db1e4d887f25cfca168618456ecf65 Loading...

	#10 Eval - 572d461684f57bfc60d4908a6bb9749f	136 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen175 Hash 572d461684f57bfc60d4908a6bb9749f 5353084d7282169cc7e59084f9bdabaf5d7bbd05 5fde45a9b9ebc1e0564fca15a7af3d8792ec009e4f7402446230456553e58afe Loading...

	#11 Eval - 9ea397de3f9d4fab60760dbb75fbea58	125 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen175 Hash 9ea397de3f9d4fab60760dbb75fbea58 c5cc09afd41feaa853b34108e6db59feecf4e6a1 9fc1fb31ab819abfb98e7f78917fb871fc35af2a37a4331394def172a6bfad37 Loading...

	#12 Eval - 35b97a8b604597d3477824bb9152ee1d	76 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen175 Hash 35b97a8b604597d3477824bb9152ee1d b541e417068f5c3e3ff724497b5aba4b5c380015 80ba1fe0899b97e3685e8506435b653b425b6a66302057f579ea84f4ebc185bc Loading...

	#13 Eval - ddaff3773b8bb0f79bbc1aae92e036dc	190 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen176 Hash ddaff3773b8bb0f79bbc1aae92e036dc c4cd5fbacfa3f47c5e6461f1a80b951ee789b90b b23253118262433585b5d230c9ff805c256ed8b09b10690034acee405464e539 Loading...

	#14 Eval - 58fe7cbe23fcb757bee684fd64bad13f	126 B	2023-03-07 12:07	2025-07-11 19:52
Pretty Observations First Seen2023-03-07 12:07 Last Seen2025-07-11 19:52 Times Seen176 Hash 58fe7cbe23fcb757bee684fd64bad13f d688086300cb29d4d179ae2fa8dd39bd0df1b006 c6581e7ea2b6e64cc801d4858be620eb9da4b8161405b886f89c38e3ddd6b7ad Loading...

HTTP Transactions (20)

URL IP Response Size

GET 189.89.61.50:8181/

189.89.61.50

200 OK

1.4 kB

URL User Request GET HTTP/1.1
189.89.61.50:8181/
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2903), with no line terminators
Size
1.4 kB (1405 bytes)
Hash
19158f04585c8201f449a954cb9fa262
e157277fae385685580b5a9f2655e5e871ae7d1c
cef5f0ea628fd526928f7af0df4e5847ac0251d47bc3a588b7dec89badf641ff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Set-Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f; path=/
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:29 GMT
Connection: keep-alive
Content-Language: en-US
X-Frame-Options: DENY
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Content-Length: 1405
Content-Type: text/html

GET 189.89.61.50:8181/static/fonts/ibm-plex-sans.css

189.89.61.50

200 OK

1.6 kB

URL GET HTTP/1.1
189.89.61.50:8181/static/fonts/ibm-plex-sans.css
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
ASCII text
Size
1.6 kB (1562 bytes)
Hash
70c59104687298a4fc2ddf8ceed37db6
db48fd0345055ba4fe70c16329cf265a2bebb44d
7ab698e4f535e9e03b3d9d8511b3ece194ea2e6c0356f8adcccf3d4eeef6d4ee

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/fonts/ibm-plex-sans.css HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=3600
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:29 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Content-Length: 1562
Content-Type: text/css

GET 189.89.61.50:8181/static/css/2.f58ce9aa.chunk.css

189.89.61.50

200 OK

2.5 kB

URL GET HTTP/1.1
189.89.61.50:8181/static/css/2.f58ce9aa.chunk.css
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
Unicode text, UTF-8 text, with very long lines (11675)
Size
2.5 kB (2500 bytes)
Hash
56349e64ed95cbd9a161f9f0fde07106
91aae0b10f84e6648e7abd5aaab8af58cb779966
c47f76c0271e2a2832cdba849589cd3ca4d35398aa5992e08e8ef15598c71f84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/css/2.f58ce9aa.chunk.css HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: max-age=3600
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:30 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Content-Length: 2500
Content-Type: text/css

GET 189.89.61.50:8181/static/favicon.png

189.89.61.50

200 OK

3.0 kB

URL GET HTTP/1.1
189.89.61.50:8181/static/favicon.png
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
3.0 kB (2974 bytes)
Hash
5a5a6081accd0cfe86619a69f47c4025
6f9787cd9ed0abf18038c98cc5ef5fa919856c50
6f1fe70562aaca5273d7395c9dc44fee51f5836ec4f2ea23b6df661b2297875f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/favicon.png HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=3600
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:32 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Content-Length: 2974
Content-Type: image/png

GET 189.89.61.50:8181/static/js/2.1881f6c0.chunk.js

189.89.61.50

200 OK

1.8 MB

URL GET HTTP/1.1
189.89.61.50:8181/static/js/2.1881f6c0.chunk.js
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
ASCII text, with very long lines (65462)
Size
1.8 MB (1778734 bytes)
Hash
f53adcb46ee480c96ac7df24a9e2f3a1
934c339a165581b592a5dad3b9744000cedb6b8e
96d5ecd1244e5cc56a26d8c13551461f087c5399621190f6a9047834c8fbbbab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/2.1881f6c0.chunk.js HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: max-age=3600
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:30 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Content-Type: application/javascript

GET 189.89.61.50:8181/static/js/main.d2fe57ee.chunk.js

189.89.61.50

200 OK

1.0 MB

URL GET HTTP/1.1
189.89.61.50:8181/static/js/main.d2fe57ee.chunk.js
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
1.0 MB (1041580 bytes)
Hash
7d59847491fa400379d2a7ac1f73b894
c2dc239056b0002a2a47e196a6bc50a71d480c78
c7413773168f4e17468677acf3c4fd6c801703725404b41232230f31a78263d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/js/main.d2fe57ee.chunk.js HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: max-age=3600
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:30 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Content-Type: application/javascript

GET www.googletagmanager.com/gtag/js?l=dataLayer

142.250.74.168

200 OK

44 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?l=dataLayer
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://189.89.61.50:8181/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (2213)
Size
44 kB (44020 bytes)
Hash
17c2e11459f8c7eac25aa47e3013d6db
356340b87e54d11ebb5be25fc6eb7152b2a5573f
432acb849eebfcc9bacf78d2a11234a16fd27f755ac6887e46ed2613041907da

HTTP Headers

GET /gtag/js?l=dataLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 17 Nov 2023 10:34:42 GMT
expires: Fri, 17 Nov 2023 10:34:42 GMT
cache-control: private, max-age=900
last-modified: Fri, 17 Nov 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44020
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 189.89.61.50:8181/static/barra-governo.min.js

189.89.61.50

200 OK

7.9 kB

URL GET HTTP/1.1
189.89.61.50:8181/static/barra-governo.min.js
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
HTML document, Unicode text, UTF-8 text, with very long lines (26656)
Size
7.9 kB (7921 bytes)
Hash
4de2b08c6d82b5b2dba6419a3ff46027
181b5e1339c044a5aa50c328c94240f76896c75d
e99828e62a1b66069c58db4e159aba198e8438fda764f73117420db729d5528f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/barra-governo.min.js HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Cache-Control: max-age=3600
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:42 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Content-Length: 7921
Content-Type: application/javascript

POST 189.89.61.50:8181/api/graphql

189.89.61.50

200 OK

726 B

URL POST HTTP/1.1
189.89.61.50:8181/api/graphql
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
JSON data\012- , ASCII text, with very long lines (726), with no line terminators
Size
726 B (726 bytes)
Hash
40866bd425f7f47752081e82955b71da
73c587fb63501d0731697d28ad001276235275dd
1ccf04320388f26448bcaa75cd03d786f4e925bf8f1f0171e63e04e8b7f49b19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/graphql HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://189.89.61.50:8181/
content-type: application/json
apollographql-client-name: PEC Web
apollographql-client-version: 5.1.24
Content-Length: 5507
Origin: http://189.89.61.50:8181
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:42 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
Content-Type: application/json;charset=UTF-8
Content-Length: 726

GET 189.89.61.50:8181/static/fonts/Raleway/Raleway-Bold.woff

189.89.61.50

200 OK

25 kB

URL GET HTTP/1.1
189.89.61.50:8181/static/fonts/Raleway/Raleway-Bold.woff
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
Web Open Font Format, TrueType, length 25176, version 1.1\012- data
Size
25 kB (25176 bytes)
Hash
5098f8c8aa542824cd5410ef903e48e0
61058474c6733e376b5a21da48bde8174d54802b
c2ae14806b2f76348726d4ac78d8351afc3aa84d337d91df27bfa6aa4f25d654

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/fonts/Raleway/Raleway-Bold.woff HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: identity
Cache-Control: max-age=3600
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:42 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Content-Length: 25176
Content-Type: application/font-woff

GET 189.89.61.50:8181/static/fonts/IBM_Plex_Sans/IBMPlexSans-Regular.ttf

189.89.61.50

200 OK

143 kB

URL GET HTTP/1.1
189.89.61.50:8181/static/fonts/IBM_Plex_Sans/IBMPlexSans-Regular.ttf
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
TrueType Font data, 17 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2018 IBM Corp. All rights reserved.IBM Plex SansRegular2.1;IBM ;IBMPlexSansVersion 2.1\012- data
Size
143 kB (142836 bytes)
Hash
05ca9c06114e79436ea9b5c8d4a7869c
b11a85e252bb94fa2a5935b31d165c9be775bc2a
00c1b0f67602a2c56588d8bb2ce102661f79e16affe13ab6ca183f523088d482

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/fonts/IBM_Plex_Sans/IBMPlexSans-Regular.ttf HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/static/fonts/ibm-plex-sans.css
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: identity
Cache-Control: max-age=3600
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:42 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Content-Length: 142836
Content-Type: application/x-font-ttf

POST 189.89.61.50:8181/api/graphql

189.89.61.50

200 OK

344 B

URL POST HTTP/1.1
189.89.61.50:8181/api/graphql
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (343), with no line terminators
Size
344 B (344 bytes)
Hash
9a2ee164181bedbd964e96197b86f1b2
558abc569d52a69073bb6b3b0314fd2a552c37d8
d8275ec688f548051b9014872342c94c8a90b58b0c9bc99d6f91640399a8a9ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/graphql HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://189.89.61.50:8181/
content-type: application/json
apollographql-client-name: PEC Web
apollographql-client-version: 5.1.24
Content-Length: 315
Origin: http://189.89.61.50:8181
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Expires: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:43 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
Content-Type: application/json;charset=UTF-8
Content-Length: 344

GET 189.89.61.50:8181/static/fonts/IBM_Plex_Sans/IBMPlexSans-Bold.ttf

189.89.61.50

200 OK

143 kB

URL GET HTTP/1.1
189.89.61.50:8181/static/fonts/IBM_Plex_Sans/IBMPlexSans-Bold.ttf
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
TrueType Font data, 17 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2018 IBM Corp. All rights reserved.IBM Plex SansBold2.1;IBM ;IBMPlexSans-BoldIBM Plex \012- data
Size
143 kB (142768 bytes)
Hash
4171e41154ba857f85c536f167d581ba
9729e5b40ab2475ec39b7dfc892cb3f87e14c0dc
d7ac7fc09c1d3ac11df0f01b199003ff5ac7778a3a31fdc05527bcee8e114ac0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/fonts/IBM_Plex_Sans/IBMPlexSans-Bold.ttf HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/static/fonts/ibm-plex-sans.css
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: identity
Cache-Control: max-age=3600
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:42 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Content-Length: 142768
Content-Type: application/x-font-ttf

GET 189.89.61.50:8181/static/media/esus.c7bb5fe4.svg

189.89.61.50

200 OK

91 kB

URL GET HTTP/1.1
189.89.61.50:8181/static/media/esus.c7bb5fe4.svg
IP
189.89.61.50:8181
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65134)
Size
91 kB (90843 bytes)
Hash
c7bb5fe42262a76367d94fdbc96f3705
61c384ef67df6225a5d494fd4f896603cb9063bc
5a44660d85270f3693c796d0729e2fd983f2ceea4ad4f6105975f5575fb5ba1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/media/esus.c7bb5fe4.svg HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=3600
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:43 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Content-Length: 90843
Content-Type: image/svg+xml

GET vlibras.gov.br/app/vlibras-plugin.js

52.67.214.65

302 Found

138 B

URL GET HTTP/2
vlibras.gov.br/app/vlibras-plugin.js
IP
52.67.214.65:443
ASN
#16509 AMAZON-02

Requested by
http://189.89.61.50:8181/
Certificate
IssuerAmazon
Subjectvlibras.gov.br
FingerprintFB:81:DB:95:C0:5B:04:03:4C:BC:47:86:57:FB:3B:5A:00:E7:17:37
ValidityTue, 24 Oct 2023 00:00:00 GMT - Fri, 22 Nov 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /app/vlibras-plugin.js HTTP/1.1
Host: vlibras.gov.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: awselb/2.0
date: Fri, 17 Nov 2023 10:34:43 GMT
content-type: text/html
content-length: 138
location: https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/vlibras-plugin-new.js
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-max-age: 1728000
X-Firefox-Spdy: h2

GET 189.89.61.50:8181/static/fonts/IBM_Plex_Sans/IBMPlexSans-Italic.ttf

189.89.61.50

151 kB

URL GET
189.89.61.50:8181/static/fonts/IBM_Plex_Sans/IBMPlexSans-Italic.ttf
IP
189.89.61.50:0
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
TrueType Font data, 17 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2018 IBM Corp. All rights reserved.IBM Plex SansItalic2.1;IBM ;IBMPlexSans-ItalicIBM P\012- data
Size
151 kB (151104 bytes)
Hash
893b6b36d44c1c76042d637536a659b8
442fda4db026a2018cd6991b05bf14c251dea249
b3de83f7ddfb1d698e78679d98bdebb3798c9d13c40c7e3649131736233ac4fd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/fonts/IBM_Plex_Sans/IBMPlexSans-Italic.ttf HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/static/fonts/ibm-plex-sans.css
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: identity
Cache-Control: max-age=3600
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:43 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Content-Length: 151104
Content-Type: application/x-font-ttf

GET 189.89.61.50:8181/static/media/img9.2090fedf.jpg

189.89.61.50

352 kB

URL GET
189.89.61.50:8181/static/media/img9.2090fedf.jpg
IP
189.89.61.50:0
ASN
#262751 LINK POINT SERVICOS LTDA-ME

Requested by
http://189.89.61.50:8181/

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=17, height=1944, bps=0, PhotometricIntepretation=RGB, manufacturer=NIKON CORPORATION, model=NIKON D200, orientation=upper-left, width=2896], baseline, precision 8, 2896x1944, components 3\012- data
Size
352 kB (352165 bytes)
Hash
2090fedf579441b9f6b8c7573d7d76be
1b6f9bf0924527d011e75cc7a3ebe7cc84eea7c1
df7cbba2d4483f516baf8bff58ae54559cd851554481641d6b3698c693f8cb82

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/media/img9.2090fedf.jpg HTTP/1.1
Host: 189.89.61.50:8181
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/
Cookie: XSRF-TOKEN=6359a411-994b-4f28-8afd-8f7cdad71b1f
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=3600
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Accept-Ranges: bytes
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com https://vlibras.gov.br; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' www.googletagmanager.com https://vlibras.gov.br data: ; connect-src 'self' ws: wss: *.googleapis.com *.google-analytics.com https://sso.staging.acesso.gov.br https://sso.acesso.gov.br; frame-src 'self' blob:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self'
Date: Fri, 17 Nov 2023 10:34:43 GMT
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Last-Modified: Wed, 23 Aug 2023 02:29:20 GMT
X-Content-Type-Options: nosniff
Content-Length: 352165
Content-Type: image/jpeg

firebase.googleapis.com/v1alpha/projects/-/apps/1:1034535321855:web:ba511378ae275dbca88cca/webConfig

216.58.207.202

0 B

URL
firebase.googleapis.com/v1alpha/projects/-/apps/1:1034535321855:web:ba511378ae275dbca88cca/webConfig
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /v1alpha/projects/-/apps/1:1034535321855:web:ba511378ae275dbca88cca/webConfig HTTP/1.1
Host: firebase.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-goog-api-key
Referer: http://189.89.61.50:8181/
Origin: http://189.89.61.50:8181
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: http://189.89.61.50:8181
vary: origin, referer, x-origin
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: x-goog-api-key
access-control-max-age: 3600
date: Fri, 17 Nov 2023 10:34:44 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

firebase.googleapis.com/v1alpha/projects/-/apps/1:1034535321855:web:ba511378ae275dbca88cca/webConfig

216.58.207.202

221 B

URL
firebase.googleapis.com/v1alpha/projects/-/apps/1:1034535321855:web:ba511378ae275dbca88cca/webConfig
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text
Size
221 B (221 bytes)
Hash
eb4288603920f4fd2d7712af17939fa3
e098f0ae3ee267711da91412fed7021d7159d6d3
9fee38b93ae859ee64714efa3cee4e482247c96ea8232a229b9183d2f5a7df0f

HTTP Headers

GET /v1alpha/projects/-/apps/1:1034535321855:web:ba511378ae275dbca88cca/webConfig HTTP/1.1
Host: firebase.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://189.89.61.50:8181/
x-goog-api-key: AIzaSyCNyZ7P83KYCJ-6HiPK2oV_2v-qbSS_dPs
Origin: http://189.89.61.50:8181
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 17 Nov 2023 10:34:44 GMT
server: ESF
cache-control: private
content-length: 221
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: http://189.89.61.50:8181
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-RXTX8LJCDF&l=dataLayer&cx=c

142.250.74.168

87 kB

URL
www.googletagmanager.com/gtag/js?id=G-RXTX8LJCDF&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (17962)
Size
87 kB (86555 bytes)
Hash
598cc31d64209f0c5a94db17a879f640
b90242d6a8939c2d0a6810c6accc9052560322d5
3585080070b0e419eba335f90e8caa4eca57fb2a0728664c7c12ac2874abb62f

HTTP Headers

GET /gtag/js?id=G-RXTX8LJCDF&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://189.89.61.50:8181/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 17 Nov 2023 10:34:44 GMT
expires: Fri, 17 Nov 2023 10:34:44 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86555
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (38)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations