firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 01:14:42 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0sjrFKvQ2Rja_iZpyL5JkltpKL8s_Q8BitxcCugzCInWeQycqoAdVA==
Age: 1237
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6808
Expires: Sun, 25 Sep 2022 03:28:47 GMT
Date: Sun, 25 Sep 2022 01:35:19 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: k7DA88Ks8LkpYmEjExNcxIxmrIqdtY5FERlwKRlcUJ1mtoCFWx_mHg==
age: 75605
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:35:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
seguro.cosmeticosprime.com/checkout/payment?cart_token=shopify-0c2d6ff76578b8caf2d70e2bccc6bcd7&utm_source=google&utm_campaign=SMS+Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=6406d060-3c5b-11ed-9a75-5f6dcc69c7fe
170.82.174.30301 Moved Permanently 134 B URL HTTP/1.1 seguro.cosmeticosprime.com/checkout/payment?cart_token=shopify-0c2d6ff76578b8caf2d70e2bccc6bcd7&utm_source=google&utm_campaign=SMS+Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=6406d060-3c5b-11ed-9a75-5f6dcc69c7fe
IP 170.82.174.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /checkout/payment?cart_token=shopify-0c2d6ff76578b8caf2d70e2bccc6bcd7&utm_source=google&utm_campaign=SMS+Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=6406d060-3c5b-11ed-9a75-5f6dcc69c7fe HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 25 Sep 2022 01:35:19 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://seguro.cosmeticosprime.com:443/checkout/payment?cart_token=shopify-0c2d6ff76578b8caf2d70e2bccc6bcd7&utm_source=google&utm_campaign=SMS+Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=6406d060-3c5b-11ed-9a75-5f6dcc69c7fe
X-GoCache-CacheStatus: BYPASS
Server: gocache
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sun, 25 Sep 2022 01:04:17 GMT
Expires: Sun, 25 Sep 2022 01:04:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: AREvSdE7g12plYYCnOP_hlFz0cKHa48Kn-JY1FvAJvhFpl1LQqVhzw==
Age: 1862
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a7809de115ea73f8b61f3d20a9978493
01fc65a2b694d7aadd5204d21801e87b2b55b73e
72692486033feeb149424c59576c6c75b17228dfc89b4c369d2e17cc4bff3d52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6337
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:19 GMT
Last-Modified: Sat, 24 Sep 2022 23:49:42 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 154a9ea0a0f91cc93685ac862c4de867
043c587d6af5c522d03722342181ec06ded1f5ad
fa861a7211d8eb9dd7fe096a973179c278a2b9a7007641d28903582e0bd53fc5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FA861A7211D8EB9DD7FE096A973179C278A2B9A7007641D28903582E0BD53FC5"
Last-Modified: Sat, 24 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 25 Sep 2022 07:35:20 GMT
Date: Sun, 25 Sep 2022 01:35:20 GMT
Connection: keep-alive
push.services.mozilla.com/
54.70.239.215101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.70.239.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sIcjb3QzSX1gMPFLyqr9lg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9qWWFmdXU85VOLqAkSU8DTmyhVM=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17439
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 01:35:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17439
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 01:35:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17439
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 01:35:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17439
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 01:35:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17439
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 01:35:21 GMT
Connection: keep-alive
seguro.cosmeticosprime.com/checkout/payment?cart_token=shopify-0c2d6ff76578b8caf2d70e2bccc6bcd7&utm_source=google&utm_campaign=SMS+Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=6406d060-3c5b-11ed-9a75-5f6dcc69c7fe
170.82.174.30302 Found 9.2 kB URL HTTP/2 seguro.cosmeticosprime.com/checkout/payment?cart_token=shopify-0c2d6ff76578b8caf2d70e2bccc6bcd7&utm_source=google&utm_campaign=SMS+Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=6406d060-3c5b-11ed-9a75-5f6dcc69c7fe
IP 170.82.174.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
Hash 954933a8208e705545c0d1f6c69c8ab6
2f155a81d1b3cc10ed342aabc7bb156682be4126
be2d6d66019fc6d2eb11e6eb1e7859f96b409639ab8e80bad4a896625282f322
GET /checkout/payment?cart_token=shopify-0c2d6ff76578b8caf2d70e2bccc6bcd7&utm_source=google&utm_campaign=SMS+Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=6406d060-3c5b-11ed-9a75-5f6dcc69c7fe HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sun, 25 Sep 2022 01:35:20 GMT
content-type: text/html; charset=UTF-8
location: https://seguro.cosmeticosprime.com/checkout/address
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6IjdtaHZZU0QrNmhVbXpSbFBoT3NRT1E9PSIsInZhbHVlIjoiVHJvTGtjS0JYS2xnYm5oRUFKQUhtNno0c29FUnZYaFpYd3FyMU1rSXZIV0k1WFwvYnNyc3FDR04xa05DN1MzM2pXRWR6SGR4VmZQTU1yMFdWUTFXbmRnPT0iLCJtYWMiOiIwODJhNjY0ZTBjOWMzOTAwMWE1Njk0YWRjM2E2NGU4ZmMzZGI3YWY0NGZkNjJkMzM5OWRjMjZlY2JkYTU1ZDU5In0%3D; expires=Sun, 25-Sep-2022 04:35:20 GMT; Max-Age=10800; path=/
bubbstore_checkout=eyJpdiI6IkZVUW94b0FnTEw0SjI5SFo2NkVJaHc9PSIsInZhbHVlIjoiNHB3ZkNTcEdZazZPTkV0SUZVVGp0Q01PVFlObFJ4d3MrUEloV0ZcL242RWRvZkdmVDhNV0E5RnZobHRCOUNkU0g3M2ZrOGdrQlV2SjVzOHh3R3dYSDVBPT0iLCJtYWMiOiIzYjk5YTYzNGNlMGRiZDQ2N2FhNGUyN2VmYjIxZjcwOWJjZGFmNjdkNDEzMWNiODJiNGI0ZTk2NzY1MmNjNmI3In0%3D; expires=Sun, 25-Sep-2022 04:35:20 GMT; Max-Age=10800; path=/; httponly
cosmeticos-prime_cart=eyJpdiI6IjJXbUR1YkRjeHdXSnAwalVGaWRpb1E9PSIsInZhbHVlIjoiRHdtbHNoU1wvYWdCbERoS2tVZ0xHRWYyeWdKdGZKS0hiVklnZklzYlhjUGtWTjRTZU1KRjRuSjBvU0lxU01zenY3TXByMGdYdzBadG9FYzZjV2lKRDhnPT0iLCJtYWMiOiJiM2YwNGNlNGRhMzVmMDRiNzgxNzZkZmVmMjUwZDc5OGQwYzIyYjhiZmZiOTBhMzE2ZDBkZGIzNDBiNzIxNWNjIn0%3D; expires=Fri, 30-Sep-2022 01:35:20 GMT; Max-Age=432000; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Hash b3a72e81317074689a71dac7059e4b6a
b6d56333d7f1ea7ddc8838d84de498ff913c5464
e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:32 GMT
age: 14269
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0027ff5-ed5d-4cf9-9ef4-847dbda3f91b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0027ff5-ed5d-4cf9-9ef4-847dbda3f91b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e8a0d2b8beddf9f866a2bfe96ac21c2e
dfe5c93dc1637162a0b6ac174dcd7107af80763a
0e4bf30611043a171485c6fa054d6102a6cfd7f8a4153daa34eba1b72f455a77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0027ff5-ed5d-4cf9-9ef4-847dbda3f91b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12552
x-amzn-requestid: 71161d44-4c3a-459e-bf76-5bf3deafcafe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YlYTrHz0oAMF2eA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63253a7d-39dd0e2a7045128024086375;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 03:09:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: EGtjExnYcmDEP9a540mHhZ7EjGlvLIDLK65Phs9MsAVdEpwNI4avTQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:32 GMT
age: 14269
etag: "dfe5c93dc1637162a0b6ac174dcd7107af80763a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1730b63d-9494-4330-acb8-7cb387a0cf08.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1730b63d-9494-4330-acb8-7cb387a0cf08.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9773faaac4deac40b96cd0802e974f36
db601663fa6ee5564eddaf8d3d84c7b04bf3871c
40e7a573f510ff29db04b3fbfacde2ad6ecd67b4c0be30034e057654c86408a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1730b63d-9494-4330-acb8-7cb387a0cf08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5305
x-amzn-requestid: 59b495fa-84c9-49cf-a650-03b0c437aca9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y5KBEGWEoAMFocQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632d23a0-510ad8241626a21422b23ca1;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 03:10:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: OIXYh4Zely6SqOTmWzrSY_W3-FiNFqNgdzH4BF6GZNUTwFiOJPFYXw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 03:22:58 GMT
age: 79943
etag: "db601663fa6ee5564eddaf8d3d84c7b04bf3871c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3056f6d6-1a08-46ac-94a1-eb08e1b784e1.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3056f6d6-1a08-46ac-94a1-eb08e1b784e1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9bbdad67489e993cebd23ffb04ebd02c
3a69c08b4d25d1dae1abbabd103d6d295a2f5425
ee3839246f3bada3e3190c240c8ac64d8012a87c062c5e006ed80a7edcd773a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3056f6d6-1a08-46ac-94a1-eb08e1b784e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7404
x-amzn-requestid: ef623ade-f397-40a9-b88d-0394f22a8d8b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJPGYyoAMFVEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-2da73ceb54b36ade5bf4ce1a;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jqPyyJr0H9dHTBuQb9Z8bNBwMXhBz5pz09u_j1R0Qpp-iGUGFXm0VQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 13:56:57 GMT
age: 41904
etag: "3a69c08b4d25d1dae1abbabd103d6d295a2f5425"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 714af732a9aa1db2b13ffb62810fd532
358e74de395352a9529ff1c17856daf8900888c5
1d2035cfcd283560ebe8494f9438e52f8d96cd092dd41cb0eb899a3f905c1e05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6199
x-amzn-requestid: d26f22d9-4e9b-4764-8c96-2e1c7ce36340
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--OKHowoAMFbQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7727-7adb7c4925e6e50e13889544;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3_xkH-s3Fzz3CRHux4j3hergFHWBmOFF9vMBCoN1rJrjrCkeSEp0qQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:01:16 GMT
age: 12845
etag: "358e74de395352a9529ff1c17856daf8900888c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0f23b26ec88b1537682f54d824574960
aad565d275e7d0043d1e0c7827f9994ec0ca70fb
be2da8f3f37d430fc0f7ee4522259b928a931f13381685b7ba01a56b2a8cfeeb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE2DA8F3F37D430FC0F7EE4522259B928A931F13381685B7BA01A56B2A8CFEEB"
Last-Modified: Sat, 24 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14666
Expires: Sun, 25 Sep 2022 05:39:48 GMT
Date: Sun, 25 Sep 2022 01:35:22 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 23ba09c14e337ac70d877d2ed33dc795
175d5155889b45711d0a9050116591ad25e74891
cb117ac56fe205bfca3b512ed3d8ddb46a7115446d099739cc4d111c853696ae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1d4/pWyJAO6WNqQ
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/pWyJAO6WNqQ
IP 142.250.74.3:0
Hash 71dc7ce8328e4ab620a12eac18abdad4
0fc4a16cdc34c72e5bc14692a03ceffd9e527ad1
a25071ee8171304000d7f73a013f0e42b9d16641b6e205d1ae104c71f6bbf442
POST /s/gts1d4/pWyJAO6WNqQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:22 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js.upnid.com/v0.js
130.211.14.112200 OK 8.3 kB IP 130.211.14.112:0
File type Unicode text, UTF-8 text, with very long lines (23050)
Hash 49fa980f95bb3bbff8b7a2857a727d5d
9e931943f03079522318820948018d78610eaca4
4e295d58275798f67bf7b9c48b8cae16238c9a3dabca082238e7bab8eaa34943
GET /v0.js HTTP/1.1
Host: js.upnid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Origin
content-encoding: br
via: 1.1 google
content-length: 8310
date: Sun, 25 Sep 2022 00:55:29 GMT
age: 2393
last-modified: Tue, 19 Jan 2021 20:16:07 GMT
content-type: text/javascript; charset=utf-8
cache-control: public,max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?render=6LdxeuoUAAAAAP6iiKD6JZKojOflG8Z_w0Ebx6LC
142.250.74.164200 OK 585 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LdxeuoUAAAAAP6iiKD6JZKojOflG8Z_w0Ebx6LC
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 7d84c4456027d3c2e042f55c624444cb
ae1299213270a14574bac01f8f91d29a4c9ffd7c
5ac486ab075825fc510d276894e2a289866e243bbb1efe2f5246c710f307aae4
GET /recaptcha/api.js?render=6LdxeuoUAAAAAP6iiKD6JZKojOflG8Z_w0Ebx6LC HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 25 Sep 2022 01:35:22 GMT
date: Sun, 25 Sep 2022 01:35:22 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 585
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 267300d587831dda7559c30c40cc614e
d7ff0b9754e61f5d4178eddb5e63c3390ab559c8
ec7aad1a3116ce8ef5258b49de87cf3456c8c4890206fa5d46c8e510ded80ac0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.shopify.com/s/files/1/0664/1411/7113/products/pague2leve3-kit-3-perfumes-masculino-1-million-paco-rabanne-sauvage-dior-e-212-vip-men-carolina-herrera-100ml-kit-perfume-aquarela-cosmeticos-715517_250x250.jpg
104.16.254.71200 OK 8.8 kB URL HTTP/2 cdn.shopify.com/s/files/1/0664/1411/7113/products/pague2leve3-kit-3-perfumes-masculino-1-million-paco-rabanne-sauvage-dior-e-212-vip-men-carolina-herrera-100ml-kit-perfume-aquarela-cosmeticos-715517_250x250.jpg
IP 104.16.254.71:0
File type ISO Media, AVIF Image\012- data
Hash d980c7b134c8ffd8726e1e75328239a2
82738abbeccef57ecb0eea8901384a6cdea60770
602f16a56dfbde20c655b9750c30aa36888ff7810fc7416081d1c63b26eb402a
GET /s/files/1/0664/1411/7113/products/pague2leve3-kit-3-perfumes-masculino-1-million-paco-rabanne-sauvage-dior-e-212-vip-men-carolina-herrera-100ml-kit-perfume-aquarela-cosmeticos-715517_250x250.jpg HTTP/1.1
Host: cdn.shopify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:35:22 GMT
content-type: image/avif
content-length: 8848
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31557600
link: <https://cdn.shopify.com/s/files/1/0664/1411/7113/products/pague2leve3-kit-3-perfumes-masculino-1-million-paco-rabanne-sauvage-dior-e-212-vip-men-carolina-herrera-100ml-kit-perfume-aquarela-cosmeticos-715517_250x250.jpg>; rel="canonical"
server-timing: imagery;dur=577.591, imageryFetch;dur=45.639, imageryProcess;dur=529.773;desc="image"
timing-allow-origin: *
vary: Accept, Accept-Encoding
x-content-type-options: nosniff
x-request-id: 21771d30-3b3c-49de-849e-3eaa5e5ed2d5
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-dc: gcp-us-east1,us-east1
last-modified: Fri, 23 Sep 2022 12:48:18 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Okd%2FY6193%2BFHcRGLSFBc3y%2BEgFCPKDheNJLoHI1qL12iSHgn9KXDrEhVIPqCkM3YI6PWsS5gMb5fWQwmWEbjJd0O3o%2FiNSEy4HIlBas6Erkxjjj7DnDFAPn5fTUcfRZdIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750005d7a9d3b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0f23b26ec88b1537682f54d824574960
aad565d275e7d0043d1e0c7827f9994ec0ca70fb
be2da8f3f37d430fc0f7ee4522259b928a931f13381685b7ba01a56b2a8cfeeb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE2DA8F3F37D430FC0F7EE4522259B928A931F13381685B7BA01A56B2A8CFEEB"
Last-Modified: Sat, 24 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14666
Expires: Sun, 25 Sep 2022 05:39:48 GMT
Date: Sun, 25 Sep 2022 01:35:22 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1d4/pWyJAO6WNqQ
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/pWyJAO6WNqQ
IP 142.250.74.3:0
Hash 71dc7ce8328e4ab620a12eac18abdad4
0fc4a16cdc34c72e5bc14692a03ceffd9e527ad1
a25071ee8171304000d7f73a013f0e42b9d16641b6e205d1ae104c71f6bbf442
POST /s/gts1d4/pWyJAO6WNqQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:23 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 0dd01ba89bdec170aa415317a31dc77c
e049798a73bb803c144868019b58d065a4ba76a7
962ab39bdf63ee5f7c7e896653cd74e6195204b22883095871ffd3949173948d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:22 GMT
Server: ECS (amb/6BAD)
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.yampi.me/jquery/jquery.js
104.26.2.88200 OK 68 kB URL HTTP/2 cdn.yampi.me/jquery/jquery.js
IP 104.26.2.88:0
File type ASCII text, with very long lines (32060)
Hash 3effbf880ca514045803606fe2f7af06
88e04eb556d793d6f30895597e6687ffc2898e8b
d0fcecace50d2ed07c5a32e05264688dd9f1eb05753037cd328efe4e880bdeb0
GET /jquery/jquery.js HTTP/1.1
Host: cdn.yampi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:35:22 GMT
content-type: application/javascript
x-amz-id-2: 7gxTttBd/kCkn0bd/hyRfHdpqJ9gzq8f1yoBkZ3x5D4QwamXpqfrXGunCOTo8cwqgRppri0a9Bk=
x-amz-request-id: 98FT7W7KHGHEXVPW
last-modified: Tue, 24 Sep 2019 11:23:34 GMT
x-amz-version-id: 6XhfNvj9UGB1eWzPJf8PFJnclFrAQqDF
etag: W/"9f7c65c84c8e8c3e317945e8fd89899b"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6902
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YCGjHrJczewFTIkM4sTf%2FcQouFibQ2obmoGII2BHjBNUn9dkg4OgrmfR3Lwr4l7W4Pt2NiRORVq9Q%2FxS2va9SReoWlVRCfr1pt0Z%2F2Xy2MrkW%2Foem71saocjYP21eg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750005d768d71c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash e8a32c993e90d1a3a9dfdd4ba22b96db
91b2ac9f0e68a9f634975b29171dd206770b6485
345ea1ac76b3b4e9f8c25a4ae840501e52bbf6ab526a20b2733cbe2d355226bd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 01:35:23 GMT
Last-Modified: Sun, 25 Sep 2022 01:04:14 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kSVPnkHxC9KpwjP--B_E-mo10ySEIyHEEupDBz9FzPX3T8684ODPtw==
Age: 1869
awesome-assets.yampi.me/checkout/build/mix/assets/js/app.js?id=3fe06e3b4774e1e22f744c5b2a2ca9cd
104.26.2.88200 OK 164 kB URL HTTP/2 awesome-assets.yampi.me/checkout/build/mix/assets/js/app.js?id=3fe06e3b4774e1e22f744c5b2a2ca9cd
IP 104.26.2.88:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 164 kB (163639 bytes)
Hash 61dddd19379769d80f69b45910f98033
6590167bab98c3e65d63367f8b7f067fa3cc620f
7513e9900ee53e319d208530f205b1c1dcdf33296b04e530a8ae01cb40feed58
GET /checkout/build/mix/assets/js/app.js?id=3fe06e3b4774e1e22f744c5b2a2ca9cd HTTP/1.1
Host: awesome-assets.yampi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:35:22 GMT
content-type: application/javascript
x-amz-id-2: 49aS28FBIXTkl4bKE9+ha7pacAkt3+NPapOS5vMqPTKi5sJ2v0MBnHg6Lcnqo/fcOUnIIah3z3c=
x-amz-request-id: 5RVP5GJAWC4BBHRT
last-modified: Fri, 16 Sep 2022 12:44:10 GMT
x-amz-version-id: RKgRxk_0tWs0Zu8xEYsEG4VN1R862O0o
etag: W/"20baf997b7e31a089f0a9544550cf45a"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6902
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2Bjn3x%2BJ0jO7ubRe9Q5f7wD2TcKYOiaU9Wxnq7H0j%2B%2FcQgzprCOMOZrKsVfirTyUTg629mHVgCeC0v5Na%2BIgKPqTMF%2F0OMu2Xz088gwy%2Bg5XWFFoQFvwQCmr9BLgDklHCGWwUF2eDgLw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750005d758d01c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s3.sa-east-1.amazonaws.com/king-assets.yampi.me/dooki/62f9a86fb7e70/62f9a86fb7e76.png
16.12.2.8200 OK 35 kB URL HTTP/1.1 s3.sa-east-1.amazonaws.com/king-assets.yampi.me/dooki/62f9a86fb7e70/62f9a86fb7e76.png
IP 16.12.2.8:0
File type PNG image data, 400 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash 41ed4f2611b892460245974a09220c6c
e3aa654fbe4959534578a5a9a5a1daab4bdb19b3
a7ae53f13cda4fee2898d7a715eaacf5d3af6532aee55811d30c2504f6961eb0
GET /king-assets.yampi.me/dooki/62f9a86fb7e70/62f9a86fb7e76.png HTTP/1.1
Host: s3.sa-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: tuB6pQCbEbqDft338FVZRIGSSR0fv8PNZYQ5PDRg8paI/lhcAN2TysvkV+myLM9g9N2b5Dxs4HY=
x-amz-request-id: DZ90MFWJ4D6HJNNR
Date: Sun, 25 Sep 2022 01:35:24 GMT
Last-Modified: Mon, 15 Aug 2022 01:59:12 GMT
ETag: "41ed4f2611b892460245974a09220c6c"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 34975
www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js
142.250.74.163200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (826)
Size 158 kB (158248 bytes)
Hash db1b5789e9915e9c82f5df92e5982980
2e193e502995501c85f45fd89d9f83707a7f9573
db9c82b18117d7cff0f674de758f5bbb39bc6dee969cee679c741090968b9206
GET /recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 07:11:34 GMT
expires: Fri, 22 Sep 2023 07:11:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 19 Sep 2022 04:01:43 GMT
content-type: text/javascript
age: 239030
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 58b52380a6b5c598d1ad88e8da148137
a56206a0277aea6e8e2f7629793aba713d8edd0c
561a57c27dfa1f8651a89292428576b626e8700b9cd6b8173a0ce121aa8f9f4a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 419de8bd44f32435f5730ab5925e843b
6b352afe88897d6f3c3c2944de370eb96c670644
0c74e6e47c5fb7501624f8e88e5e53ad25e0d059a07ff5df2882bcb86b94a62a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4361
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:24 GMT
Last-Modified: Sun, 25 Sep 2022 00:22:44 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sun, 25 Sep 2022 00:41:09 GMT
expires: Sun, 25 Sep 2022 02:41:09 GMT
cache-control: public, max-age=7200
age: 3255
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash e1327a02d76346c7e23d114e4e508b30
195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: m7SSGR/wn1p8JQjOKgr3NsaBOgTQZRRup+3LljAHIipNo405Yx+POUg72SQHz/S9Wi90W/U+VwspJwjlzUdvGw==
priority: u=3,i
content-length: 26840
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:35:24 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 58b52380a6b5c598d1ad88e8da148137
a56206a0277aea6e8e2f7629793aba713d8edd0c
561a57c27dfa1f8651a89292428576b626e8700b9cd6b8173a0ce121aa8f9f4a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j97&a=388996583&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Cosm%C3%A9ticos%20Prime&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEATAAAAAC~&jid=1537436825&gjid=435979612&cid=222840888.1664069723&tid=204326437-2&_gid=170848277.1664069723&_r=1&_slc=1&z=1708025077
142.250.74.174200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j97&a=388996583&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Cosm%C3%A9ticos%20Prime&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEATAAAAAC~&jid=1537436825&gjid=435979612&cid=222840888.1664069723&tid=204326437-2&_gid=170848277.1664069723&_r=1&_slc=1&z=1708025077
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j97&a=388996583&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Cosm%C3%A9ticos%20Prime&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEATAAAAAC~&jid=1537436825&gjid=435979612&cid=222840888.1664069723&tid=204326437-2&_gid=170848277.1664069723&_r=1&_slc=1&z=1708025077 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://seguro.cosmeticosprime.com
date: Sun, 25 Sep 2022 01:35:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 419de8bd44f32435f5730ab5925e843b
6b352afe88897d6f3c3c2944de370eb96c670644
0c74e6e47c5fb7501624f8e88e5e53ad25e0d059a07ff5df2882bcb86b94a62a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4361
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:24 GMT
Last-Modified: Sun, 25 Sep 2022 00:22:44 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/j/collect?v=1&_v=j97&a=388996583&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Cosm%C3%A9ticos%20Prime&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEHAAEATAAAAAC~&jid=46701805&gjid=1865260422&cid=222840888.1664069723&tid=UA-45745009-5&_gid=170848277.1664069723&_r=1&_slc=1&z=1100231551
142.250.74.174200 OK 4 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j97&a=388996583&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Cosm%C3%A9ticos%20Prime&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEHAAEATAAAAAC~&jid=46701805&gjid=1865260422&cid=222840888.1664069723&tid=UA-45745009-5&_gid=170848277.1664069723&_r=1&_slc=1&z=1100231551
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash 9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
POST /j/collect?v=1&_v=j97&a=388996583&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Cosm%C3%A9ticos%20Prime&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEHAAEATAAAAAC~&jid=46701805&gjid=1865260422&cid=222840888.1664069723&tid=UA-45745009-5&_gid=170848277.1664069723&_r=1&_slc=1&z=1100231551 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://seguro.cosmeticosprime.com
date: Sun, 25 Sep 2022 01:35:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
seguro.cosmeticosprime.com/cart/recomm
170.82.174.30200 OK 339 B URL HTTP/2 seguro.cosmeticosprime.com/cart/recomm
IP 170.82.174.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
Hash 9b1a123fdff9d249974c225ea89efe2b
7f6774e230d69d4d7ee616377b848d24730fb631
9247dd7c5897002d9ad219a77a001c8f029339cc75aa818db205be413bfd521c
Analyzer Verdict Alert fortinet Phishing
GET /cart/recomm HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: Vg8EVFRXARAJVldbDwQGVVU=
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MzUyNDkiLCJhcCI6IjExMzQxNzA4MjMiLCJpZCI6ImVkZTNiNWFkZGRhMGM4MTAiLCJ0ciI6ImJlMDY5MTE1YmZkYmY0NzMxYTVmZGUzZmExMWQ0OGU0IiwidGkiOjE2NjQwNjk3MjE5MzR9fQ==
traceparent: 00-be069115bfdbf4731a5fde3fa11d48e4-ede3b5addda0c810-01
tracestate: 2935249@nr=0-1-2935249-1134170823-ede3b5addda0c810----1664069721934
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/checkout/address
Cookie: XSRF-TOKEN=eyJpdiI6IjZyY1A3cEE3MkpWcUh2OXA3djU2aGc9PSIsInZhbHVlIjoieUtHMkdLMHZ5Vm5BSTdud1hUYVV2UGMzQndNVzBRaDJzRDFvXC9oMVlHeEpaNlJRTzg4WkRvem50bUtGaGRjQ0JuWFdNTEE3Tkw2emZnbjczTzJKMnRBPT0iLCJtYWMiOiI2MmJjMGUxZGQ2MTU1OWVjOTBjNzViZjJkZjczMzI5MTNhYzdkNTFkOTEzNjM4NGFmN2VkM2QwODgxZWFlYTgzIn0%3D; bubbstore_checkout=eyJpdiI6IlpYcHdTaVRVSmkxTnF2aDBkN2hsZ1E9PSIsInZhbHVlIjoiVmErczc3TDhNbkNPZGgzWkJmNG03WGI3UnJtREhoa3BSXC9MN3hXbXZFSGExcldzS0ltUUdDeEY1WHFYcWJVMVA3MnQrV3VRU0lqU2dGYlIwYWJyRDJRPT0iLCJtYWMiOiJiZDhhZWU2NGRjOTBkMjU1YzBjYzNiZTBhOGE4NDdkZGVhNTViYzE5ZjRmOGQ2NTZhNzdmNzJkZGQzZTExNmYwIn0%3D; cosmeticos-prime_cart=eyJpdiI6IjJXbUR1YkRjeHdXSnAwalVGaWRpb1E9PSIsInZhbHVlIjoiRHdtbHNoU1wvYWdCbERoS2tVZ0xHRWYyeWdKdGZKS0hiVklnZklzYlhjUGtWTjRTZU1KRjRuSjBvU0lxU01zenY3TXByMGdYdzBadG9FYzZjV2lKRDhnPT0iLCJtYWMiOiJiM2YwNGNlNGRhMzVmMDRiNzgxNzZkZmVmMjUwZDc5OGQwYzIyYjhiZmZiOTBhMzE2ZDBkZGIzNDBiNzIxNWNjIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:35:23 GMT
content-type: application/json
x-protected-by: Sqreen
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6ImtZeTVJNjl1OFA3Z0RCOVIyWU5Qd3c9PSIsInZhbHVlIjoiOUtmbm5SSG9OMnBEN21cLzFjXC83VUhNaFV1VFppYXMrTmJwekV6d2tVMmRkdkJcL1ZaS2tTbmVINmozZHE4aEZ4YVN2ZXBFNDI1ZFZVYnB5U3V0SG9EQ0E9PSIsIm1hYyI6ImI4YWY2MzU2MTM1MWE1ZGJiNDEwZGEyMDE1YmJmY2Y4MmI0Njk0MjJjOTFkYzc0NGRmNWNhYWY4ZTYwMGU5YmUifQ%3D%3D; expires=Sun, 25-Sep-2022 04:35:23 GMT; Max-Age=10800; path=/
bubbstore_checkout=eyJpdiI6IktIQjViZFZrSlRcL2txZnFsclBTQlNRPT0iLCJ2YWx1ZSI6InRoWm84aUpHZU9veGdsTXIwUFNzQzdqWlg3cTFqOExaQnlZYVJvWkFqY2VON2lOOEpxQWdlMnRHeWZDdVV0alNBVnhvN1lsV3dUaDBiQVBUUm5iODJ3PT0iLCJtYWMiOiIxMWI1NzM3NzBhOTAxOWI0NjM0NjNjNDViMTNjNTQ5N2Y4YTNiYTFiYmRkNjY2YjY0NjBkZGM4NTZkNzcxODFkIn0%3D; expires=Sun, 25-Sep-2022 04:35:23 GMT; Max-Age=10800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd8e3570655a88b47a20fb93af0fc0c5
6ebbd655af47cbe0788f5ea6a7d9cd457bda2f33
12bc57afd44ddf43fc3802ecc23e743660b146acff0958093fcea30e96b02f6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
seguro.cosmeticosprime.com/e/t
170.82.174.30200 OK 21 B URL HTTP/2 seguro.cosmeticosprime.com/e/t
IP 170.82.174.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
Hash 7eb22cb333d4955db9707321011c19b1
5db98288598f62a696088b5411c3e13e07438907
366a16b5d201e93dfa1ffedbb1be460d635941b34de09edceea792288fea3270
Analyzer Verdict Alert fortinet Phishing
POST /e/t HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: Vg8EVFRXARAJVldbDwQGVVU=
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MzUyNDkiLCJhcCI6IjExMzQxNzA4MjMiLCJpZCI6Ijg2M2UxNDY4ZTNkNmE1OTkiLCJ0ciI6IjA5ZmMxOGJjYTk0ZmJjNDU1NGUwNzVkMDU3Y2QwZTM2IiwidGkiOjE2NjQwNjk3MjE5NDZ9fQ==
traceparent: 00-09fc18bca94fbc4554e075d057cd0e36-863e1468e3d6a599-01
tracestate: 2935249@nr=0-1-2935249-1134170823-863e1468e3d6a599----1664069721946
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 358
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/checkout/address
Cookie: XSRF-TOKEN=eyJpdiI6IjZyY1A3cEE3MkpWcUh2OXA3djU2aGc9PSIsInZhbHVlIjoieUtHMkdLMHZ5Vm5BSTdud1hUYVV2UGMzQndNVzBRaDJzRDFvXC9oMVlHeEpaNlJRTzg4WkRvem50bUtGaGRjQ0JuWFdNTEE3Tkw2emZnbjczTzJKMnRBPT0iLCJtYWMiOiI2MmJjMGUxZGQ2MTU1OWVjOTBjNzViZjJkZjczMzI5MTNhYzdkNTFkOTEzNjM4NGFmN2VkM2QwODgxZWFlYTgzIn0%3D; bubbstore_checkout=eyJpdiI6IlpYcHdTaVRVSmkxTnF2aDBkN2hsZ1E9PSIsInZhbHVlIjoiVmErczc3TDhNbkNPZGgzWkJmNG03WGI3UnJtREhoa3BSXC9MN3hXbXZFSGExcldzS0ltUUdDeEY1WHFYcWJVMVA3MnQrV3VRU0lqU2dGYlIwYWJyRDJRPT0iLCJtYWMiOiJiZDhhZWU2NGRjOTBkMjU1YzBjYzNiZTBhOGE4NDdkZGVhNTViYzE5ZjRmOGQ2NTZhNzdmNzJkZGQzZTExNmYwIn0%3D; cosmeticos-prime_cart=eyJpdiI6IjJXbUR1YkRjeHdXSnAwalVGaWRpb1E9PSIsInZhbHVlIjoiRHdtbHNoU1wvYWdCbERoS2tVZ0xHRWYyeWdKdGZKS0hiVklnZklzYlhjUGtWTjRTZU1KRjRuSjBvU0lxU01zenY3TXByMGdYdzBadG9FYzZjV2lKRDhnPT0iLCJtYWMiOiJiM2YwNGNlNGRhMzVmMDRiNzgxNzZkZmVmMjUwZDc5OGQwYzIyYjhiZmZiOTBhMzE2ZDBkZGIzNDBiNzIxNWNjIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:35:24 GMT
content-type: text/html; charset=UTF-8
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6ImFJNTVESVU4V0Z4ckpzeWFFbmNVSWc9PSIsInZhbHVlIjoiQ2F0aWhSSENrMnR4cytIenl0ekRGRk9BMVZOYWM3a0pcL3FhZGJwaDFwdGlcL1wvc0l0ZExMQzVmK3hKWnY2M2lZY2x6YUhsVmRScTVvSFlSY3ZxZFBpNVE9PSIsIm1hYyI6IjFhMzAyMTc4OTQxODVhYTBhN2QxNjA0MTZjNTAyM2M2MjlmNTFmMmRiYjdlOTgwZjJmMGIwNzQxZTViNjFmZDIifQ%3D%3D; expires=Sun, 25-Sep-2022 04:35:24 GMT; Max-Age=10800; path=/
bubbstore_checkout=eyJpdiI6IkdKZ2VVU3lnanFEYlZmR1V2cXJlRGc9PSIsInZhbHVlIjoiRzVxVmJPdGFXeUxqZDVDUk9SUU83c21ROEhERHZXWGJmMmd6MHcyTHR1VUNtSDduOUZ2UXBjYkI2VURhc085UGQ2aXlIbWNiSEM2VGRlMTMwXC9KNVFBPT0iLCJtYWMiOiJiN2RmZDgyYjE2MjQ4MTEyMGJiNDBlOWNkYzJhYzA4ZGU2Y2ZjZmE5NGM4OTUwNzViMjgwNjU1MjI2ZmUyY2EyIn0%3D; expires=Sun, 25-Sep-2022 04:35:24 GMT; Max-Age=10800; path=/; httponly
x-newrelic-app-data: PxQFWFVWCgcJR1hQAQgPU1UCBxFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86THlDQDg9KkNFRzo4clldFhQMDlwHShFkZGRTVABKIl4PRxALWlsEFCNMQVEHCgtZVhVKVB8GA1JWU04ATApWCA8BHh5UFUNUBAoDXFNSAFJUCwsDXQRQFR1RBwhCU24=
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd8e3570655a88b47a20fb93af0fc0c5
6ebbd655af47cbe0788f5ea6a7d9cd457bda2f33
12bc57afd44ddf43fc3802ecc23e743660b146acff0958093fcea30e96b02f6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=618226349943809&ev=PageView&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&rl=&if=false&ts=1664069723218&cd[content_ids]=%5B%227722402283769%22%5D&cd[content_type]=product_group&cd[value]=349.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664069723217.431772283&it=1664069722936&coo=false&eid=PageView_usbszyxq7&rqm=GET
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=618226349943809&ev=PageView&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&rl=&if=false&ts=1664069723218&cd[content_ids]=%5B%227722402283769%22%5D&cd[content_type]=product_group&cd[value]=349.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664069723217.431772283&it=1664069722936&coo=false&eid=PageView_usbszyxq7&rqm=GET
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=618226349943809&ev=PageView&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&rl=&if=false&ts=1664069723218&cd[content_ids]=%5B%227722402283769%22%5D&cd[content_type]=product_group&cd[value]=349.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664069723217.431772283&it=1664069722936&coo=false&eid=PageView_usbszyxq7&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Sun, 25 Sep 2022 01:35:24 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=618226349943809&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&rl=&if=false&ts=1664069723221&cd[content_ids]=%5B%227722402283769%22%5D&cd[content_type]=product_group&cd[value]=349.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664069723217.431772283&it=1664069722936&coo=false&eid=InitiateCheckout_1tetqvd5s&tm=1&rqm=GET
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=618226349943809&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&rl=&if=false&ts=1664069723221&cd[content_ids]=%5B%227722402283769%22%5D&cd[content_type]=product_group&cd[value]=349.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664069723217.431772283&it=1664069722936&coo=false&eid=InitiateCheckout_1tetqvd5s&tm=1&rqm=GET
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=618226349943809&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&rl=&if=false&ts=1664069723221&cd[content_ids]=%5B%227722402283769%22%5D&cd[content_type]=product_group&cd[value]=349.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664069723217.431772283&it=1664069722936&coo=false&eid=InitiateCheckout_1tetqvd5s&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Sun, 25 Sep 2022 01:35:24 GMT
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sun, 25 Sep 2022 01:35:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1643-BMA
x-cache: HIT
x-cache-hits: 726
x-timer: S1664069725.610007,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0cef234c6faf10617bf293173b24ca5b
a17090860c96476f10920527171270a78df90be6
9ee0161e298ac539f36f613a9b0ef7b128c28ec6559492d34b50a2b863dae9c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 877
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:35:24 GMT
Last-Modified: Sun, 25 Sep 2022 01:20:48 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=5848&ck=1&ref=https://seguro.cosmeticosprime.com/checkout/address&ap=159&be=3870&fe=5775&dc=4419&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664069717506,%22n%22:0,%22f%22:2306,%22dn%22:2306,%22dne%22:2306,%22c%22:2306,%22s%22:2306,%22ce%22:2306,%22rq%22:2308,%22rp%22:3843,%22rpe%22:3843,%22dl%22:3851,%22di%22:4328,%22ds%22:4418,%22de%22:4466,%22dc%22:5774,%22l%22:5774,%22le%22:5777%7D,%22navigation%22:%7B%7D%7D&fcp=4327&at=GhMHFwpIHx8%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=5848&ck=1&ref=https://seguro.cosmeticosprime.com/checkout/address&ap=159&be=3870&fe=5775&dc=4419&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664069717506,%22n%22:0,%22f%22:2306,%22dn%22:2306,%22dne%22:2306,%22c%22:2306,%22s%22:2306,%22ce%22:2306,%22rq%22:2308,%22rp%22:3843,%22rpe%22:3843,%22dl%22:3851,%22di%22:4328,%22ds%22:4418,%22de%22:4466,%22dc%22:5774,%22l%22:5774,%22le%22:5777%7D,%22navigation%22:%7B%7D%7D&fcp=4327&at=GhMHFwpIHx8%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=5848&ck=1&ref=https://seguro.cosmeticosprime.com/checkout/address&ap=159&be=3870&fe=5775&dc=4419&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664069717506,%22n%22:0,%22f%22:2306,%22dn%22:2306,%22dne%22:2306,%22c%22:2306,%22s%22:2306,%22ce%22:2306,%22rq%22:2308,%22rp%22:3843,%22rpe%22:3843,%22dl%22:3851,%22di%22:4328,%22ds%22:4418,%22de%22:4466,%22dc%22:5774,%22l%22:5774,%22le%22:5777%7D,%22navigation%22:%7B%7D%7D&fcp=4327&at=GhMHFwpIHx8%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 01:35:24 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 750005e32d88b506-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=3b1bea7b361dfdc6; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.nr-data.net/events/1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=6175&ck=1&ref=https://seguro.cosmeticosprime.com/checkout/address
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=6175&ck=1&ref=https://seguro.cosmeticosprime.com/checkout/address
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=6175&ck=1&ref=https://seguro.cosmeticosprime.com/checkout/address HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 732
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 01:35:25 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 750005e51e3bb506-OSL
Access-Control-Allow-Origin: https://seguro.cosmeticosprime.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
seguro.cosmeticosprime.com/checkout/address
170.82.174.30200 OK 0 B URL HTTP/2 seguro.cosmeticosprime.com/checkout/address
IP 170.82.174.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
Analyzer Verdict Alert fortinet Phishing
GET /checkout/address HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjdtaHZZU0QrNmhVbXpSbFBoT3NRT1E9PSIsInZhbHVlIjoiVHJvTGtjS0JYS2xnYm5oRUFKQUhtNno0c29FUnZYaFpYd3FyMU1rSXZIV0k1WFwvYnNyc3FDR04xa05DN1MzM2pXRWR6SGR4VmZQTU1yMFdWUTFXbmRnPT0iLCJtYWMiOiIwODJhNjY0ZTBjOWMzOTAwMWE1Njk0YWRjM2E2NGU4ZmMzZGI3YWY0NGZkNjJkMzM5OWRjMjZlY2JkYTU1ZDU5In0%3D; bubbstore_checkout=eyJpdiI6IkZVUW94b0FnTEw0SjI5SFo2NkVJaHc9PSIsInZhbHVlIjoiNHB3ZkNTcEdZazZPTkV0SUZVVGp0Q01PVFlObFJ4d3MrUEloV0ZcL242RWRvZkdmVDhNV0E5RnZobHRCOUNkU0g3M2ZrOGdrQlV2SjVzOHh3R3dYSDVBPT0iLCJtYWMiOiIzYjk5YTYzNGNlMGRiZDQ2N2FhNGUyN2VmYjIxZjcwOWJjZGFmNjdkNDEzMWNiODJiNGI0ZTk2NzY1MmNjNmI3In0%3D; cosmeticos-prime_cart=eyJpdiI6IjJXbUR1YkRjeHdXSnAwalVGaWRpb1E9PSIsInZhbHVlIjoiRHdtbHNoU1wvYWdCbERoS2tVZ0xHRWYyeWdKdGZKS0hiVklnZklzYlhjUGtWTjRTZU1KRjRuSjBvU0lxU01zenY3TXByMGdYdzBadG9FYzZjV2lKRDhnPT0iLCJtYWMiOiJiM2YwNGNlNGRhMzVmMDRiNzgxNzZkZmVmMjUwZDc5OGQwYzIyYjhiZmZiOTBhMzE2ZDBkZGIzNDBiNzIxNWNjIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:35:22 GMT
content-type: text/html; charset=UTF-8
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6IjZyY1A3cEE3MkpWcUh2OXA3djU2aGc9PSIsInZhbHVlIjoieUtHMkdLMHZ5Vm5BSTdud1hUYVV2UGMzQndNVzBRaDJzRDFvXC9oMVlHeEpaNlJRTzg4WkRvem50bUtGaGRjQ0JuWFdNTEE3Tkw2emZnbjczTzJKMnRBPT0iLCJtYWMiOiI2MmJjMGUxZGQ2MTU1OWVjOTBjNzViZjJkZjczMzI5MTNhYzdkNTFkOTEzNjM4NGFmN2VkM2QwODgxZWFlYTgzIn0%3D; expires=Sun, 25-Sep-2022 04:35:22 GMT; Max-Age=10800; path=/
bubbstore_checkout=eyJpdiI6IlpYcHdTaVRVSmkxTnF2aDBkN2hsZ1E9PSIsInZhbHVlIjoiVmErczc3TDhNbkNPZGgzWkJmNG03WGI3UnJtREhoa3BSXC9MN3hXbXZFSGExcldzS0ltUUdDeEY1WHFYcWJVMVA3MnQrV3VRU0lqU2dGYlIwYWJyRDJRPT0iLCJtYWMiOiJiZDhhZWU2NGRjOTBkMjU1YzBjYzNiZTBhOGE4NDdkZGVhNTViYzE5ZjRmOGQ2NTZhNzdmNzJkZGQzZTExNmYwIn0%3D; expires=Sun, 25-Sep-2022 04:35:22 GMT; Max-Age=10800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Rubik:wght@400;500;700&display=swap
216.58.211.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Rubik:wght@400;500;700&display=swap
IP 216.58.211.10:0
GET /css2?family=Rubik:wght@400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 25 Sep 2022 01:35:22 GMT
date: Sun, 25 Sep 2022 01:35:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.yampi.io/ana/ana.min.js?t=1664150400000
104.18.15.227200 OK 0 B URL HTTP/2 cdn.yampi.io/ana/ana.min.js?t=1664150400000
IP 104.18.15.227:0
GET /ana/ana.min.js?t=1664150400000 HTTP/1.1
Host: cdn.yampi.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:35:23 GMT
content-type: application/javascript
x-amz-id-2: BhiGUBdpmMeVCV7nm1s1w5MEvUSVIyYEA+uYTXCnJEpJYf512tfH+FN0CAQdpVvRNmVXhA+0Cso=
x-amz-request-id: BPBCSE1EZ38JAZ04
last-modified: Sun, 26 Jun 2022 23:28:17 GMT
x-amz-version-id: QVByH4DoJS5uOcK0PZ6NhcCV1oJEdR5U
etag: W/"e7cabc20ce5d56c20d8c4577a36e2525"
cf-cache-status: HIT
age: 3595
expires: Mon, 25 Sep 2023 01:35:23 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 750005d95adffab8-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
seguro.cosmeticosprime.com/e/t
170.82.174.30200 OK 0 B URL HTTP/2 seguro.cosmeticosprime.com/e/t
IP 170.82.174.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
Analyzer Verdict Alert fortinet Phishing
POST /e/t HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: Vg8EVFRXARAJVldbDwQGVVU=
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MzUyNDkiLCJhcCI6IjExMzQxNzA4MjMiLCJpZCI6ImRlZDU1YTdjNzU4ZjJlOTkiLCJ0ciI6Ijg1OGMyZjFmMDIwYjhmZTVjODA4YTFjOWU2MDdkNTMzIiwidGkiOjE2NjQwNjk3MjE5NDN9fQ==
traceparent: 00-858c2f1f020b8fe5c808a1c9e607d533-ded55a7c758f2e99-01
tracestate: 2935249@nr=0-1-2935249-1134170823-ded55a7c758f2e99----1664069721943
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 366
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/checkout/address
Cookie: XSRF-TOKEN=eyJpdiI6IjZyY1A3cEE3MkpWcUh2OXA3djU2aGc9PSIsInZhbHVlIjoieUtHMkdLMHZ5Vm5BSTdud1hUYVV2UGMzQndNVzBRaDJzRDFvXC9oMVlHeEpaNlJRTzg4WkRvem50bUtGaGRjQ0JuWFdNTEE3Tkw2emZnbjczTzJKMnRBPT0iLCJtYWMiOiI2MmJjMGUxZGQ2MTU1OWVjOTBjNzViZjJkZjczMzI5MTNhYzdkNTFkOTEzNjM4NGFmN2VkM2QwODgxZWFlYTgzIn0%3D; bubbstore_checkout=eyJpdiI6IlpYcHdTaVRVSmkxTnF2aDBkN2hsZ1E9PSIsInZhbHVlIjoiVmErczc3TDhNbkNPZGgzWkJmNG03WGI3UnJtREhoa3BSXC9MN3hXbXZFSGExcldzS0ltUUdDeEY1WHFYcWJVMVA3MnQrV3VRU0lqU2dGYlIwYWJyRDJRPT0iLCJtYWMiOiJiZDhhZWU2NGRjOTBkMjU1YzBjYzNiZTBhOGE4NDdkZGVhNTViYzE5ZjRmOGQ2NTZhNzdmNzJkZGQzZTExNmYwIn0%3D; cosmeticos-prime_cart=eyJpdiI6IjJXbUR1YkRjeHdXSnAwalVGaWRpb1E9PSIsInZhbHVlIjoiRHdtbHNoU1wvYWdCbERoS2tVZ0xHRWYyeWdKdGZKS0hiVklnZklzYlhjUGtWTjRTZU1KRjRuSjBvU0lxU01zenY3TXByMGdYdzBadG9FYzZjV2lKRDhnPT0iLCJtYWMiOiJiM2YwNGNlNGRhMzVmMDRiNzgxNzZkZmVmMjUwZDc5OGQwYzIyYjhiZmZiOTBhMzE2ZDBkZGIzNDBiNzIxNWNjIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:35:24 GMT
content-type: text/html; charset=UTF-8
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6IncrXC9oTDlGTjViZ2lTeDZHVURaXC9xZz09IiwidmFsdWUiOiJVY3JnUW5Tc25PQ0hHOVk0VStvWnUraGdDazNsXC9QM3FQUlwveUk3aEdYdXZSRnkweTk2VkFPS0RhR1g4RW9yaUNNaDVTN2VGdzJxbG1rcnliSVJ6dHV3PT0iLCJtYWMiOiIxZDExM2ZlYTFjYzE0NGNmN2ZhZjJlMzY0YmRhNDA3ZmFkYjM1NWJmNDMzZmNmMzg2OWRkNzM3ZDAzZmJmOWJjIn0%3D; expires=Sun, 25-Sep-2022 04:35:24 GMT; Max-Age=10800; path=/
bubbstore_checkout=eyJpdiI6ImQzSTVKQW9rczNWcyswU3dLUFNHVlE9PSIsInZhbHVlIjoiSXNXQzVDRVBoVFFLeTRHK2Zrak5CR1NLaTJjVWpPd0RNUVJuYWYxaVRiT2YwNVp1ZUpxaUd2SG9ZRjdaUnZNV2pvUldncktOdHgyXC9IWU9QMnorYWRnPT0iLCJtYWMiOiI3YzNlZjRhYTM2NWIwZTBiNGQ0NjYwOWExYzVkMTFkMGQwZGQ3YjRmMmE0MjUxNzFmNDFjZTM4NWQ4NjljM2E2In0%3D; expires=Sun, 25-Sep-2022 04:35:24 GMT; Max-Age=10800; path=/; httponly
x-newrelic-app-data: PxQFWFVWCgcJR1hQAQgPU1UCBxFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86THlDQDg9KkNFRzo4clldFhQMDlwHShFkZGRTVABKIl4PRxALWlsEFCNMQVEHCgtZVhVKVB8GA1JWU04ATApWCw0BHh5UFUNUBFFbUFMHUQNSXAZRU1QAFR1RBwhCU24=
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
content-encoding: gzip
X-Firefox-Spdy: h2
awesome-assets.yampi.me/checkout/build/mix/assets/css/app.css?id=7364aba5f3dee28d2e44945e07923648
104.26.2.88200 OK 0 B URL HTTP/2 awesome-assets.yampi.me/checkout/build/mix/assets/css/app.css?id=7364aba5f3dee28d2e44945e07923648
IP 104.26.2.88:0
GET /checkout/build/mix/assets/css/app.css?id=7364aba5f3dee28d2e44945e07923648 HTTP/1.1
Host: awesome-assets.yampi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:35:22 GMT
content-type: text/css
x-amz-id-2: Qj7EbVaOzs8MNzFSFYu+F7Fau6uHOEiS63He5IgdSms8LkdReTd0C8kmdRiJVRtdn4WnzUqXD+w=
x-amz-request-id: E1MMEP58KEDKHX8J
last-modified: Fri, 16 Sep 2022 12:44:10 GMT
x-amz-version-id: tDzvH5UD3dj0x1ZKqkC6HAxsINUfeKtz
etag: W/"7364aba5f3dee28d2e44945e07923648"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6902
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qhI9YcBLTPj%2FtppKLQ7wAeTMCkWHrWEv9YsL4diN0W1aQXA%2F15yRZ4503aqBo%2Bhid1WDzcl05j5RA0A3jvorXHGkis%2BfalZmgNcq7Is%2BmKm4rNUuqpb3fpzy70sSpPZGWyajHzU1K4tC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750005d748931c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.dooki.com.br/fa/4.7.0/fa.css
104.18.0.53200 OK 0 B URL HTTP/2 fonts.dooki.com.br/fa/4.7.0/fa.css
IP 104.18.0.53:0
GET /fa/4.7.0/fa.css HTTP/1.1
Host: fonts.dooki.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 01:35:23 GMT
content-type: text/css
x-amz-id-2: gGNPVnAVZsqONOCg389UDgsIhA1ObjBdpsJMkqSZGddyTo93S8XPm4wvAm36dYfVkX+Cf24ZYFI=
x-amz-request-id: G8BNNJCT1K1R1RT8
last-modified: Sat, 10 Nov 2018 14:21:37 GMT
x-amz-version-id: null
etag: W/"36688de682a76454417c56541b1cf51e"
cf-cache-status: HIT
age: 6903
expires: Mon, 03 Oct 2022 01:35:23 GMT
cache-control: public, max-age=691200
vary: Accept-Encoding
server: cloudflare
cf-ray: 750005d90f9cb529-OSL
content-encoding: gzip
X-Firefox-Spdy: h2