Report - 20.168.24.98/login/index.php

Report Overview

Submitted URL
20.168.24.98/login/index.php
IP
20.168.24.98
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2023-01-20 15:34:56
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
92

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	376 B	51 kB	142.250.74.168
js-cdn.dynatrace.com	8478	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435 B	99 kB	54.230.111.96
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	387 B	32 kB	172.217.21.170
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	48 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	6.3 kB	216.58.211.3
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.89.20.60
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	771 B	66 kB	142.250.74.46
df.pmweb.com.br	85780	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	720 B	501 B	177.71.205.96
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	797 B	93.184.220.29
cdn.pmweb.com.br	88781	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	370 B	9.6 kB	54.207.21.48
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	6.2 kB	216.58.211.3
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
20.168.24.98	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	13 kB	1.7 MB	20.168.24.98
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	2.9 kB	143.204.42.158
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	25 kB	216.58.207.228
s3-sa-east-1.amazonaws.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	415 B	514 B	52.95.165.2
bf73995led.bf.dynatrace.com	150040	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	1.7 kB	3.228.88.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/login/index.php	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner
2023-01-20	medium	20.168.24.98/	Lojas Renner

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed
2023-01-20	medium	20.168.24.98	Sinkholed

ThreatFox

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	js-cdn.dynatrace.com/jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js	260 kB	2023-03-09	2023-03-13
Pretty URL js-cdn.dynatrace.com/jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js IP 54.230.111.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 09:05:07 Last Seen2023-03-13 04:14:00 Times Seen1 Hash 669b5c8c7dc4032311f38596e2650603 d15d816c26feb37f309f76bc546e225b69594db9 a5bcaa751a47d4fc2ab2ff29e6e14c465753629b671bc013869ca8110fc90e7b Loading...

	20.168.24.98/login/index.php	574 B	2023-03-07	2024-04-25
Pretty URL 20.168.24.98/login/index.php IP 20.168.24.98 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-25 06:08:34 Times Seen110 Hash 524d64f346b06673dbb81f0ea290d9e6 7dae2f1aefcaef61af843741a3542d54db690d68 8b4f39d36433cc4a1f91cc3e0448fddbfb4e98c84534dae3786e144421086dde Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	87 kB	2023-03-07	2024-04-26
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 172.217.21.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-26 17:09:38 Times Seen106356 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	www.google.com/recaptcha/api2/bframe?hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV	178 B	2023-03-07	2023-03-26
Pretty URL www.google.com/recaptcha/api2/bframe?hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:01:37 Last Seen2023-03-26 13:50:02 Times Seen10 Hash f6f9ab35c21b9f900ea2e702554cf8d8 5ef852b128b888fed590cd17eba7a6672b3568a0 0ae51b76c5d42672bd49f4527bbe460b1113fca271d0ef64b2b496b601958a8e Loading...

	www.googletagmanager.com/gtm.js?id=GTM-N2FTFQ	133 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-N2FTFQ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:02:52 Last Seen2023-03-13 04:02:52 Times Seen1 Hash 66947d52e118987e679d43a2f584d8fc a578ec9047201866d4427ae2a71378890fb92b97 7258acaa5bc97dc68dbd669784647d964007e891a66dfeacb9e5854eed43ece0 Loading...

	20.168.24.98/login/index.php	167 B	2023-03-07	2024-04-25
Pretty URL 20.168.24.98/login/index.php IP 20.168.24.98 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-25 06:08:34 Times Seen118 Hash 6cd972d3942bfab3e7b0db2d0a20b59d 3d31783bd0ffb1597828a00f9aa0d32430696557 e37629f4c44ae8a1b49d3fa597383eadb6571f0c6369716c93505fba00a792d6 Loading...

	www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/recaptcha__pt_br.js	413 kB	2023-03-13	2023-03-13
Pretty URL www.gstatic.com/recaptcha/releases/Gg72x2_SHmxi8X0BLo33HMpr/recaptcha__pt_br.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:02:52 Last Seen2023-03-13 07:40:53 Times Seen1 Hash 81ed30e649ce58a847d14b93e0578469 b148f600475aef8b55880007f564910276e37fef 066ff96920877c49f2a1ca3284bd1c0c94490ab1244ad2102ec6ac67b2cd3fb4 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz	36 kB	2023-03-13	2023-03-13
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz IP 216.58.207.228 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:02:52 Last Seen2023-03-13 04:02:52 Times Seen1 Hash e507bd32c24fdcd54909465ca649331d 1eab6338659f134403c15884c2c600c9d7ce554b fc464f9923045f447ada7d25d44cfc6ddf65fb6bfaa0cef7f9ec2794f913fbe7 Loading...

	20.168.24.98/js/vendors.bundle-859d26788acf215a201a.js	686 kB	2023-03-07	2024-04-25
Pretty URL 20.168.24.98/js/vendors.bundle-859d26788acf215a201a.js IP 20.168.24.98 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-25 06:08:35 Times Seen76 Hash ba8db3e4745ef4402e6c1011c9227191 e155466c79dd3823ff0ce99802093d80e40ebd1f 40d596025119e99448ba247d9ad58248525a484a971dabdd366e0724453e3e36 Loading...

	www.google.com/recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR	913 B	2023-03-13	2023-03-13
Pretty URL www.google.com/recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR IP 216.58.207.228 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:58:23 Last Seen2023-03-13 07:40:54 Times Seen1 Hash 99d2ac00ab387f75e3735a2101d3941b b4b09687378a601c8b265d27116b98f768605483 42f47ed174b70a7c32e8cd736912a39d80fc8c6f5b62de8fd5a263f86895e5cd Loading...

	www.google-analytics.com/gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470	113 kB	2023-03-13	2023-03-13
Pretty URL www.google-analytics.com/gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470 IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:02:52 Last Seen2023-03-13 04:02:52 Times Seen1 Hash 4cc01c1e40dbc0f7501237bf1b7f0273 9677c4b84f28b79c87ac678bafb35b47889aa88f 0bb7c50766071b802b204a51db6371a16a81c3acc230d2fa81b56335944a232d Loading...

	20.168.24.98/login/index.php	583 B	2023-03-07	2024-04-25
Pretty URL 20.168.24.98/login/index.php IP 20.168.24.98 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:18 Last Seen2024-04-25 06:08:34 Times Seen110 Hash 675abb8653b06774c54beb0100c5e1e4 3b979ddc7b68f0bab049b25c7a2ed629b5b252ab 8c162776dfb40f2aacc8cf83431318c371abc51b0b9a9b785a367d1e297b07d3 Loading...

	20.168.24.98/login/index.php	340 B	2023-03-07	2024-04-25
Pretty URL 20.168.24.98/login/index.php IP 20.168.24.98 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-25 06:08:34 Times Seen233 Hash 7d22fa43ea844257d3c27156de231f41 c5cb8fc0f38e55ac197038c1618ee6d5d52e1a95 ab835297b781118c1df72f5acd63e186befc6085b50724f60ff2b92d21ccd3da Loading...

	20.168.24.98/login/index.php	190 B	2023-03-07	2024-04-25
Pretty URL 20.168.24.98/login/index.php IP 20.168.24.98 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-25 06:08:34 Times Seen118 Hash 5277d75a77568c9218e68bfd098c497f b4da266046746a411096571dd28c7de8eb328ac5 010e99ac10b3b4302b818de0762b36ca9abc2188067ab1b7d30c8b16fb03a6fb Loading...

	cdn.pmweb.com.br/df/tag.js?id=PM-N2FTFQ	23 kB	2023-03-07	2024-04-25
Pretty URL cdn.pmweb.com.br/df/tag.js?id=PM-N2FTFQ IP 54.207.21.48 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-25 06:08:35 Times Seen483 Hash 901b9ac2e48f558fcbb4df2bd0216e70 8af18bbefb6da1cc3cad31d2a598c09bab0d78a2 94c081e2ae2f0618d1661bb9267a2ae65addb921bef6464fb1dd7169bd5f55c6 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz	69 B	2023-03-07	2024-04-26
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz IP 216.58.207.228 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-04-26 17:29:46 Times Seen99603 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

	20.168.24.98/login/index.php	298 B	2023-03-07	2023-03-26
Pretty URL 20.168.24.98/login/index.php IP 20.168.24.98 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2023-03-26 11:05:58 Times Seen2 Hash ba4924f84b8e51dead9e709076b66bd0 13d857e88b180c749a90d8fb2d9e1e1d4b9f0fae cb7cc915ab91df696c6c3c4b8f7706047e5606d4ee11a96ec022199c34e9059d Loading...

	www.google-analytics.com/gtm/js?id=GTM-W9SBWRL&cid=767464116.1674228887	113 kB	2023-03-13	2023-03-13
Pretty URL www.google-analytics.com/gtm/js?id=GTM-W9SBWRL&cid=767464116.1674228887 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:02:52 Last Seen2023-03-13 04:02:52 Times Seen1 Hash 58eddc2c650575b582c016906fe4a7c7 b185ac8a15695a71701bdaf15e7ef5deeea32e52 1af3d7d9aecdf1e6cf2b5241cc46df9780c27f729a810c69562ce50dafcd2b64 Loading...

	20.168.24.98/login/index.php	319 B	2023-03-07	2024-04-25
Pretty URL 20.168.24.98/login/index.php IP 20.168.24.98 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-25 06:08:34 Times Seen110 Hash 0aa85448af49ac037f596b65e02055bb 3ba4e00c488e589ca7105ba1e6b636c26d5dbb46 d86afbc7c14fe6998bfa2278a6135c5aaea3ee08cdced45008c973203af98954 Loading...

	20.168.24.98/js/3.bundle-d6a6baaa0dc3faae26db.js	38 kB	2023-03-07	2024-04-25
Pretty URL 20.168.24.98/js/3.bundle-d6a6baaa0dc3faae26db.js IP 20.168.24.98 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-25 06:08:35 Times Seen85 Hash 39e850b2f21e44f7c83c5bfbf71a1a23 3610d538fb093eec2940764418eff51e72fe8f8f 4ab4958c63bd706e031161717896c8fbe22f133a4c9ff285cc053e75ceb13d06 Loading...

	20.168.24.98/login/index.php	275 B	2023-03-07	2024-04-25
Pretty URL 20.168.24.98/login/index.php IP 20.168.24.98 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03:19 Last Seen2024-04-25 06:08:34 Times Seen117 Hash e1207fc0753299049746ae4a23f9f169 efaf1b7d2f99fbdd6c2e986472a363074cb4e5d5 e6c9ec6fca91480d0e02578470bf59e13986b3ec39700dc32c580a14e79f91e9 Loading...

HTTP Transactions (69)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
37284a837312d6586460a3b86bbe7bd0
6ac0847abd48eb8607597218aaa2cb2d434c012b
6a0e11bb042555d72b397ae0cc3d5e242d3a3fe04418e28ffd222decca7d16ca

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A0E11BB042555D72B397AE0CC3D5E242D3A3FE04418E28FFD222DECCA7D16CA"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11608
Expires: Fri, 20 Jan 2023 18:48:13 GMT
Date: Fri, 20 Jan 2023 15:34:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2466
Expires: Fri, 20 Jan 2023 16:15:51 GMT
Date: Fri, 20 Jan 2023 15:34:45 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 20 Jan 2023 14:49:34 GMT
content-type: application/json
age: 2711
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7afaa97fbfa9baa1485c892eac8e114d
8c17c707c218e28ac14197ce8e5eef873207a732
59db16baacb452453dbf44fc2a24f25ab09c4dbaec3a9271fda84230d8f11925

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59DB16BAACB452453DBF44FC2A24F25AB09C4DBAEC3A9271FDA84230D8F11925"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8512
Expires: Fri, 20 Jan 2023 17:56:37 GMT
Date: Fri, 20 Jan 2023 15:34:45 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: mVbpaR4Dr9x/4cbtSQ/HEpgGBuTBOMGm9twwiXDTQyrLaVjIdj1JItWvKrosQswWQkRjFk09aH4=
x-amz-request-id: YHYWBAFEB05CA5JZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 20 Jan 2023 15:17:39 GMT
age: 1026
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 20 Jan 2023 15:34:45 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

20.168.24.98/ruxitagentjs_ICA2Vfghjqru_10235220309135426.js

20.168.24.98

404 Not Found

299 B

URL HTTP/1.1
20.168.24.98/ruxitagentjs_ICA2Vfghjqru_10235220309135426.js
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
299 B (299 bytes)
Hash
cda6e842d95ff384d49bab83c493c501
59f56b1d888abd962f067da718f568db0322ba10
408d5388aee4748b572fee175f564c96faa6fed1c7e5b6d1902355236ff3dcbb

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /ruxitagentjs_ICA2Vfghjqru_10235220309135426.js HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php

HTTP/1.1 404 Not Found
Date: Fri, 20 Jan 2023 15:34:45 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 299
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

20.168.24.98/cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js

20.168.24.98

404 Not Found

299 B

URL HTTP/1.1
20.168.24.98/cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
299 B (299 bytes)
Hash
cda6e842d95ff384d49bab83c493c501
59f56b1d888abd962f067da718f568db0322ba10
408d5388aee4748b572fee175f564c96faa6fed1c7e5b6d1902355236ff3dcbb

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php

HTTP/1.1 404 Not Found
Date: Fri, 20 Jan 2023 15:34:45 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 299
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0d8d55791acc6bce29e4599c25afe522
596f02869a51de3f6d522585be0b1b841f880fbe
64c7b6f660a100f085af77eff4848a75239200c8af93382650c3defa1bfd2829

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 15:34:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0d8d55791acc6bce29e4599c25afe522
596f02869a51de3f6d522585be0b1b841f880fbe
64c7b6f660a100f085af77eff4848a75239200c8af93382650c3defa1bfd2829

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 15:34:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-N2FTFQ

142.250.74.168

200 OK

50 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-N2FTFQ
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (3707)
Size
50 kB (50444 bytes)
Hash
85d9fbe453be4ebca715f457fef0733a
19b014df0f0e433ecb0349aa18e177a5af12560f
60eee24c3bdbbb06d7a726f265ab267e0b13721d36e87d4eba64b7cc56411791

HTTP Headers

GET /gtm.js?id=GTM-N2FTFQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.168.24.98/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 20 Jan 2023 15:34:45 GMT
expires: Fri, 20 Jan 2023 15:34:45 GMT
cache-control: private, max-age=900
last-modified: Fri, 20 Jan 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50444
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bccd1fe14275d3bb56418297e502cd10
cdf19d2a4099ada369589fc7aa7021f9b30302aa
801e8b57b77806d98fe23b8421a8fdba9f1138827cc320cb5dcc986161aa7ca4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 15:34:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 20 Jan 2023 15:17:28 GMT
age: 1037
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

20.168.24.98/js/3.bundle-d6a6baaa0dc3faae26db.js

20.168.24.98

200 OK

38 kB

URL HTTP/1.1
20.168.24.98/js/3.bundle-d6a6baaa0dc3faae26db.js
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (37515), with no line terminators
Size
38 kB (37792 bytes)
Hash
39e850b2f21e44f7c83c5bfbf71a1a23
3610d538fb093eec2940764418eff51e72fe8f8f
4ab4958c63bd706e031161717896c8fbe22f133a4c9ff285cc053e75ceb13d06

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /js/3.bundle-d6a6baaa0dc3faae26db.js HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php

HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 15:34:45 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 23 Mar 2022 21:09:38 GMT
ETag: "93a0-5dae925aec880"
Accept-Ranges: bytes
Content-Length: 37792
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
bdb8a13dfce39d6e151a9ef185a772a1
037a680510f9dbce3c7cc3c0f9115fd587dbcd1d
98c8b7f269b9aad73b73fd946788ebfd7a4d7afbdd5347b56c67f73b947f5ff6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4807
Cache-Control: max-age=154337
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 15:34:45 GMT
Etag: "63ca59af-1d7"
Expires: Sun, 22 Jan 2023 10:27:02 GMT
Last-Modified: Fri, 20 Jan 2023 09:06:55 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

20.168.24.98/cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js

20.168.24.98

404 Not Found

299 B

URL HTTP/1.1
20.168.24.98/cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
299 B (299 bytes)
Hash
cda6e842d95ff384d49bab83c493c501
59f56b1d888abd962f067da718f568db0322ba10
408d5388aee4748b572fee175f564c96faa6fed1c7e5b6d1902355236ff3dcbb

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/js/2.bundle-d410ea60e5b46c298cdd.js HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-

HTTP/1.1 404 Not Found
Date: Fri, 20 Jan 2023 15:34:45 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 299
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
6619b054860414e3d8c339ea039a70c8
e821aac4651eb057f17cc5308d61d70f34ccad00
7c8b0fa04bd62a875bfb00c1fcb47557bb697e8aa3862a6c34c2579e09c7a9cd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=146453
Date: Fri, 20 Jan 2023 15:34:45 GMT
Etag: "63ca4d06-1d7"
Expires: Sun, 22 Jan 2023 08:15:38 GMT
Last-Modified: Fri, 20 Jan 2023 08:12:54 GMT
Server: ECS (dcb/7F7F)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: qTdA-Wlsslm8kz_8GtIobTagSPpq_1vQx5UbNUspTG9Yjt0ZN8LdpQ==
Age: 164

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bd9ed9c3f88cda5456e13a134e27b268
aaa82eb935ce140174b2392ac7f7d80e2ddff1c5
a5621fa38dc23d545f834fc7331e59fc61825004b2c599c11c89628175333ca6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 15:34:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

js-cdn.dynatrace.com/jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js

54.230.111.96

200 OK

98 kB

URL HTTP/2
js-cdn.dynatrace.com/jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js
IP
54.230.111.96:0
ASN
#16509 AMAZON-02

File type
data
Size
98 kB (98283 bytes)
Hash
e782986fa341a971798bfa8833cd35e6
9c33032357dd48bf318ae1e80a2785962fd05020
11bf7bb024638bb5a2a92f6f2f13a0d531c8fb37cae1dbe28ca542a08dbcba1b

HTTP Headers

GET /jstag/157944990f8/bf73995led/189e25234ffe70ce_complete.js HTTP/1.1
Host: js-cdn.dynatrace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://20.168.24.98
Connection: keep-alive
Referer: http://20.168.24.98/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
date: Fri, 20 Jan 2023 15:07:54 GMT
x-oneagent-js-injection: true
traffic-source: UNKNOWN
dynatrace-response-source: Cluster
dynatrace-response-id: KN75BKV15IKH
expires: Fri, 20 Jan 2023 16:07:54 GMT
cache-control: public, max-age=3600
access-control-allow-origin: *
timing-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _tWiMsdhEpuictZ4KCjydQf7XckEa1b1IpiN6c5EaUB4Dm37-G2Qlw==
age: 1611
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

172.217.21.170

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
172.217.21.170:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.168.24.98/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Jan 2023 01:25:53 GMT
expires: Sat, 20 Jan 2024 01:25:53 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 50933
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

20.168.24.98/login/index.php

20.168.24.98

200 OK

735 kB

URL HTTP/1.1
20.168.24.98/login/index.php
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1242)
Size
735 kB (735031 bytes)
Hash
f7b197e61aa7df280fd564f1dda83a0e
34a66540274f6fd14e18771a4c4faab7feb827b7
d95761757e78761a270151e8009b06bf6de6085b06e70d91dc7e3d15c5a98129

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /login/index.php HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 15:34:44 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
X-Powered-By: PHP/7.4.33
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

www.google.com/recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR

216.58.207.228

200 OK

581 B

URL HTTP/2
www.google.com/recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (913), with no line terminators
Size
581 B (581 bytes)
Hash
926d93737538dc073c31d33fa949c168
14d799a2473e1d92a6b1f5a34daea5d7fb943f82
0fe80b0e99c2cefaf8ce01d75803a1ba9f18d13554be136aabffba7108f702a8

HTTP Headers

GET /recaptcha/api.js?onload=onLoadRecaptcha&render=explicit&hl=pt-BR HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.168.24.98/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Fri, 20 Jan 2023 15:34:46 GMT
date: Fri, 20 Jan 2023 15:34:46 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 581
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

20.168.24.98/vectors/google-play-badge-reverse.svg

20.168.24.98

200 OK

11 kB

URL HTTP/1.1
20.168.24.98/vectors/google-play-badge-reverse.svg
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (10788)
Size
11 kB (10789 bytes)
Hash
dd500e2468aecaccb46e64859f38ed87
6922b1027cf980cf19ed84c94732c3b704798cc8
e946d863a136a09089fd275d574ff3346bad8327d4ef378c06af35872d9fe56d

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /vectors/google-play-badge-reverse.svg HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 23 Mar 2022 21:19:26 GMT
ETag: "2a25-5dae948baf380"
Accept-Ranges: bytes
Content-Length: 10789
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

20.168.24.98/vectors/google-play-badge.svg

20.168.24.98

200 OK

11 kB

URL HTTP/1.1
20.168.24.98/vectors/google-play-badge.svg
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (10785)
Size
11 kB (10786 bytes)
Hash
f1a5450f21493625afbc619436ad14e0
e641815fd9bd38b5827c9e65821ed5a8fa05b0fb
8827f96ace2afe4aeff4c33db4ac86193f38a62cb30d9fbba949e0b72c2a55ff

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /vectors/google-play-badge.svg HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 23 Mar 2022 21:21:30 GMT
ETag: "2a22-5dae9501f0a80"
Accept-Ranges: bytes
Content-Length: 10786
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/svg+xml

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bd9ed9c3f88cda5456e13a134e27b268
aaa82eb935ce140174b2392ac7f7d80e2ddff1c5
a5621fa38dc23d545f834fc7331e59fc61825004b2c599c11c89628175333ca6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 15:34:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
9046bdd3634f2cfb8ace7c326c4af05f
d92d1610bbcc211f0648ec87b5aee6a562f606db
eea88fe2aaabd085058e3cf139e8780e1ddeff62e4fb94d6eeabe512a309d8ac

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 15:34:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz

216.58.207.228

200 OK

23 kB

URL HTTP/2
www.google.com/recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz
IP
216.58.207.228:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (35936)
Size
23 kB (23280 bytes)
Hash
2d35ab93cd2728939c1078072300c87a
12eb3de49e8e154c07c90f954909f88cd8079cfc
9e76f1fbeef9cc3e994a0da742b3ad2aa3f0e2dca587c13475b80db4a72d7d98

HTTP Headers

GET /recaptcha/api2/anchor?ar=1&k=6LcNwW8UAAAAAJ8eSLfer6Z8Lm28favadVWPryjV&co=aHR0cHM6Ly93d3cucmVhbGl6ZXNvbHVjb2VzZmluYW5jZWlyYXMuY29tLmJyOjQ0Mw..&hl=pt-BR&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&badge=inline&cb=uii3yowxuayz HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.168.24.98/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 20 Jan 2023 15:34:46 GMT
content-security-policy: script-src 'nonce-xmMyneLx5_-uIEExDbYw3Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 23280
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cdn.pmweb.com.br/df/tag.js?id=PM-N2FTFQ

54.207.21.48

200 OK

9.2 kB

URL HTTP/1.1
cdn.pmweb.com.br/df/tag.js?id=PM-N2FTFQ
IP
54.207.21.48:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (22651), with no line terminators
Size
9.2 kB (9197 bytes)
Hash
bb462b00b14c20c1058237a188f4033b
6cb3f0724e5b750d6d1ae92518a9126314368e7b
ff1a4463eadc1c7e0bce4edd7635a026f7106130efd1c27bd4bb8af6104edf08

HTTP Headers

GET /df/tag.js?id=PM-N2FTFQ HTTP/1.1
Host: cdn.pmweb.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.168.24.98/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=300
Content-Encoding: gzip
Content-Type: application/javascript
Date: Fri, 20 Jan 2023 15:34:46 GMT
ETag: W/"63b8250b-587b"
Expires: Fri, 20 Jan 2023 15:39:46 GMT
Last-Modified: Fri, 06 Jan 2023 13:41:31 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Vary: Accept-Encoding
Content-Length: 9197
Connection: keep-alive

push.services.mozilla.com/

52.89.20.60

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.20.60:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9Nr6Cb7gULi+4SpEx7D8Ww==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TO8ONBgMcp9fFIvbZCqjHEEaRb8=

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
61162a42e6bf5415f3d80ceac5e25ad2
2c2a987ab75a008682a5defd50d20be737912b23
4260bef1cd37c1f0372c9a5aae4ca0a6564c6473f68a4f4181ed83ed3d6b2d48

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 15:34:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

20.168.24.98/vectors/app-store-badge.svg

20.168.24.98

200 OK

14 kB

URL HTTP/1.1
20.168.24.98/vectors/app-store-badge.svg
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (14261)
Size
14 kB (14262 bytes)
Hash
34683b771a7e7e258b2aaa2e1d7b37f1
cbd7c1053fe89019d386d1676ffa086ddbf0a8b5
3dd08d21a5c010294a50355af3565a50d08ea4aef83e822114be29171209f109

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /vectors/app-store-badge.svg HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 23 Mar 2022 21:21:50 GMT
ETag: "37b6-5dae951503780"
Accept-Ranges: bytes
Content-Length: 14262
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
61162a42e6bf5415f3d80ceac5e25ad2
2c2a987ab75a008682a5defd50d20be737912b23
4260bef1cd37c1f0372c9a5aae4ca0a6564c6473f68a4f4181ed83ed3d6b2d48

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 15:34:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

20.168.24.98/cartoes-renner/vectors/whatsapp.svg

20.168.24.98

404 Not Found

299 B

URL HTTP/1.1
20.168.24.98/cartoes-renner/vectors/whatsapp.svg
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
299 B (299 bytes)
Hash
cda6e842d95ff384d49bab83c493c501
59f56b1d888abd962f067da718f568db0322ba10
408d5388aee4748b572fee175f564c96faa6fed1c7e5b6d1902355236ff3dcbb

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/vectors/whatsapp.svg HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-

HTTP/1.1 404 Not Found
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 299
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

20.168.24.98/fonts/Roboto-Regular.woff2

20.168.24.98

200 OK

15 kB

URL HTTP/1.1
20.168.24.98/fonts/Roboto-Regular.woff2
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Web Open Font Format (Version 2), TrueType, length 14600, version 1.0\012- data
Size
15 kB (14600 bytes)
Hash
a2647ffe169bbbd94a3238020354c732
0a59a3b17c93c1093c2514b3a9d51c91395aabd0
db44c6b7985f942465865cfe688770803ab464ec35fb9aefaeccc052e9b74b2a

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /fonts/Roboto-Regular.woff2 HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 23 Mar 2022 21:15:40 GMT
ETag: "3908-5dae93b427700"
Accept-Ranges: bytes
Content-Length: 14600
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

20.168.24.98/fonts/Roboto-Bold.woff2

20.168.24.98

200 OK

15 kB

URL HTTP/1.1
20.168.24.98/fonts/Roboto-Bold.woff2
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Web Open Font Format (Version 2), TrueType, length 14680, version 1.0\012- data
Size
15 kB (14680 bytes)
Hash
aa3e87117db2b3c27801cbb8dfe40c6c
a1118c5362e2dd34ac5cf34e135042c3ad827b58
36eea693231e39de5efd21718fea8fc98005b580b264522ffbef360939b8d75c

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /fonts/Roboto-Bold.woff2 HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 23 Mar 2022 21:17:00 GMT
ETag: "3958-5dae940072b00"
Accept-Ranges: bytes
Content-Length: 14680
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js

216.58.211.3

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1624 bytes)
Hash
3ab3a3944f881ad31c89d08f5e8bb435
3dffffd915706b6f3a4be103ef99b293fd89d2dc
a2b4316623904892860acbdf726e13f1b33e07244baaae92fb9bb0c01e70d69c

HTTP Headers

GET /recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Fri, 20 Jan 2023 15:34:46 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/styles__ltr.css

216.58.211.3

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/styles__ltr.css
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1620 bytes)
Hash
617f87016391056cbfa3087f986bd536
57c63621d5e3657f9add4229143eb54909902bd0
a38edb7c355cb03d028c7aebd49d71de4b673368cbf77dec0c95088930a90c73

HTTP Headers

GET /recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Fri, 20 Jan 2023 15:34:46 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1620
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

20.168.24.98/fonts/Roboto-Black.woff2

20.168.24.98

200 OK

15 kB

URL HTTP/1.1
20.168.24.98/fonts/Roboto-Black.woff2
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Web Open Font Format (Version 2), TrueType, length 14592, version 1.0\012- data
Size
15 kB (14592 bytes)
Hash
fa058128ab6fcaa61257208d085b4d57
71c4e4b88c8049ef87ab6ede1ed4c9934eff778e
6e85391e451421ec1d47481273c0b97555ee880504b0fe96c5cec1edd4b0c57f

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /fonts/Roboto-Black.woff2 HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 23 Mar 2022 21:17:20 GMT
ETag: "3900-5dae941385800"
Accept-Ranges: bytes
Content-Length: 14592
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
61162a42e6bf5415f3d80ceac5e25ad2
2c2a987ab75a008682a5defd50d20be737912b23
4260bef1cd37c1f0372c9a5aae4ca0a6564c6473f68a4f4181ed83ed3d6b2d48

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 15:34:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

20.168.24.98/vectors/bg-login.svg

20.168.24.98

200 OK

664 B

URL HTTP/1.1
20.168.24.98/vectors/bg-login.svg
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (663)
Size
664 B (664 bytes)
Hash
bbba81daa6feeed173485552f13c0f2a
aa3778c907487f06760a88ed95fa98522512f292
3bb71cec41dd0b3c5782f72d32b1b028fdc9558f0acace778d1a2c312d50f382

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /vectors/bg-login.svg HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 23 Mar 2022 21:25:12 GMT
ETag: "298-5dae95d5a7e00"
Accept-Ranges: bytes
Content-Length: 664
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml

20.168.24.98/images/celular-login.png

20.168.24.98

200 OK

155 kB

URL HTTP/1.1
20.168.24.98/images/celular-login.png
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 379 x 485, 8-bit/color RGBA, non-interlaced\012- data
Size
155 kB (155176 bytes)
Hash
e624d089f9b2fff768b6b592285a4f12
bef94cbbf3c93e3cc8cc45975065216efc046336
7db4ada57262fbacd47bef4e96e3cedda276b9267e6ca4d20adeeb1c24d870b6

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /images/celular-login.png HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 23 Mar 2022 21:20:16 GMT
ETag: "25e28-5dae94bb5e400"
Accept-Ranges: bytes
Content-Length: 155176
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

20.168.24.98/cartoes-renner/fonts/Roboto-Bold.woff

20.168.24.98

404 Not Found

299 B

URL HTTP/1.1
20.168.24.98/cartoes-renner/fonts/Roboto-Bold.woff
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
299 B (299 bytes)
Hash
cda6e842d95ff384d49bab83c493c501
59f56b1d888abd962f067da718f568db0322ba10
408d5388aee4748b572fee175f564c96faa6fed1c7e5b6d1902355236ff3dcbb

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/fonts/Roboto-Bold.woff HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-; _pm_id=627201674228885654; _pm_sid=131181674228885654

HTTP/1.1 404 Not Found
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 299
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

20.168.24.98/cartoes-renner/fonts/Roboto-Regular.woff

20.168.24.98

404 Not Found

299 B

URL HTTP/1.1
20.168.24.98/cartoes-renner/fonts/Roboto-Regular.woff
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
299 B (299 bytes)
Hash
cda6e842d95ff384d49bab83c493c501
59f56b1d888abd962f067da718f568db0322ba10
408d5388aee4748b572fee175f564c96faa6fed1c7e5b6d1902355236ff3dcbb

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/fonts/Roboto-Regular.woff HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-; _pm_id=627201674228885654; _pm_sid=131181674228885654

HTTP/1.1 404 Not Found
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 299
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js

216.58.211.3

404 Not Found

1.6 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1624 bytes)
Hash
3ab3a3944f881ad31c89d08f5e8bb435
3dffffd915706b6f3a4be103ef99b293fd89d2dc
a2b4316623904892860acbdf726e13f1b33e07244baaae92fb9bb0c01e70d69c

HTTP Headers

GET /recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__pt_br.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Fri, 20 Jan 2023 15:34:46 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1624
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

20.168.24.98/cartoes-renner/fonts/Roboto-Black.woff

20.168.24.98

404 Not Found

299 B

URL HTTP/1.1
20.168.24.98/cartoes-renner/fonts/Roboto-Black.woff
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
299 B (299 bytes)
Hash
cda6e842d95ff384d49bab83c493c501
59f56b1d888abd962f067da718f568db0322ba10
408d5388aee4748b572fee175f564c96faa6fed1c7e5b6d1902355236ff3dcbb

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/fonts/Roboto-Black.woff HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-; _pm_id=627201674228885654; _pm_sid=131181674228885654

HTTP/1.1 404 Not Found
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 299
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f4c30b32d1713573d464369544693f0d
2dd6e781f10afb174bd7d70d0246fd8a1d234c68
014b912fdf20224d2e77f31f7b1a47e9a8cf2ab9ec54806b2d4d68f2b8d18dfc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 20 Jan 2023 15:34:46 GMT
Last-Modified: Fri, 20 Jan 2023 14:00:13 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: UppVgTQE9zvyZG8IzcUpVsqmJe1O0eq4WGDwIgu0yuy1BRrAarH_fg==
Age: 5674

20.168.24.98/cartoes-renner/fonts/Roboto-Bold.ttf

20.168.24.98

404 Not Found

299 B

URL HTTP/1.1
20.168.24.98/cartoes-renner/fonts/Roboto-Bold.ttf
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
299 B (299 bytes)
Hash
cda6e842d95ff384d49bab83c493c501
59f56b1d888abd962f067da718f568db0322ba10
408d5388aee4748b572fee175f564c96faa6fed1c7e5b6d1902355236ff3dcbb

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/fonts/Roboto-Bold.ttf HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-; _pm_id=627201674228885654; _pm_sid=131181674228885654

HTTP/1.1 404 Not Found
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 299
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

20.168.24.98/cartoes-renner/fonts/Roboto-Regular.ttf

20.168.24.98

404 Not Found

299 B

URL HTTP/1.1
20.168.24.98/cartoes-renner/fonts/Roboto-Regular.ttf
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
299 B (299 bytes)
Hash
cda6e842d95ff384d49bab83c493c501
59f56b1d888abd962f067da718f568db0322ba10
408d5388aee4748b572fee175f564c96faa6fed1c7e5b6d1902355236ff3dcbb

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/fonts/Roboto-Regular.ttf HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-; _pm_id=627201674228885654; _pm_sid=131181674228885654

HTTP/1.1 404 Not Found
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 299
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

20.168.24.98/cartoes-renner/fonts/Roboto-Black.ttf

20.168.24.98

404 Not Found

299 B

URL HTTP/1.1
20.168.24.98/cartoes-renner/fonts/Roboto-Black.ttf
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
299 B (299 bytes)
Hash
cda6e842d95ff384d49bab83c493c501
59f56b1d888abd962f067da718f568db0322ba10
408d5388aee4748b572fee175f564c96faa6fed1c7e5b6d1902355236ff3dcbb

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/fonts/Roboto-Black.ttf HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-; _pm_id=627201674228885654; _pm_sid=131181674228885654

HTTP/1.1 404 Not Found
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 299
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

20.168.24.98/js/vendors.bundle-859d26788acf215a201a.js

20.168.24.98

200 OK

686 kB

URL HTTP/1.1
20.168.24.98/js/vendors.bundle-859d26788acf215a201a.js
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (65518), with no line terminators
Size
686 kB (686470 bytes)
Hash
ba8db3e4745ef4402e6c1011c9227191
e155466c79dd3823ff0ce99802093d80e40ebd1f
40d596025119e99448ba247d9ad58248525a484a971dabdd366e0724453e3e36

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /js/vendors.bundle-859d26788acf215a201a.js HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-

HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 15:34:46 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Last-Modified: Wed, 23 Mar 2022 21:22:58 GMT
ETag: "a7986-5dae9555dd080"
Accept-Ranges: bytes
Content-Length: 686470
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

s3-sa-east-1.amazonaws.com/frame-image-br/bg.png?x-id=real&x-r=

52.95.165.2

200 OK

0 B

URL HTTP/1.1
s3-sa-east-1.amazonaws.com/frame-image-br/bg.png?x-id=real&x-r=
IP
52.95.165.2:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /frame-image-br/bg.png?x-id=real&x-r= HTTP/1.1
Host: s3-sa-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.168.24.98/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: +0gYiy1neAYOf8nEC2fdq7sXBNWe3Nbx+JpNvGgBPaAAxv5ueV841e3GHNrTmtSzTT/pMJAoSGs=
x-amz-request-id: PSJXPTS5FCZNB1XG
Date: Fri, 20 Jan 2023 15:34:47 GMT
Last-Modified: Thu, 04 May 2017 08:21:21 GMT
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-meta-s3cmd-attrs: uid:502/gname:staff/uname:user/gid:20/mode:33188/mtime:1493416832/atime:1493796970/md5:d41d8cd98f00b204e9800998ecf8427e/ctime:1493416832
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 0

www.google-analytics.com/analytics.js

142.250.74.46

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.168.24.98/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 20 Jan 2023 13:45:20 GMT
expires: Fri, 20 Jan 2023 15:45:20 GMT
cache-control: public, max-age=7200
age: 6567
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470

142.250.74.46

200 OK

44 kB

URL HTTP/2
www.google-analytics.com/gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (44512 bytes)
Hash
6834dde42fd845fdaae1c0181d215447
9085714d6e77e33096af8e259408f7ac0a18b9d4
da233428dd5bf837dfcded266a4c55a6a7c6261568db1156b0c9ced199837dde

HTTP Headers

GET /gtm/js?id=GTM-W9SBWRL&cid=1003849302.1648069470 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://20.168.24.98/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 20 Jan 2023 15:34:47 GMT
expires: Fri, 20 Jan 2023 15:34:47 GMT
cache-control: private, max-age=900
last-modified: Fri, 20 Jan 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44512
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

20.168.24.98/cartoes-renner/images/lojas-renner.png

20.168.24.98

404 Not Found

299 B

URL HTTP/1.1
20.168.24.98/cartoes-renner/images/lojas-renner.png
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
299 B (299 bytes)
Hash
cda6e842d95ff384d49bab83c493c501
59f56b1d888abd962f067da718f568db0322ba10
408d5388aee4748b572fee175f564c96faa6fed1c7e5b6d1902355236ff3dcbb

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/images/lojas-renner.png HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-; _pm_id=627201674228885654; _pm_sid=131181674228885654

HTTP/1.1 404 Not Found
Date: Fri, 20 Jan 2023 15:34:47 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 299
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

20.168.24.98/cartoes-renner/images/favicon.ico

20.168.24.98

404 Not Found

299 B

URL HTTP/1.1
20.168.24.98/cartoes-renner/images/favicon.ico
IP
20.168.24.98:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
299 B (299 bytes)
Hash
cda6e842d95ff384d49bab83c493c501
59f56b1d888abd962f067da718f568db0322ba10
408d5388aee4748b572fee175f564c96faa6fed1c7e5b6d1902355236ff3dcbb

Detections

Analyzer	Verdict	Alert
openphish	Lojas Renner
quad9	Sinkholed

HTTP Headers

GET /cartoes-renner/images/favicon.ico HTTP/1.1
Host: 20.168.24.98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://20.168.24.98/login/index.php
Cookie: dtCookie=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8; rxVisitor=16742288848664H6F8BD57M7CJ62RIVEEGGJI9AU94CTR; dtPC=-58$228884856_520h1vVABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0e0; rxvt=1674230684878|1674228884868; dtLatC=79; dtSa=-; _pm_id=627201674228885654; _pm_sid=131181674228885654

HTTP/1.1 404 Not Found
Date: Fri, 20 Jan 2023 15:34:47 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.33
Content-Length: 299
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

df.pmweb.com.br/push/?aid=PM-N2FTFQ&cid=627201674228885654&sid=131181674228885654&pvw=cfd16895-6599-431d-a91d-20d09a574289&v=1.19.0&rs=1280x1024&tt=Cart%C3%B5es%20Renner&ws=1280x1024&os=Linux%20x86_64&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&url=http%3A%2F%2F20.168.24.98%2Flogin%2Findex.php

177.71.205.96

200 OK

2 B

URL HTTP/1.1
df.pmweb.com.br/push/?aid=PM-N2FTFQ&cid=627201674228885654&sid=131181674228885654&pvw=cfd16895-6599-431d-a91d-20d09a574289&v=1.19.0&rs=1280x1024&tt=Cart%C3%B5es%20Renner&ws=1280x1024&os=Linux%20x86_64&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&url=http%3A%2F%2F20.168.24.98%2Flogin%2Findex.php
IP
177.71.205.96:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
50585be4e3159a71c874c590d2ba12ec
fb17882585bbfe9c55733a6e46a265ddaea6957a
54d626e08c1c802b305dad30b7e54a82f102390cc92c7d4db112048935236e9c

HTTP Headers

GET /push/?aid=PM-N2FTFQ&cid=627201674228885654&sid=131181674228885654&pvw=cfd16895-6599-431d-a91d-20d09a574289&v=1.19.0&rs=1280x1024&tt=Cart%C3%B5es%20Renner&ws=1280x1024&os=Linux%20x86_64&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&url=http%3A%2F%2F20.168.24.98%2Flogin%2Findex.php HTTP/1.1
Host: df.pmweb.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://20.168.24.98
Connection: keep-alive
Referer: http://20.168.24.98/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://20.168.24.98
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/plain
Date: Fri, 20 Jan 2023 15:34:47 GMT
Expires: 0
Pragma: no-cache
Server: nginx
Set-Cookie: _pm_uid=627201674228885654; path=/; domain=pmweb.com.br; secure; Expires=Sun, 19-Jan-2025 15:34:47 GMT
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Content-Length: 2
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11151
Expires: Fri, 20 Jan 2023 18:40:38 GMT
Date: Fri, 20 Jan 2023 15:34:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11151
Expires: Fri, 20 Jan 2023 18:40:38 GMT
Date: Fri, 20 Jan 2023 15:34:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11151
Expires: Fri, 20 Jan 2023 18:40:38 GMT
Date: Fri, 20 Jan 2023 15:34:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11151
Expires: Fri, 20 Jan 2023 18:40:38 GMT
Date: Fri, 20 Jan 2023 15:34:47 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6557 bytes)
Hash
5553b06c7dde4dc377f9f4e65bc8ace7
9dca5486485416d1aef199be08a50abd717addc7
33a5d1a21738218e0a6fe16d79045bd390af2e84073330a0a94c03812e1ba3ba

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 70710215-b8fd-44eb-8b50-f0948f98366c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmQWFNvoAMF3ZQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b735-19e7e3865ce991cb5447f0f2;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Fc9dIiT5QQaTowAA6lp8ffJl4Niq3i_iVe54lYhAV52kJ8Q98EMJqQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:04:44 GMT
age: 63003
etag: "9dca5486485416d1aef199be08a50abd717addc7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.1 kB (7111 bytes)
Hash
f5195ac5d83278bed049661c0d1aaa4a
74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e
30af8f591b2d4f7c8de7d52ea53bb170ca426ef0550001c7802a7f993a6344df

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7111
x-amzn-requestid: d9b5e6b0-3995-4c70-be84-0b1b457b7143
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmRlHtkIAMFiGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b73d-37d253ee68fe1b7e483097dd;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 86-hgCgiYN-PYLZgXJO79kM9Vm6DIiRixaz-kQZFaY0m5481x8GWlw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:54 GMT
etag: "74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e"
content-type: image/jpeg
age: 62513
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10867 bytes)
Hash
3638dc76d0638625ac9a31c038df3a44
deff1903d591273a96d538ae77988d8a080e228c
8382af3843ebeca8e5c13fdd60f7fb92b479915416f36686fce40566fd87ce68

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10867
x-amzn-requestid: 8d882e21-d4c5-49ac-b76a-198cec065377
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAnVTEfpoAMFgJA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b8ee-6579537e6a82269f4bc99395;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:41:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 83ssVBkpe4gl1kI8bKYu90Vee3r32V_IiqQxtvt_TfAFk6DsDfyoTw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:09:52 GMT
age: 62695
etag: "deff1903d591273a96d538ae77988d8a080e228c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F39a35445-bc58-42fe-a967-b38a36fdd046.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6385 bytes)
Hash
a97cab18b1edfc6020ede86813e24b16
61f5d22d3697f56e862fa18b21ba971a8fafc856
adc06b60d43a1074da12325a4fb27365773ea08db9d51b1e0756b2b2a05a6400

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F39a35445-bc58-42fe-a967-b38a36fdd046.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6385
x-amzn-requestid: b9f064c9-1c2b-4888-b684-f57b116eb09f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmRQGESIAMF5-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b73b-2e4d54d54fe21db92ab308c4;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iWraVjV4LxSKHeLNstsLWAw1zDFukQ-HPoJTYWlkkqO9FZ0HeGUOpQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:08:45 GMT
age: 62762
etag: "61f5d22d3697f56e862fa18b21ba971a8fafc856"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5588 bytes)
Hash
6889019ec9c1155e9e4b4eeb6a86760d
59c6f3a313efba4a67a63c9ae725db8d17c08c03
378510ecdbbb2b6248391195eace1dc3120d18b6f13e52033a3e88024592cac4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5588
x-amzn-requestid: c9d6f09b-2cd9-4137-9369-0295836e06e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAnT0FkNIAMF7Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b8e5-5c6360c025826ed06525c67e;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:40:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ruj2jeo2zhuDhIPufqckFmqP0Cx7ECNYRyxBYgQbHhkWH4o3m1L-OQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:29 GMT
age: 62538
etag: "59c6f3a313efba4a67a63c9ae725db8d17c08c03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5351 bytes)
Hash
1eff6cdee4c98a6f806c5b417b12cdf2
4b4b817055dc2c0699c6e01d85841638e63d9c0e
2f2fdd1e829e4175e8cf915794ffc16e24dac72ab425448cd0ac5165b1b87b2f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5351
x-amzn-requestid: 86ba43bc-0b0f-40ba-9015-463371baf673
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foQFg_IAMFSZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61301-0c1461622a361a5d0ab35cbb;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XH59pHdrdzBmByq_DN9OlVh-Y3MGiR-V9KzWnaR9QR_7evQt--UOdA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 07:09:42 GMT
age: 30305
etag: "4b4b817055dc2c0699c6e01d85841638e63d9c0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
1b8020d309ae922cf55c7b635da97f7c
fee041a1943dd66a3ee78ec100c6134bb82e00e5
217bbccadf886a87c628e979eebd701ccb5cb11389c08bcb51b7af6b86d8b27f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 20 Jan 2023 15:34:48 GMT
Last-Modified: Fri, 20 Jan 2023 13:54:20 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: k1CMzDV4fLrgrp3H-3al-KzI3S_M-hHnsCAmxZ453O_SQkbkVR8sQg==
Age: 6028

bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8&svrid=-58&flavor=cors&vi=VABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0&modifiedSince=1647975459642&rf=http%3A%2F%2F20.168.24.98%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=2200071118&en=ovxxhecl&end=1

3.228.88.68

200 OK

703 B

URL HTTP/2
bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8&svrid=-58&flavor=cors&vi=VABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0&modifiedSince=1647975459642&rf=http%3A%2F%2F20.168.24.98%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=2200071118&en=ovxxhecl&end=1
IP
3.228.88.68:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with very long lines (703), with no line terminators
Size
703 B (703 bytes)
Hash
c48fb2086aece266124ed5febc55d714
02218a12166b42281ea09fe4ee3387c8d3224d05
e5b2a269ca3826e948df0f6da5de026bdcfd1951a946268a28639148860a0259

HTTP Headers

POST /bf?type=js3&sn=v_4_srv_-2D58_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8&svrid=-58&flavor=cors&vi=VABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0&modifiedSince=1647975459642&rf=http%3A%2F%2F20.168.24.98%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=2200071118&en=ovxxhecl&end=1 HTTP/1.1
Host: bf73995led.bf.dynatrace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1214
Origin: http://20.168.24.98
Connection: keep-alive
Referer: http://20.168.24.98/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 20 Jan 2023 15:34:49 GMT
content-type: text/plain;charset=utf-8
content-length: 703
set-cookie: dtCookie=v_4_srv_13_sn_2108082F66FBF542DB9F7E02C35F5643_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1; Path=/; Domain=.dynatrace.com
x-oneagent-js-injection: true
access-control-allow-origin: http://20.168.24.98
cache-control: no-cache
X-Firefox-Spdy: h2

bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_10_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1&svrid=10&flavor=cors&vi=VABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0&modifiedSince=1674199779815&rf=http%3A%2F%2F20.168.24.98%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=2977321536&en=ovxxhecl&end=1

3.228.88.68

200 OK

211 B

URL HTTP/2
bf73995led.bf.dynatrace.com/bf?type=js3&sn=v_4_srv_10_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1&svrid=10&flavor=cors&vi=VABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0&modifiedSince=1674199779815&rf=http%3A%2F%2F20.168.24.98%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=2977321536&en=ovxxhecl&end=1
IP
3.228.88.68:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
211 B (211 bytes)
Hash
4158d368a4b0b887a9ad7d7097aa3986
7b7dd092efd9c8114b23c4303c0914ddd490749f
2c3202212a4b479d078fbca5c9a268691c84aa51e135dbfe43b04d8016b1029f

HTTP Headers

POST /bf?type=js3&sn=v_4_srv_10_sn_E124H66PVS2UFF7VKA59E0A7HLPCJ8V8_app-3A189e25234ffe70ce_1_ol_0_perc_100000_mul_1&svrid=10&flavor=cors&vi=VABAAUKTKCPVVPRLEDVKPNHSCKQFUFIF-0&modifiedSince=1674199779815&rf=http%3A%2F%2F20.168.24.98%2Flogin%2Findex.php&bp=3&app=189e25234ffe70ce&crc=2977321536&en=ovxxhecl&end=1 HTTP/1.1
Host: bf73995led.bf.dynatrace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 4808
Origin: http://20.168.24.98
Connection: keep-alive
Referer: http://20.168.24.98/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 20 Jan 2023 15:34:50 GMT
content-type: text/plain;charset=utf-8
content-length: 211
set-cookie: dtCookie=v_4_srv_7_sn_91127069ADFD59AF9DFB54BFBB28955B_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1; Path=/; Domain=.dynatrace.com
x-oneagent-js-injection: true
access-control-allow-origin: http://20.168.24.98
cache-control: no-cache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML