Report - xortx.impactoprimesaojose.com.br/safe-1246452334735YWRhdmlkb2ZmQHhvcnR4LmNvbQ==ibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1

Report Overview

Submitted URL
xortx.impactoprimesaojose.com.br/safe-1246452334735YWRhdmlkb2ZmQHhvcnR4LmNvbQ==ibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1
IP
108.179.192.114
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-09-21 19:40:42
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	63 kB	34.120.237.76
cdn-googlapi-jquery.ga	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	833 B	8.3 kB	104.21.72.40
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.27
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	652 B	1.5 kB	23.36.77.32
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	952 B	33 kB	142.250.74.163
maxcdn.bootstrapcdn.com	724	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	414 B	872 B	104.18.11.207
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	658 B	1.1 kB	93.184.220.29
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.8 kB	142.250.74.3
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	461 B	159 kB	142.250.74.163
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
xortx.impactoprimesaojose.com.br	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	24 kB	108.179.192.114
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	396 B	30 kB	104.17.24.14
static-exp1.licdn.com	3079	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405 B	20 kB	23.36.76.210
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	396 B	1.2 kB	142.250.74.164
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.148.228.200

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-21	medium	xortx.impactoprimesaojose.com.br/safe-1246452334735YWRhdmlkb2ZmQHhvcnR4LmNvbQ==ibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1	Phishing
2022-09-21	medium	xortx.impactoprimesaojose.com.br/dPJSWUulYpEJGxp8xYbfVfeYbX768u57fixedibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-21	medium	cdn-googlapi-jquery.ga	Sinkholed
2022-09-21	medium	cdn-googlapi-jquery.ga	Sinkholed

JavaScript (13)

	URL	Size	First Seen	Last Seen
	www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js	397 kB	2023-03-07	2023-03-17
Pretty URL www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js IP 142.250.74.163 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:00:06 Last Seen2023-03-17 12:55:53 Times Seen1 Hash ae7e42b66aa74379f09af0329753f2a3 c286bb007313f9aadb8b51dd749f28cae9addcac 3d94d48861ea4d1585e765d393147dafc3df44e3f33a2150b944bca4815cf9e4 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LdQBRIiAAAAABXwAeskVM4b4HYpWuDo6tX0M_9h&co=aHR0cDovL3hvcnR4LmltcGFjdG9wcmltZXNhb2pvc2UuY29tLmJyOjgw&hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&size=invisible&sa=submit&cb=erb955hwa6zs	35 kB	2023-03-07	2023-03-07
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LdQBRIiAAAAABXwAeskVM4b4HYpWuDo6tX0M_9h&co=aHR0cDovL3hvcnR4LmltcGFjdG9wcmltZXNhb2pvc2UuY29tLmJyOjgw&hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&size=invisible&sa=submit&cb=erb955hwa6zs IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:44:36 Last Seen2023-03-07 22:44:36 Times Seen1 Hash c78e7b81a421308f4d91336e42e4bd77 27a9186619ca7c0fff4ec9282429c9eac713bcb2 956d478d6ad209f3622b601679ff3f0d47d23c47fcebeb73513f16e4903dae87 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js	93 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-24 19:30:20 Times Seen23322 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	www.google.com/recaptcha/api.js?render=reCAPTCHA_site_key	850 B	2023-03-07	2023-03-17
Pretty URL www.google.com/recaptcha/api.js?render=reCAPTCHA_site_key IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:00:40 Last Seen2023-03-17 12:55:13 Times Seen1 Hash 5a091973c265321ac3dc678f4d18b2dd e294c0072b296f04ee8e802a4ba8cf2494674125 f2a5ef3629b695ea6f46814cab28aaac4ba7dc6c694847e5b0090e22e0d55eb9 Loading...

	xortx.impactoprimesaojose.com.br/safe-1246452334735YWRhdmlkb2ZmQHhvcnR4LmNvbQ==ibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1	314 B	2023-03-07	2023-03-17
Pretty URL xortx.impactoprimesaojose.com.br/safe-1246452334735YWRhdmlkb2ZmQHhvcnR4LmNvbQ==ibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1 IP 108.179.192.114 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:02:18 Last Seen2023-03-17 12:26:46 Times Seen1 Hash 82ea2ea29a53d3b3835093d23d5b3356 15dc39c74ef8cc7446e7a814b7a1937c9c5daa87 d275e660d57b7d388560f3abefd9778ca3d2da935dc5c3d9b0d35b1ac4afa38e Loading...

	xortx.impactoprimesaojose.com.br/safe-1246452334735YWRhdmlkb2ZmQHhvcnR4LmNvbQ==ibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1	5.2 kB	2023-03-07	2023-03-07
Pretty URL xortx.impactoprimesaojose.com.br/safe-1246452334735YWRhdmlkb2ZmQHhvcnR4LmNvbQ==ibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1 IP 108.179.192.114 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:38:18 Last Seen2023-03-07 23:14:23 Times Seen1 Hash c0adf75625dc2ec498ac748d74117ff7 ff7a20ea6f1f06758748770bae70d1c626b752a6 a4c8a149df621e027aaebcbbe98e329a0523a29768c1c1e60be8c7d43c14c81b Loading...

	unknown	0 B	2023-03-07	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 22:08:02 Times Seen37048625 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LdQBRIiAAAAABXwAeskVM4b4HYpWuDo6tX0M_9h&co=aHR0cDovL3hvcnR4LmltcGFjdG9wcmltZXNhb2pvc2UuY29tLmJyOjgw&hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&size=invisible&sa=submit&cb=erb955hwa6zs	69 B	2023-03-07	2024-04-24
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LdQBRIiAAAAABXwAeskVM4b4HYpWuDo6tX0M_9h&co=aHR0cDovL3hvcnR4LmltcGFjdG9wcmltZXNhb2pvc2UuY29tLmJyOjgw&hl=en&v=zmiYzsHi8INTJBWt2QZC9aM5&size=invisible&sa=submit&cb=erb955hwa6zs IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-04-24 21:58:57 Times Seen99409 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

		Size	First Seen	Last Seen
	#1 Eval - 4a795f7c1464a2e28290d9274bd4635a	22 B	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 16:41:22 Last Seen2023-03-08 00:54:42 Times Seen1 Hash 4a795f7c1464a2e28290d9274bd4635a 5052026e2c2293d28c8e6bb4d7e80ae8bd29c7cc 45f5e5195f57ae43fbd3dacdbdf1de261f7a716f6241be91b64b0a1e990cdc75 Loading...

	#2 Eval - b10864d231a1296ea1248caabfb160ab	16 kB	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 16:41:22 Last Seen2023-03-08 00:54:42 Times Seen1 Hash b10864d231a1296ea1248caabfb160ab 3aa42f325ca47e4352ea87149ae8d9c0a36a0b52 82b81c86cdae578664003b993458bc63c9de6f989bde32d1671110605cbbb93f Loading...

	#3 Eval - 36720fa73761ec2601ccd28e044cb498	22 kB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 22:44:36 Last Seen2023-03-07 22:44:36 Times Seen1 Hash 36720fa73761ec2601ccd28e044cb498 2ae7efa53e0cf961fc482250bef00b7fe79aa261 3bcd31bc75b7e85964622d1ee92fd1c44288c154d378048dc334c82fdebfaec4 Loading...

	#4 Eval - 373012afda9925590aabcb384476d1f6	22 B	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 16:41:22 Last Seen2023-03-08 00:54:42 Times Seen1 Hash 373012afda9925590aabcb384476d1f6 943e9ca21ef20864c8fe55a75ffaaa3f6119c0cf e305e4a9f1526070c2c93d1248512d6460115b8db421e150919978d6f2df61a2 Loading...

	#5 Eval - 7692d33e088b920650c86e58a088fabf	64 B	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 16:41:22 Last Seen2023-03-08 00:54:42 Times Seen1 Hash 7692d33e088b920650c86e58a088fabf bb36a6dbb404f3f373f5826e700e73e6cb38959e 3755a8c0633fef887d8f3e30674dfbef87ddb8b872bf69663731ed531f6a6ed0 Loading...

HTTP Transactions (37)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6678
Expires: Wed, 21 Sep 2022 21:31:49 GMT
Date: Wed, 21 Sep 2022 19:40:31 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
804f8bbb7f556d51a5f52d5ebd5b6eef
922cd7e06df278615a04abb81d811d14596c8180
ef4804d381a34ab67873a7755621081c49c646310e085a9b2356ae07098f6021

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Backoff, Retry-After, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 21 Sep 2022 19:05:00 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RRZJfGYMl5VegCUSQfGaKKNrAm5K1oxhee1BFyn36Bfwt5beiWq-7g==
Age: 2131

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
afb65a07bf7214addf83d17a53acba32
a8e973204431320aa7b362a4e73944520c4b51b9
46e1a9e6c98245afb7fa84bc6d9ba6844105024e2d3f56e28748e6c321475d02

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E1A9E6C98245AFB7FA84BC6D9BA6844105024E2D3F56E28748E6C321475D02"
Last-Modified: Wed, 21 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12557
Expires: Wed, 21 Sep 2022 23:09:48 GMT
Date: Wed, 21 Sep 2022 19:40:31 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: WPTUyN8pXPsGhyOeGMfXha8o05oe3fG0nUoDQZsgw6juhOVTzY7qFFiT3GwXqoA3rOzXOAU+rr4=
x-amz-request-id: ENH4NM2XYCAS29A2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 21 Sep 2022 18:44:43 GMT
age: 3348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 21 Sep 2022 19:40:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

xortx.impactoprimesaojose.com.br/safe-1246452334735YWRhdmlkb2ZmQHhvcnR4LmNvbQ==ibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1

108.179.192.114

200 OK

2.8 kB

URL HTTP/1.1
xortx.impactoprimesaojose.com.br/safe-1246452334735YWRhdmlkb2ZmQHhvcnR4LmNvbQ==ibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1
IP
108.179.192.114:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
2.8 kB (2777 bytes)
Hash
ba8eb75816e781548b505b96c94de2ec
00cf2ae87b19075653f8e894a521a1ffd5ac5fc1
3671d008850485c030b2d66f4e4e7ab1fb3205b53d4ab73f2e71f39aa851e0de

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /safe-1246452334735YWRhdmlkb2ZmQHhvcnR4LmNvbQ==ibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1 HTTP/1.1
Host: xortx.impactoprimesaojose.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Wed, 21 Sep 2022 19:40:31 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2777
Keep-Alive: timeout=5, max=75
Content-Type: text/html

cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js

104.17.24.14

200 OK

29 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32089)
Size
29 kB (29363 bytes)
Hash
7a3424411d3e6d12dad74c735dc993f6
4c799ff8a7ea8a1c7e73d75babdb554c0805d9fa
0e1a515dcc92bba987fe51e3c1460fe19ec69e19ef8b0bb00fb440d8565662c7

HTTP Headers

GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xortx.impactoprimesaojose.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 21 Sep 2022 19:40:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 29363
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-169d5"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 6832527
expires: Mon, 11 Sep 2023 19:40:31 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XBv72IZzcA8pSXgCF3gBVIflV%2BzsavojEPohWCXSPxIXfUBkHU8T4mIAME1rjO4hh9O34U4JSnQBDJQFKJyQdRa9Y4mnyG4ObmZV48tkR3OFOLPpJQROVAYNt5kwhjvOAhBbRPTf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74e545e9bc340b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

static-exp1.licdn.com/sc/h/9jn1d7sloqqio63jp8vjuorxg

23.36.76.210

200 OK

19 kB

URL HTTP/2
static-exp1.licdn.com/sc/h/9jn1d7sloqqio63jp8vjuorxg
IP
23.36.76.210:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
19 kB (18958 bytes)
Hash
a13c624457fd88dc3aae033c2c569d64
08666644e397a2330a62722eb4aacf664a622da5
ff479f144922beb708ceae88f4d6b5fd1cb15a7919ef943eb732be44475066a2

HTTP Headers

GET /sc/h/9jn1d7sloqqio63jp8vjuorxg HTTP/1.1
Host: static-exp1.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xortx.impactoprimesaojose.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Play
expires: Thu, 14 Sep 2023 11:36:40 GMT
cache-control: max-age=31536000, immutable
last-modified: Mon, 05 Nov 2012 04:00:51 GMT
content-encoding: br
x-li-static-content: 1
content-type: text/css
x-fs-uuid: 0005e8a18ae06ab0e9c6bb98eb6a2088
x-li-fabric: prod-lva1
x-li-pop: prod-lva1-x
x-li-proto: http/1.1
access-control-expose-headers: X-CDN, X-CDN-Client-IP-Version, X-CDN-Proto, X-Cache, X-CDN-RCODE
x-li-uuid: AAXooYrgarDpxruY62ogiA==
content-length: 18958
date: Wed, 21 Sep 2022 19:40:31 GMT
x-cache: TCP_REMOTE_HIT
x-cdn-proto: HTTP2
x-cdn-client-ip-version: IPV4
timing-allow-origin: *
access-control-allow-origin: *
x-cdn: AKAM
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a79e3fb6006915f9224684bbf94e54f6
8634c28b2be5a6ee744fa4627853f5fc9a8547f8
500e68bbfc37e3b9f22201367dad6c84dad258d60d3fd38b52555a413bb5b73e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4307
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 19:40:31 GMT
Last-Modified: Wed, 21 Sep 2022 18:28:44 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
41630fb2c7ef9e435a8762b0943e0980
04b6c8bfe97bc5408e1450b5921331c6ae6de682
e9e83895eef14a5a26e91c9574fc9f60eb2f47959406eabe87b4618412519476

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 19:40:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api.js?render=reCAPTCHA_site_key

142.250.74.164

200 OK

556 B

URL HTTP/2
www.google.com/recaptcha/api.js?render=reCAPTCHA_site_key
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (850), with no line terminators
Size
556 B (556 bytes)
Hash
27b68162c75bebb4dacf518c46e974d5
99abc7e3e02891bec5de3dda3cb18a6f865f82bc
93415a1ed398b656767f092c53ca274ad9ae9c8cb0672831fa3c4ab275f994d1

HTTP Headers

GET /recaptcha/api.js?render=reCAPTCHA_site_key HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xortx.impactoprimesaojose.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Wed, 21 Sep 2022 19:40:31 GMT
date: Wed, 21 Sep 2022 19:40:31 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a79e3fb6006915f9224684bbf94e54f6
8634c28b2be5a6ee744fa4627853f5fc9a8547f8
500e68bbfc37e3b9f22201367dad6c84dad258d60d3fd38b52555a413bb5b73e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4307
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 19:40:31 GMT
Last-Modified: Wed, 21 Sep 2022 18:28:44 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1b33d59cf038a3fe7273f78fda2cce3a
0b367731ef6df8e1f6c1b8774198daa9959d7cf5
b02b1756112479f92786994de8e884986b0a7eb3d5885300bfd8a64f597f7cc4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 19:40:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 21 Sep 2022 19:03:22 GMT
Cache-Control: max-age=3600
Expires: Wed, 21 Sep 2022 19:44:47 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oafemINkCxEpqX0Ame-jSgVdqynkssazHvOb81FqgvECG0SUEhFYSQ==
Age: 2229

xortx.impactoprimesaojose.com.br/dPJSWUulYpEJGxp8xYbfVfeYbX768u57fixedibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1

108.179.192.114

200 OK

2.8 kB

URL HTTP/1.1
xortx.impactoprimesaojose.com.br/dPJSWUulYpEJGxp8xYbfVfeYbX768u57fixedibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1
IP
108.179.192.114:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
2.8 kB (2777 bytes)
Hash
ba8eb75816e781548b505b96c94de2ec
00cf2ae87b19075653f8e894a521a1ffd5ac5fc1
3671d008850485c030b2d66f4e4e7ab1fb3205b53d4ab73f2e71f39aa851e0de

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /dPJSWUulYpEJGxp8xYbfVfeYbX768u57fixedibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1 HTTP/1.1
Host: xortx.impactoprimesaojose.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xortx.impactoprimesaojose.com.br/safe-1246452334735YWRhdmlkb2ZmQHhvcnR4LmNvbQ==ibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Wed, 21 Sep 2022 19:40:31 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2777
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5149084af9bb01e5471e0be93a009ab0
1aaae44973461346130015cba0c36e9d1b5b77f2
db8a390c5bb50072d57429a45c470496139deb98e04b175f45600e5e4b2ac884

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 19:40:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.36.77.32

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
ed090ee38b60513a2bff36d24390702b
9a5a45a69b35758710258d9955d6098150ba129c
e5122044081600c54f48848cbba9ced8550176ccc92f111163309f9f484a49ea

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E5122044081600C54F48848CBBA9CED8550176CCC92F111163309F9F484A49EA"
Last-Modified: Mon, 19 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7152
Expires: Wed, 21 Sep 2022 21:39:44 GMT
Date: Wed, 21 Sep 2022 19:40:32 GMT
Connection: keep-alive

www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js

142.250.74.163

200 OK

158 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (581)
Size
158 kB (157726 bytes)
Hash
6519c7c04cf32a57b1c5ee45a73c233e
4939bb921988e9eb13780cc2244f3099776e9bfb
8352dd4e3e0fe82562cdc280c020fc31d2c6d054f7ead441a3b18de8ef04401b

HTTP Headers

GET /recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xortx.impactoprimesaojose.com.br
Connection: keep-alive
Referer: http://xortx.impactoprimesaojose.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 05:37:29 GMT
expires: Thu, 21 Sep 2023 05:37:29 GMT
cache-control: public, max-age=31536000
age: 50583
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5149084af9bb01e5471e0be93a009ab0
1aaae44973461346130015cba0c36e9d1b5b77f2
db8a390c5bb50072d57429a45c470496139deb98e04b175f45600e5e4b2ac884

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 19:40:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

xortx.impactoprimesaojose.com.br/favicon.ico

108.179.192.114

200 OK

17 kB

URL HTTP/1.1
xortx.impactoprimesaojose.com.br/favicon.ico
IP
108.179.192.114:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: xortx.impactoprimesaojose.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xortx.impactoprimesaojose.com.br/dPJSWUulYpEJGxp8xYbfVfeYbX768u57fixedibmxonedrive-pagex-ifetchxsafe-1adavidoffisecuredxsafe-1xortx.comsafe-1

HTTP/1.1 200 OK
Date: Wed, 21 Sep 2022 19:40:32 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 07 Jul 2020 02:05:14 GMT
Accept-Ranges: bytes
Content-Length: 17174
Cache-Control: max-age=604800
Expires: Wed, 28 Sep 2022 19:40:32 GMT
Keep-Alive: timeout=5, max=75
Content-Type: image/x-icon

push.services.mozilla.com/

54.148.228.200

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.228.200:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: y9lRGR1TD9lDrqw4/kLhHg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ksCL/kVvj5deSOStA2ikGGzEM38=

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

15 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Sep 2022 12:31:58 GMT
expires: Sun, 17 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 371314
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Sep 2022 00:48:31 GMT
expires: Sat, 16 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 499921
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4812
Expires: Wed, 21 Sep 2022 21:00:45 GMT
Date: Wed, 21 Sep 2022 19:40:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4812
Expires: Wed, 21 Sep 2022 21:00:45 GMT
Date: Wed, 21 Sep 2022 19:40:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4812
Expires: Wed, 21 Sep 2022 21:00:45 GMT
Date: Wed, 21 Sep 2022 19:40:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4812
Expires: Wed, 21 Sep 2022 21:00:45 GMT
Date: Wed, 21 Sep 2022 19:40:33 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecaa9082-610c-41c1-ae9a-e453d87828ab.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecaa9082-610c-41c1-ae9a-e453d87828ab.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10038 bytes)
Hash
dab1f2cd68979d2004ba4449d759a341
54ed14436a75ba2aeb8459bad2ce70229aff4203
e782fb5ede547e1b167719068c6821c62414dcb0991bf9ac38285cb3ce8894e3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fecaa9082-610c-41c1-ae9a-e453d87828ab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10038
x-amzn-requestid: 4cf38a70-a706-4e6a-b854-9404727c599d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy1mHDCIAMF5-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31bd-5aba5b0640221b302a19781b;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NzOpixfxr2pFiDhF5WUGmjD8r2CTn1grSkCEyWvthxRq0djbDKjknA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:15:05 GMT
age: 77128
etag: "54ed14436a75ba2aeb8459bad2ce70229aff4203"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9201 bytes)
Hash
a692964324dbb9c460a1b855808d02e6
1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54
3fa9e780d62fffb635064aeed542c8e04923ff943c6080476836fab6c24e2426

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1874c3ef-e614-4fd9-9d88-b87eac5ea0e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9201
x-amzn-requestid: 6dbfae76-f9ab-4f31-9b62-bcf5d9ce4515
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YxzxlEYcoAMFaQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a333d-7d147481402cc46a751b72ed;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:40:13 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JEb0g486u6AjYFbf8rSbreKjh0m1GsAGbvykHl0oahmVN2ciqe5FOw==
via: 1.1 7dcaa43cd0535d889b549e6a30a57aa0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:14:57 GMT
etag: "1eef1ab0099d09d1cf965b6e7b55fe2aa4e18e54"
content-type: image/jpeg
age: 77136
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6b35a1c-f445-4b05-b56e-ce2ad0ef2a9a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6897 bytes)
Hash
8bae3a7a80ff40df1d701dfc925ddeff
91df60162a8322469cada0dd8eb93619f28aec1a
fab10c7ad4658bc191621d9f2042236a7b6e34448ce5215dde5b8d6a64b52952

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6b35a1c-f445-4b05-b56e-ce2ad0ef2a9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6897
x-amzn-requestid: 509dc368-dd1c-4be7-94ff-64dbd53c199f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YoqoRG2WIAMFw6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63268b01-1cb916c251fd5f2f3cf10435;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 03:05:37 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: vs0CTuiAdjRtfJD9qX9S5R07Hw6BWfiOAT50GwTdiSETdoqr2FNsyw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 04:14:25 GMT
age: 55568
etag: "91df60162a8322469cada0dd8eb93619f28aec1a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10244 bytes)
Hash
14e6ddceb639a5f4875aecb796f95c79
b1cd04a66852694284eeef16a1cde38896e33c03
4c0657a00d7fb4caefa64c28340cad94a306cc393cffe692fcc69c65a80f2391

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10244
x-amzn-requestid: 71f08b9e-e977-48de-ad60-5192a43db517
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYwBkGqjIAMFz0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202d3d-0af3334d085ca4a764e31bb5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7FaZfI_iYUANPdxGBld5NfneWwKJeX2nYA_gmvF9NjML5YOVhZIIoA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 19:20:13 GMT
age: 1220
etag: "b1cd04a66852694284eeef16a1cde38896e33c03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11832 bytes)
Hash
2ed7323b395e757f7766ea0045efdaca
8b91bc3069a3217bc719c27959d578b353b5d9dc
8daf8cb1464daa5f72bc4f1049adb4aba00b2c2dec11cb3ade3454ec2ebbfb63

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11832
x-amzn-requestid: 75065a71-5f2d-4987-915b-9bddc772c76a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugI_EsLIAMFdmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09f-1248d25405209da3353d4a4a;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gLh2EBTPdXvFtZuYKH1NVZebvnz4Rhs-f_rZPtfJpIWNemEk0upeOQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:07:08 GMT
age: 77605
etag: "8b91bc3069a3217bc719c27959d578b353b5d9dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60ffb31d-d07d-4e81-9477-522f011ae13e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8861 bytes)
Hash
a504981ee10d8341b64f19001464ae8a
56f228d7358ba9deef000f53214dc7c1dc358109
0ea3b6ed12f3adf9d56e7d9b61f284d28107d99f28ee4e66b4c078a9a1a0cbee

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60ffb31d-d07d-4e81-9477-522f011ae13e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8861
x-amzn-requestid: 873e88ab-7afc-4b14-b428-d90ec2079741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO2wuE0AoAMF7Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3804-0d25ab397a16c78907914e23;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:08:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UStTyIXPucbY9WmDl3W5bTyeT-2SJ5CTUjv8TLeexqZtKd1p2sJrNA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Sep 2022 03:10:59 GMT
age: 59374
etag: "56f228d7358ba9deef000f53214dc7c1dc358109"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
ed090ee38b60513a2bff36d24390702b
9a5a45a69b35758710258d9955d6098150ba129c
e5122044081600c54f48848cbba9ced8550176ccc92f111163309f9f484a49ea

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "E5122044081600C54F48848CBBA9CED8550176CCC92F111163309F9F484A49EA"
Last-Modified: Mon, 19 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7146
Expires: Wed, 21 Sep 2022 21:39:44 GMT
Date: Wed, 21 Sep 2022 19:40:38 GMT
Connection: keep-alive

cdn-googlapi-jquery.ga/img/favicon.png

104.21.72.40

200 OK

6.3 kB

URL HTTP/2
cdn-googlapi-jquery.ga/img/favicon.png
IP
104.21.72.40:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 160x128, components 3\012- data
Size
6.3 kB (6250 bytes)
Hash
af9d74abffa3694bbfd9bb59b13d7618
b2cc8aee8fe4efadb4d5054f506fbe13673db3e2
f1155fdc56cb3a7894aa5d2a6d79ade979db8d67fd17668b1314496e808a4c65

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /img/favicon.png HTTP/1.1
Host: cdn-googlapi-jquery.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xortx.impactoprimesaojose.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 21 Sep 2022 19:40:38 GMT
content-type: image/png
content-length: 6250
cache-control: public, max-age=604800
expires: Sun, 25 Sep 2022 14:47:48 GMT
last-modified: Sun, 11 Sep 2022 12:49:27 GMT
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
cf-cache-status: HIT
age: 276770
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wi6lqg8lnmXgsVqEKRBy6NDPvrrvzTNOPR04gjlIZZW1aa50%2B15En%2FtzsmAGnl%2FEoxvJWpVdKm%2FbS350llgFYRTDTnElJZnE5Va4QOi2K5wnM33cjr2ZOzus1jx6%2BNTDHLo2mZDPv51p"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74e546167b43b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css

104.18.11.207

200 OK

0 B

URL HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bootstrap/3.4.1/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xortx.impactoprimesaojose.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 21 Sep 2022 19:40:31 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 632, 617
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 2021-03-10 20:26:25
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 61d285a2b452357d1d833ab142fef512
cdn-cache: HIT
cf-cache-status: HIT
age: 13100008
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74e545ea0b8cb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn-googlapi-jquery.ga/saveimg.php??dx2eG9ydHguY29t

104.21.72.40

200 OK

0 B

URL HTTP/2
cdn-googlapi-jquery.ga/saveimg.php??dx2eG9ydHguY29t
IP
104.21.72.40:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /saveimg.php??dx2eG9ydHguY29t HTTP/1.1
Host: cdn-googlapi-jquery.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xortx.impactoprimesaojose.com.br
Connection: keep-alive
Referer: http://xortx.impactoprimesaojose.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 21 Sep 2022 19:40:38 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
access-control-max-age: 1000
access-control-allow-headers: Content-Type, Authorization, X-Requested-With
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s20Vhk6GpwgnYmSQ3LADO3DWAS1O%2FzFGP76t5yNd7tPbmCVUt9Zfae3LJE3%2BifEXdcERa3upcnCczWmamfKYLB0SSfL2esyWv5m5tnVKQfycTcm9V6mNyYe2bRVjd61upzXnNXkXVlTq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74e545ecfacf0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash