{"report_id":"c1bfc824-94b2-4d70-b851-40185172d0a5","version":6,"status":"done","tags":[],"date":"2025-12-30T03:22:23Z","url":{"schema":"http","addr":"whatsapp-embedded.expad.com.br/","fqdn":"whatsapp-embedded.expad.com.br","domain":"expad.com.br","tld":"com.br"},"ip":{"addr":"199.36.158.100","port":0,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"whatsapp-embedded.expad.com.br/","fqdn":"whatsapp-embedded.expad.com.br","domain":"expad.com.br","tld":"com.br"},"title":"Expad - Whatsapp","dom":{"size":2898,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"a9e184e861765b8860883ecea208f45c","sha1":"958128639b90ccf3933c5f3128c48170b03e29c7","sha256":"c5e3b96dd8f7e210ff2da79166fbbbd49ed313dc7380fe65746924be26237623","sha512":"80e6bdbd1bac59db93b6ac0feae1e7e52584b5caeffc51c0af8eae10c418e88215d464137f4fb446369ac6c1feecdd3c5ded8ea65ab3adca2afa27e088850cdb","ssdeep":"","tlshash":"b951edb144f4c2620310e599bed6fe376d849a0faed40d20b1bc06f96fe5492ab67528","dom_hash":"domhashccd197c63898135b09153b90b937076b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"whatsapp-embedded.expad.com.br/","fqdn":"whatsapp-embedded.expad.com.br","domain":"expad.com.br","tld":"com.br"},"ip":{"addr":"199.36.158.100","port":0,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-03T03:22:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"whatsapp-embedded.expad.com.br","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"whatsapp-embedded.expad.com.br","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"whatsapp-embedded.expad.com.br","ip":{"addr":"199.36.158.100","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2021-05-13","domain_rank":0,"first_seen":"2023-03-16T05:05:17Z","last_seen":"2025-12-13T01:55:47.40968Z","alert_count":8,"request_count":4,"received_data":28492,"sent_data":1886,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Firebase","description":"Firebase is a Google-backed application development software that enables developers to develop iOS, Android and Web apps.","website":"https://firebase.google.com","common_platform_enumeration":"cpe:2.3:a:google:firebase_cloud_messaging:*:*:*:*:*:*:*:*","icon":"Firebase.svg","categories":["Databases","Development"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]}]},{"fqdn":"maxcdn.bootstrapcdn.com","ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":6807,"first_seen":"2014-06-18T00:37:31Z","last_seen":"2025-12-29T00:29:04.183218Z","alert_count":0,"request_count":1,"received_data":22928,"sent_data":484,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-12-28T22:20:33.111263Z","alert_count":0,"request_count":3,"received_data":178385,"sent_data":1441,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-28T22:17:10.032556Z","alert_count":0,"request_count":1,"received_data":9023,"sent_data":491,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-28T22:14:05.525046Z","alert_count":0,"request_count":1,"received_data":25287,"sent_data":580,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/5.0.9/inputmask.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a88ce0e8279ca9e19ca5742d194d17be","sha1":"e6c6c0bd46aacf78ac741895d1fb1ab59b6d864c","sha256":"0ba6c23e11cd5cb9afd3f22a1f6a9b44e3281573d1856b5c312c646204376b72","sha512":"783fb5f4ec9e1b719b27a40693db88ed37d3a336170153f3ebf55afd8555b81cfb645bc07a2173a25d30849a657fd97a70d41c03cb15c555ef0855b8f3d70054","ssdeep":"1536:qjeM6Fz5LfbJfxL3UfLXb3zE2yEfml8eChfV:qjt6FdfbJfp3Glfm8ht","tlshash":"69c309c97592b16287e371f440bf440ba23aeb296499a040b259f4d0b97decb07b7f35","size":120679,"data":"","first_seen":"2024-08-19T17:41:10.756709Z","last_seen":"2026-06-07T15:22:35.228786Z","times_seen":227,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/js/intlTelInput.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"caf7bdf0ce3f11830af1d3dd0dbf931e","sha1":"958a4413837457b5e3b66ca292736de8286eafa8","sha256":"b0de6c6e01a16a20bab373a1e7f7b5f3ad48d1b85210965d8c956319f8ac329f","sha512":"7838f953bfa1c129087cd76d5f7a05bfb8dbf7e308861450a3b64331380dac48e7f0417b1e42d58f3ae7cbe0a50eea81bb3db2035d3150c9b7d731ebaca926f6","ssdeep":"768:c1D7GzOol+D45YMJR3kWG6UdCDxgtmKg3vTpzaDNCY5R:YfGkWodCFgtmKgNzaxCq","tlshash":"a7d2f9a973511637a89aa0a1687f16472ebf34015a84cc8cb87ecdcc1feced9a175734","size":29362,"data":"","first_seen":"2023-04-05T15:31:11Z","last_seen":"2026-06-08T23:38:12.78164Z","times_seen":11270,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"whatsapp-embedded.expad.com.br/bundle-whatsapp.js","fqdn":"whatsapp-embedded.expad.com.br","domain":"expad.com.br","tld":"com.br"},"ip":{"addr":"199.36.158.100","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0caa3a05d5a7bf222a553d193ad8f17c","sha1":"3d0fb2598e4b7fc912b64a78ea2e037b6aa48bcf","sha256":"9d794163cf1e1847123dd41e351ec3d71224e61ae7728620dcaa6f984b7dc818","sha512":"8a866e0d4180d5f7c8f5a0e5b3b667f2794ffe081c22cc0412ffd2bd6617157863a0c343f75291897e3b2d05b51e323626d3f49998f1fb3d9c65a606c3951285","ssdeep":"192:+QukmEFTRnmzvD7E3T21QwyvkJVd1RmNa+nsynJnDyB5f6EyrCMT+AMzpP4TXpDn:U8FVnmzvfywyMJVd1RssynJDyB5f1yrB","tlshash":"0842c77637a5183d445e226bb5bdd3a0b6b0917cace608108569cc3fb564ec773f1ba0","size":12035,"data":"","first_seen":"2025-12-13T00:08:27.098651Z","last_seen":"2026-01-29T19:37:04.031637Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"whatsapp-embedded.expad.com.br/favicon.ico","fqdn":"whatsapp-embedded.expad.com.br","domain":"expad.com.br","tld":"com.br"},"ip":{"addr":"199.36.158.100","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://whatsapp-embedded.expad.com.br/","date":"2025-12-30T03:22:01.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app.expad.com.br","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Thu, 18 Dec 2025 22:30:09 GMT","end":"Wed, 18 Mar 2026 23:29:24 GMT"},"fingerprint":{"sha1":"0A:5C:02:E6:6C:ED:E8:81:3C:99:8F:CF:92:0C:8C:D0:7E:AE:3D:46","sha256":"53:A9:1E:A2:FB:69:B9:FE:3C:78:BE:C8:20:28:32:13:41:D8:92:F4:06:AC:D5:04:9D:63:F8:C8:94:1E:D7:D6"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: whatsapp-embedded.expad.com.br\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whatsapp-embedded.expad.com.br/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 700\r\naccess-control-allow-origin: *\r\ncache-control: max-age=3600\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\netag: \"bd13af63d056e7b2a9a92a1d4cb6df12a00906c13bca6d8f316de4c37908d328-br\"\r\nlast-modified: Fri, 21 Nov 2025 21:16:36 GMT\r\nstrict-transport-security: max-age=31556926\r\naccept-ranges: bytes\r\ndate: Tue, 30 Dec 2025 03:22:01 GMT\r\nx-served-by: cache-hel1410021-HEL\r\nx-cache: MISS\r\nx-cache-hits: 0\r\nx-timer: S1767064922.681017,VS0,VE92\r\nvary: x-fh-requested-host, accept-encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Firebase","description":"Firebase is a Google-backed application development software that enables developers to develop iOS, Android and Web apps.","website":"https://firebase.google.com","common_platform_enumeration":"cpe:2.3:a:google:firebase_cloud_messaging:*:*:*:*:*:*:*:*","icon":"Firebase.svg","categories":["Databases","Development"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]}],"data":{"size":3352,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"4546595be339b22dd5cbd3eaa919f6ad","sha1":"5f19d9522540adfa5be1ab99b2905c808b368963","sha256":"e9aab6abae17e18b7854b57fd871cf3a4bd77e8b5f48ab69aea9f2b5efaf26fc","sha512":"ac52300354f7aea4ee64281b9e334f7ac49b9e1137e35006e1afb4515c4fcbd494f32bc37a327a6ffebd2163d79c36fdb844580ed503fe63e1ac73f104a18a30","ssdeep":"","tlshash":"9e61ffa005f4d1e11310e1e8bed2fa376e84d94fafd40d2471bc06f52fd6981ab57698","first_seen":"2025-11-09T07:02:55.878062Z","last_seen":"2026-01-29T19:37:04.041751Z","times_seen":9,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"whatsapp-embedded.expad.com.br","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"whatsapp-embedded.expad.com.br","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whatsapp-embedded.expad.com.br/","fqdn":"whatsapp-embedded.expad.com.br","domain":"expad.com.br","tld":"com.br"},"ip":{"addr":"199.36.158.100","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-30T03:22:00.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app.expad.com.br","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Thu, 18 Dec 2025 22:30:09 GMT","end":"Wed, 18 Mar 2026 23:29:24 GMT"},"fingerprint":{"sha1":"0A:5C:02:E6:6C:ED:E8:81:3C:99:8F:CF:92:0C:8C:D0:7E:AE:3D:46","sha256":"53:A9:1E:A2:FB:69:B9:FE:3C:78:BE:C8:20:28:32:13:41:D8:92:F4:06:AC:D5:04:9D:63:F8:C8:94:1E:D7:D6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: whatsapp-embedded.expad.com.br\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=3600\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\netag: \"bd13af63d056e7b2a9a92a1d4cb6df12a00906c13bca6d8f316de4c37908d328-br\"\r\nlast-modified: Fri, 21 Nov 2025 21:16:36 GMT\r\nstrict-transport-security: max-age=31556926\r\naccept-ranges: bytes\r\ndate: Tue, 30 Dec 2025 03:22:00 GMT\r\nx-served-by: cache-hel1410021-HEL\r\nx-cache: HIT\r\nx-cache-hits: 0\r\nx-timer: S1767064921.961470,VS0,VE1\r\nvary: x-fh-requested-host, accept-encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 700\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Firebase","description":"Firebase is a Google-backed application development software that enables developers to develop iOS, Android and Web apps.","website":"https://firebase.google.com","common_platform_enumeration":"cpe:2.3:a:google:firebase_cloud_messaging:*:*:*:*:*:*:*:*","icon":"Firebase.svg","categories":["Databases","Development"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3352,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"4546595be339b22dd5cbd3eaa919f6ad","sha1":"5f19d9522540adfa5be1ab99b2905c808b368963","sha256":"e9aab6abae17e18b7854b57fd871cf3a4bd77e8b5f48ab69aea9f2b5efaf26fc","sha512":"ac52300354f7aea4ee64281b9e334f7ac49b9e1137e35006e1afb4515c4fcbd494f32bc37a327a6ffebd2163d79c36fdb844580ed503fe63e1ac73f104a18a30","ssdeep":"","tlshash":"9e61ffa005f4d1e11310e1e8bed2fa376e84d94fafd40d2471bc06f52fd6981ab57698","first_seen":"2025-11-09T07:02:55.878062Z","last_seen":"2026-01-29T19:37:04.041751Z","times_seen":9,"resource_available":false,"data":null}},"time_used":669,"timings":{"blocked":320,"dns":258,"connect":26,"send":0,"wait":27,"receive":1,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"whatsapp-embedded.expad.com.br","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"whatsapp-embedded.expad.com.br","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css","fqdn":"maxcdn.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://whatsapp-embedded.expad.com.br/","date":"2025-12-30T03:22:01.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 04:05:50 GMT","end":"Thu, 05 Feb 2026 05:05:47 GMT"},"fingerprint":{"sha1":"CE:AE:8E:FE:2A:86:03:2B:16:43:FF:98:36:53:B2:ED:10:BF:FD:23","sha256":"95:CB:A8:7B:9C:88:98:F1:EF:D6:C9:79:E1:98:63:76:71:B7:BD:E2:89:6D:CD:55:61:DB:C0:4E:B1:1E:67:F7"}}},"request":{"raw":"GET /font-awesome/4.2.0/css/font-awesome.min.css HTTP/1.1\r\nHost: maxcdn.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whatsapp-embedded.expad.com.br/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 30 Dec 2025 03:22:01 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncf-ray: 9b5e690d5ac256ab-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"feda974a77ea5783b8be673f142b7c88\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:53 GMT\r\ncdn-cachedat: 08/01/2025 15:38:00\r\ncdn-proxyver: 1.33\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1078\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: df1a6a95fcb46b4174a4c5cda4e0fd3f\r\ncdn-cache: HIT\r\nage: 2139054\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21984,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (21822)","md5":"feda974a77ea5783b8be673f142b7c88","sha1":"b71d1c7c315b67c614563382d1c2a868ac14d729","sha256":"0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1","sha512":"e64cd0c0ff8d301c0f6bd9fe60934362dce7be85af57c9c3e1c719e42f8784cf707bc9025b58fd1f341a6deeb27490e3fa8164aed9cc76605323a602544c8220","ssdeep":"192:sq3P/8W+ab2edrKeTUKIErArKlcZJVrJ3ee+cR6waWm215bvfwf5DrkHUa2:Lk5yWeTUK1+KlkJ5de2UWmyTfwYUa2","tlshash":"03a241f8e54c01d66731c48bff85b36862baf33dd5804d99f11f294c29d22a912c5faa","first_seen":"2023-04-05T10:40:01Z","last_seen":"2026-06-09T00:18:37.497751Z","times_seen":10829,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":26,"dns":0,"connect":1,"send":0,"wait":8,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"whatsapp-embedded.expad.com.br/style-whatsapp.css","fqdn":"whatsapp-embedded.expad.com.br","domain":"expad.com.br","tld":"com.br"},"ip":{"addr":"199.36.158.100","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://whatsapp-embedded.expad.com.br/","date":"2025-12-30T03:22:01.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app.expad.com.br","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Thu, 18 Dec 2025 22:30:09 GMT","end":"Wed, 18 Mar 2026 23:29:24 GMT"},"fingerprint":{"sha1":"0A:5C:02:E6:6C:ED:E8:81:3C:99:8F:CF:92:0C:8C:D0:7E:AE:3D:46","sha256":"53:A9:1E:A2:FB:69:B9:FE:3C:78:BE:C8:20:28:32:13:41:D8:92:F4:06:AC:D5:04:9D:63:F8:C8:94:1E:D7:D6"}}},"request":{"raw":"GET /style-whatsapp.css HTTP/1.1\r\nHost: whatsapp-embedded.expad.com.br\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whatsapp-embedded.expad.com.br/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=3600\r\ncontent-encoding: br\r\ncontent-type: text/css; charset=utf-8\r\netag: \"0cc8579287835d5ebfc0f033359882f745a878c0b01a6eeff4eb3518df8f5e7d-br\"\r\nlast-modified: Fri, 21 Nov 2025 21:16:36 GMT\r\nstrict-transport-security: max-age=31556926\r\naccept-ranges: bytes\r\ndate: Tue, 30 Dec 2025 03:22:01 GMT\r\nx-served-by: cache-hel1410021-HEL\r\nx-cache: HIT\r\nx-cache-hits: 0\r\nx-timer: S1767064921.158423,VS0,VE1\r\nvary: x-fh-requested-host, accept-encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 2436\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Firebase","description":"Firebase is a Google-backed application development software that enables developers to develop iOS, Android and Web apps.","website":"https://firebase.google.com","common_platform_enumeration":"cpe:2.3:a:google:firebase_cloud_messaging:*:*:*:*:*:*:*:*","icon":"Firebase.svg","categories":["Databases","Development"]}],"data":{"size":7252,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (7252), with no line terminators","md5":"b2283a79dea41ec8ffbc3d628e51b125","sha1":"42da3162055ed62a24f0c7fa2273c0f254b13e90","sha256":"0c88bfe23e02810b77e999f7b6cd817c86417a2bc6441dc9abbb3cf616a82f7e","sha512":"8ea90c8c90f18bce878e87bf0b9f5ba8c43ae3cb3e17656ba0de261188b30835f48717001bd6682b0521fc88f2eec5681a34a22045ba6d91f9867259e1265b09","ssdeep":"96:jZ8adu3pnp6RzAZ/SXz1Rupt7WKdcJ9BnQQEt2pxgCdkUKiAZdHKuL29M4AtgD3c:V8adE0JEJc35nyUDudqj9M4AtgTgL","tlshash":"48e1093073c6115cf096dbb7e2616cf4316ad52dbc11886edd993174c24229e2fa3aaf","first_seen":"2025-11-09T07:02:55.78176Z","last_seen":"2026-06-02T07:01:07.431036Z","times_seen":15,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"whatsapp-embedded.expad.com.br","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"whatsapp-embedded.expad.com.br","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whatsapp-embedded.expad.com.br/bundle-whatsapp.js","fqdn":"whatsapp-embedded.expad.com.br","domain":"expad.com.br","tld":"com.br"},"ip":{"addr":"199.36.158.100","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://whatsapp-embedded.expad.com.br/","date":"2025-12-30T03:22:01.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"app.expad.com.br","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Thu, 18 Dec 2025 22:30:09 GMT","end":"Wed, 18 Mar 2026 23:29:24 GMT"},"fingerprint":{"sha1":"0A:5C:02:E6:6C:ED:E8:81:3C:99:8F:CF:92:0C:8C:D0:7E:AE:3D:46","sha256":"53:A9:1E:A2:FB:69:B9:FE:3C:78:BE:C8:20:28:32:13:41:D8:92:F4:06:AC:D5:04:9D:63:F8:C8:94:1E:D7:D6"}}},"request":{"raw":"GET /bundle-whatsapp.js HTTP/1.1\r\nHost: whatsapp-embedded.expad.com.br\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whatsapp-embedded.expad.com.br/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=3600\r\ncontent-encoding: br\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"bd88fc63ae21426f62f7831c47b7de91394536328a4e130247a7362660611f55-br\"\r\nlast-modified: Fri, 21 Nov 2025 21:16:36 GMT\r\nstrict-transport-security: max-age=31556926\r\naccept-ranges: bytes\r\ndate: Tue, 30 Dec 2025 03:22:01 GMT\r\nx-served-by: cache-hel1410021-HEL\r\nx-cache: HIT\r\nx-cache-hits: 0\r\nx-timer: S1767064921.161756,VS0,VE1\r\nvary: x-fh-requested-host, accept-encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 3470\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Firebase","description":"Firebase is a Google-backed application development software that enables developers to develop iOS, Android and Web apps.","website":"https://firebase.google.com","common_platform_enumeration":"cpe:2.3:a:google:firebase_cloud_messaging:*:*:*:*:*:*:*:*","icon":"Firebase.svg","categories":["Databases","Development"]}],"data":{"size":12035,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (10460)","md5":"0caa3a05d5a7bf222a553d193ad8f17c","sha1":"3d0fb2598e4b7fc912b64a78ea2e037b6aa48bcf","sha256":"9d794163cf1e1847123dd41e351ec3d71224e61ae7728620dcaa6f984b7dc818","sha512":"8a866e0d4180d5f7c8f5a0e5b3b667f2794ffe081c22cc0412ffd2bd6617157863a0c343f75291897e3b2d05b51e323626d3f49998f1fb3d9c65a606c3951285","ssdeep":"192:+QukmEFTRnmzvD7E3T21QwyvkJVd1RmNa+nsynJnDyB5f6EyrCMT+AMzpP4TXpDn:U8FVnmzvfywyMJVd1RssynJDyB5f1yrB","tlshash":"0842c77637a5183d445e226bb5bdd3a0b6b0917cace608108569cc3fb564ec773f1ba0","first_seen":"2025-12-13T00:08:27.098651Z","last_seen":"2026-01-29T19:37:04.031637Z","times_seen":7,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"whatsapp-embedded.expad.com.br","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"whatsapp-embedded.expad.com.br","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/js/intlTelInput.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://whatsapp-embedded.expad.com.br/","date":"2025-12-30T03:22:01.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/intl-tel-input/17.0.8/js/intlTelInput.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whatsapp-embedded.expad.com.br/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 30 Dec 2025 03:22:01 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 8889\r\ncf-ray: 9b5e690d5eb80731-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5f902e0e-72d9\"\r\nlast-modified: Wed, 21 Oct 2020 12:48:14 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 953465\r\nexpires: Sun, 20 Dec 2026 03:22:01 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=%2FCjHh5TU3RTenr0iLQrtQGRFjgkwFJA%2Bp%2FAe76EeGPTjJnwO10UG6hTElutjrxjcUUHdSGHyifSK3mXM1ngkRrWwvuUkEs2HzhB1u%2FjLW36E5v7iJcCBy6IujCeu3MkPR%2BQAkvd7\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29401,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (26959)","md5":"caf7bdf0ce3f11830af1d3dd0dbf931e","sha1":"958a4413837457b5e3b66ca292736de8286eafa8","sha256":"b0de6c6e01a16a20bab373a1e7f7b5f3ad48d1b85210965d8c956319f8ac329f","sha512":"7838f953bfa1c129087cd76d5f7a05bfb8dbf7e308861450a3b64331380dac48e7f0417b1e42d58f3ae7cbe0a50eea81bb3db2035d3150c9b7d731ebaca926f6","ssdeep":"768:c1D7GzOol+D45YMJR3kWG6UdCDxgtmKg3vTpzaDNCY5R:YfGkWodCFgtmKgNzaxCq","tlshash":"a7d2f9a973511637a89aa0a1687f16472ebf34015a84cc8cb87ecdcc1feced9a175734","first_seen":"2023-04-05T15:31:11Z","last_seen":"2026-06-08T23:38:12.78164Z","times_seen":11270,"resource_available":true,"data":null}},"time_used":70,"timings":{"blocked":20,"dns":3,"connect":1,"send":0,"wait":14,"receive":1,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@600\u0026family=Roboto\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://whatsapp-embedded.expad.com.br/","date":"2025-12-30T03:22:01.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:54:11 GMT","end":"Wed, 25 Feb 2026 15:54:10 GMT"},"fingerprint":{"sha1":"43:D3:3F:93:6C:4F:F7:67:58:9D:D5:48:20:4C:74:A2:69:DB:13:9F","sha256":"8C:DB:D2:85:E1:AB:12:7B:1D:5A:65:A7:EC:22:67:6F:B3:A6:65:01:28:29:FA:D2:3B:01:8D:10:7E:4D:09:52"}}},"request":{"raw":"GET /css2?family=Inter:wght@600\u0026family=Roboto\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whatsapp-embedded.expad.com.br/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 30 Dec 2025 03:22:01 GMT\r\ndate: Tue, 30 Dec 2025 03:22:01 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8337,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"eac5402a3cd29e12147aa903d01688a1","sha1":"d0ce0a1e8a6609db87844c8bc28cae892751a439","sha256":"ee4d4762ba390be26673396d5f8d32a7b5b64170a594e94d782c4e277857a81f","sha512":"018ce1f597c36d27c31752d6d5b295328783c1a96d0c734ee653aa967ebae5aac446ec65122357f8073f0e120703b95e39ce81c6a3dc46ad728604d01702d0ed","ssdeep":"192:b0rD54o3inplzNjmNGN/NXkNbqbNtbqGIwV4BNbNZwNS:4318jMsVSehJqY4XhMS","tlshash":"b8022e91001b54009b835cd223cf7f35fe9e63046085d0b9abfd5a9a9cdbe6643a835e","first_seen":"2025-11-19T00:03:43.394974Z","last_seen":"2026-01-29T19:37:04.03529Z","times_seen":8,"resource_available":false,"data":null}},"time_used":556,"timings":{"blocked":251,"dns":1,"connect":30,"send":0,"wait":47,"receive":0,"ssl":223},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/css/intlTelInput.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://whatsapp-embedded.expad.com.br/","date":"2025-12-30T03:22:01.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/intl-tel-input/17.0.8/css/intlTelInput.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whatsapp-embedded.expad.com.br/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 30 Dec 2025 03:22:01 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 1970\r\ncf-ray: 9b5e690d5eb60731-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5f902e0e-62a6\"\r\nlast-modified: Wed, 21 Oct 2020 12:48:14 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 858700\r\nexpires: Sun, 20 Dec 2026 03:22:01 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=LJfn1Bt5mu%2F4IqXwIydcmM3oWPe72SjRJZrqEd%2ByLxPa0VKaojtUtLnuycoZcfV8YqR8jEnWxUIOjtMTZSgzbgSc3j4A83GP%2BOS6jW6tzSIaVQniYd2m9FnytLchTR6UlMBlhy3O\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25254,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"a69aa970266649e0b08c2cb4bc166568","sha1":"d9314a52085a2bb6d284421bb18a4c546ecb73d4","sha256":"ad32b1248207ba91fb945a37d38e7c9deafcba849245872203482db42930d491","sha512":"8315a8c3c328eaaea92dad571ff09c1fc2728920c4b62c0957bf04f83f903f41156ac16cf30297ab5e86f022c3e022764a7a271ebe0b9bfc98d9f488dbe71b9b","ssdeep":"384:HzITF7FWhTmwAmDQTeIcQeIWi7mZlsaAaniXlvhdB:HqF7FWh/Hib","tlshash":"a4b236678bb32945b92bf2a1196406a237375c0bf81a4f2d63d639bddf490e014f37a1","first_seen":"2023-04-05T15:31:11Z","last_seen":"2026-06-08T23:38:12.768449Z","times_seen":28840,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":22,"dns":1,"connect":5,"send":0,"wait":11,"receive":3,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/5.0.9/inputmask.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://whatsapp-embedded.expad.com.br/","date":"2025-12-30T03:22:01.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/jquery.inputmask/5.0.9/inputmask.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whatsapp-embedded.expad.com.br/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 30 Dec 2025 03:22:01 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 31053\r\ncf-ray: 9b5e690d5ec40731-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"6659a00d-794d\"\r\nlast-modified: Fri, 31 May 2024 10:01:49 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 15552844\r\nexpires: Sun, 20 Dec 2026 03:22:01 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=sITxwxh3%2FvIvfdP7Y1b%2FWIKUorHsM4%2FKzQZpeYHgTKrZUhnfaOGhMdiMO1ZoPC0iaSc98%2Fm2Tg3hMeAZupBcmapT1UKYGD6AJwAHCk8IKdud7R51rz%2FAyleYl7C6TMujR%2FZsL%2F%2FH\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":120679,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65366)","md5":"a88ce0e8279ca9e19ca5742d194d17be","sha1":"e6c6c0bd46aacf78ac741895d1fb1ab59b6d864c","sha256":"0ba6c23e11cd5cb9afd3f22a1f6a9b44e3281573d1856b5c312c646204376b72","sha512":"783fb5f4ec9e1b719b27a40693db88ed37d3a336170153f3ebf55afd8555b81cfb645bc07a2173a25d30849a657fd97a70d41c03cb15c555ef0855b8f3d70054","ssdeep":"1536:qjeM6Fz5LfbJfxL3UfLXb3zE2yEfml8eChfV:qjt6FdfbJfp3Glfm8ht","tlshash":"69c309c97592b16287e371f440bf440ba23aeb296499a040b259f4d0b97decb07b7f35","first_seen":"2024-08-19T17:41:10.756709Z","last_seen":"2026-06-07T15:22:35.228786Z","times_seen":227,"resource_available":true,"data":null}},"time_used":76,"timings":{"blocked":25,"dns":1,"connect":5,"send":0,"wait":13,"receive":2,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuGKYAZ9hiA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://whatsapp-embedded.expad.com.br/","date":"2025-12-30T03:22:01.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:54:11 GMT","end":"Wed, 25 Feb 2026 15:54:10 GMT"},"fingerprint":{"sha1":"21:10:1E:48:79:6B:E7:49:AB:BB:0E:38:86:C8:4D:74:7B:42:EE:BB","sha256":"0A:58:99:06:D8:BC:1C:BD:3E:CE:EF:7D:D6:D2:50:2D:1E:DE:8F:87:97:56:72:B9:3F:21:88:AC:79:3A:75:03"}}},"request":{"raw":"GET /s/inter/v20/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuGKYAZ9hiA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://whatsapp-embedded.expad.com.br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 24452\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 24 Dec 2025 17:33:31 GMT\r\nexpires: Thu, 24 Dec 2026 17:33:31 GMT\r\ncache-control: public, max-age=31536000\r\nage: 467310\r\nlast-modified: Tue, 09 Sep 2025 18:36:19 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24452,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24452, version 1.0","md5":"2ede57db1a3a5f41f40467e7a43a1dd4","sha1":"e0d61f6dc511d64a072b2f4dc94e155ecf1bb6f6","sha256":"f9a06e79cd3a2a20951c0f0e28f66dd0e6d3fda73911d640a2125c8fcb78f21a","sha512":"a30d204efb2a66231f29804b8c1e467d61a741b0252eccb40aea60206bd4d5cdb0a32a76cb01d1ba8ba0c73469d10fc55df1d8e54ea3b55b6b75b17e94afc80b","ssdeep":"384:WuaNAiwkOHiuWl18daDX7+rEvHG297z5lzWMTSbXhVR7ebvio772036BhuJJRiVF:zaKfkOHiJEdWX+svP5m7R7eTio7JKWHC","tlshash":"79b2e03132ea530e5b14c43c9537287e5eca2fe78aa93e5e9fd5d004b2104d6836fe06","first_seen":"2025-05-30T14:20:15.679609Z","last_seen":"2026-06-09T01:15:49.575771Z","times_seen":4550,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":95,"dns":4,"connect":15,"send":0,"wait":17,"receive":14,"ssl":74},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}