Overview

URL seguro.caixamisteriosa.net/cart?cart_token=d2455aea-3cf4-11ed-bc08-027165b02942-63308b4b8da07&utm_source=SMS&utm_campaign=Carrinho%20Abandonado%201&forceCheckout=1&skipToCheckout=1&store_token=14c89e1a1a92eb05e5677a66dbd966c536060fae&customerToken=812a5160-3cf4-11ed-89ff-dfc4a1f20300
IP170.82.174.30
ASN3L CLOUD INTERNET SERVICES LTDA - EPP
Location Brazil
Report completed2022-09-26 19:51:31 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-26 2 seguro.caixamisteriosa.net/checkout/address Phishing
2022-09-26 2 seguro.caixamisteriosa.net/e/t Phishing
2022-09-26 2 seguro.caixamisteriosa.net/e/t Phishing
2022-09-26 2 seguro.caixamisteriosa.net/cart/recomm Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (24)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS js.upnid.com (1) 0 2020-06-23 15:36:07 UTC 2022-09-25 12:30:25 UTC 130.211.14.112 Unknown ranking
mnemonic passive DNS fonts.gstatic.com (1) 0 2014-08-29 13:43:22 UTC 2022-09-26 04:26:58 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS fonts.dooki.com.br (2) 829308 2018-11-23 22:20:24 UTC 2022-09-26 14:15:28 UTC 104.18.0.53
mnemonic passive DNS js-agent.newrelic.com (1) 378 2017-01-30 05:00:15 UTC 2022-09-26 05:21:53 UTC 151.101.86.137
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-26 04:28:07 UTC 34.117.237.239
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-26 12:15:18 UTC 34.120.237.76
mnemonic passive DNS stats.g.doubleclick.net (1) 96 2013-06-02 22:47:44 UTC 2022-09-26 04:28:46 UTC 64.233.162.154
mnemonic passive DNS bam.nr-data.net (2) 630 2015-02-10 00:06:27 UTC 2022-09-26 04:31:04 UTC 162.247.241.14
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-26 04:26:56 UTC 143.204.55.35
mnemonic passive DNS ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.100
mnemonic passive DNS seguro.caixamisteriosa.net (7) 0 2022-08-02 17:13:49 UTC 2022-09-26 13:35:17 UTC 170.82.173.30 Unknown ranking
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-09-26 16:08:16 UTC 93.184.220.29
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-26 05:45:55 UTC 34.214.236.46
mnemonic passive DNS images.yampi.me (4) 955081 2019-07-25 14:01:06 UTC 2022-09-26 02:47:57 UTC 104.26.2.88
mnemonic passive DNS s3.sa-east-1.amazonaws.com (1) 60686 2017-11-14 13:15:14 UTC 2022-09-26 16:01:50 UTC 52.95.164.84
mnemonic passive DNS www.google-analytics.com (3) 40 2012-10-03 01:04:21 UTC 2022-09-26 15:16:33 UTC 142.250.74.174
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-26 12:59:20 UTC 143.204.55.27
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-26 04:35:11 UTC 23.36.76.226
mnemonic passive DNS www.facebook.com (19) 99 2017-01-30 05:00:00 UTC 2022-09-26 04:27:04 UTC 157.240.200.35
mnemonic passive DNS cdn.yampi.me (1) 309436 2019-12-08 15:51:20 UTC 2022-09-26 14:15:28 UTC 104.26.2.88
mnemonic passive DNS cdn.yampi.io (1) 402975 2021-08-15 19:04:52 UTC 2022-09-26 14:15:28 UTC 104.18.15.227
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-09-26 16:59:48 UTC 142.250.74.10
mnemonic passive DNS ocsp.pki.goog (11) 175 2017-06-14 07:23:31 UTC 2022-09-26 04:27:13 UTC 142.250.74.3
mnemonic passive DNS awesome-assets.yampi.me (2) 708511 2019-08-08 18:25:49 UTC 2022-09-26 08:04:27 UTC 104.26.2.88


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 170.82.174.30

Date UQ / IDS / BL URL IP
2022-11-24 05:00:46 +0000
0 - 0 - 4 seguro.xiaomidobrasill.com/cart?cart_token=sh (...) 170.82.174.30
2022-11-15 23:23:57 +0000
0 - 0 - 6 seguro.lojasacolazul.com.br/checkout/payment? (...) 170.82.174.30
2022-11-15 05:56:30 +0000
0 - 0 - 5 seguro.rosaselvagemacido.com/checkout/payment (...) 170.82.174.30
2022-11-15 04:57:35 +0000
0 - 0 - 3 seguro.efacilshop.com/checkout/payment?cart_t (...) 170.82.174.30
2022-11-15 04:47:25 +0000
0 - 0 - 3 seguro.cometabox.com/checkout/payment?cart_to (...) 170.82.174.30

Last 5 reports on ASN: 3L CLOUD INTERNET SERVICES LTDA - EPP

Date UQ / IDS / BL URL IP
2022-11-28 16:45:42 +0000
0 - 0 - 2 www.brinquedosbabebi.com.br/wp-includes/certi (...) 170.82.173.30
2022-11-28 10:54:37 +0000
0 - 0 - 2 www.brinquedosbabebi.com.br/wp-includes/certi (...) 170.82.173.30
2022-11-24 05:00:46 +0000
0 - 0 - 4 seguro.xiaomidobrasill.com/cart?cart_token=sh (...) 170.82.174.30
2022-11-24 05:00:44 +0000
0 - 0 - 4 seguro.caixamisteriosa.net/checkout/payment?c (...) 170.82.173.30
2022-11-24 04:40:41 +0000
0 - 0 - 2 seguro.caixamisteriosa.net/cart?cart_token=f7 (...) 170.82.173.30

Last 5 reports on domain: caixamisteriosa.net

Date UQ / IDS / BL URL IP
2022-11-24 05:00:44 +0000
0 - 0 - 4 seguro.caixamisteriosa.net/checkout/payment?c (...) 170.82.173.30
2022-11-24 04:40:41 +0000
0 - 0 - 2 seguro.caixamisteriosa.net/cart?cart_token=f7 (...) 170.82.173.30
2022-11-06 13:46:14 +0000
0 - 0 - 3 seguro.caixamisteriosa.net/cart?cart_token=a0 (...) 170.82.173.30
2022-11-06 13:46:12 +0000
0 - 0 - 4 seguro.caixamisteriosa.net/checkout/payment?c (...) 170.82.173.30
2022-10-27 04:20:43 +0000
0 - 0 - 3 seguro.caixamisteriosa.net/cart?cart_token=90 (...) 170.82.174.30

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-27 04:20:43 +0000
0 - 0 - 3 seguro.caixamisteriosa.net/cart?cart_token=90 (...) 170.82.174.30
2022-10-27 04:20:42 +0000
0 - 0 - 3 seguro.caixamisteriosa.net/checkout/payment?c (...) 170.82.174.30
2022-10-26 04:30:23 +0000
0 - 0 - 4 linkcurto.co/5pcsz2s8ulgk0 172.67.157.46
2022-10-23 10:50:36 +0000
0 - 0 - 3 seguro.caixamisteriosa.net/cart?cart_token=ab (...) 170.82.174.30
2022-10-23 10:50:34 +0000
0 - 0 - 3 seguro.caixamisteriosa.net/checkout/payment?c (...) 170.82.174.30


JavaScript

Executed Scripts (40)


Executed Evals (5)

#1 JavaScript::Eval (size: 15544, repeated: 1) - SHA256: 87ee55b6a14be406e7e5057321bfa597cef65647f5277f0e2f558c08388ebc67

                                        /* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */
(function() {
    var t = this || self,
        P = function(U) {
            return U
        },
        I = function(U, l) {
            if (!(l = (U = null, t.trustedTypes), l) || !l.createPolicy) return U;
            try {
                U = l.createPolicy("bg", {
                    createHTML: P,
                    createScript: P,
                    createScriptURL: P
                })
            } catch (W) {
                t.console && t.console.error(W.message)
            }
            return U
        };
    (0, eval)(function(U, l) {
        return (l = I()) && 1 === U.eval(l.createScript("1")) ? function(W) {
            return l.createScript(W)
        } : function(W) {
            return "" + W
        }
    }(t)(Array(7824 * Math.random() | 0).join("\n") + '(function(){var f=function(U,l){U.h.splice(0,0,l)},E=function(U){return U.C?Uv(U.s,U):w(true,U,8)},u=function(U,l){if(U.C)return Uv(U.s,U);return(l=w(true,U,8),l)&128&&(l^=128,U=w(true,U,2),l=(l<<2)+(U|0)),l},WG=function(U,l,t,I){for(;l.h.length;){t=(l.T=null,l.h.pop());try{I=lY(t,l)}catch(D){S(D,l)}if(U&&l.T){(U=l.T,U)(function(){C(true,l,true)});break}}return I},tk=function(U,l){return(l=E(U),l)&128&&(l=l&127|E(U)<<7),l},C=function(U,l,t,I,D,W){if(l.h.length){l.N&&0(),l.N=true,l.cv=U;try{I=l.B(),l.Z=I,l.U=0,l.g=I,W=WG(U,l),D=l.B()-l.g,l.G+=D,D<(t?0:10)||0>=l.J--||(D=Math.floor(D),l.V.push(254>=D?D:254))}finally{l.N=false}return W}},M=function(U,l,t,I){for(I=(l|0)-1,t=[];0<=I;I--)t[(l|0)-1-(I|0)]=U>>8*I&255;return t},x=function(U,l,t){t=this;try{PG(this,U,l)}catch(I){S(I,this),U(function(D){D(t.S)})}},mr=function(U,l,t,I,D,W){if(!l.S){l.W++;try{for(W=(I=void 0,l.H),D=0;--U;)try{if((t=void 0,l).C)I=Uv(l.C,l);else{if((D=J(99,l),D)>=W)break;I=(g(l,492,D),t=u(l),J)(t,l)}y(false,false,l,(I&&I[IB]&2048?I(l,U):h([R,21,t],0,l),U))}catch(P){J(20,l)?h(P,22,l):g(l,20,P)}if(!U){if(l.hA){mr(553527590301,(l.W--,l));return}h([R,33],0,l)}}catch(P){try{h(P,22,l)}catch(V){S(V,l)}}l.W--}},V0=function(U,l,t,I){(I=(t=u(U),u)(U),K)(I,U,M(J(t,U),l))},Uv=function(U,l){return(U=U.create().shift(),l.C).create().length||l.s.create().length||(l.C=void 0,l.s=void 0),U},De=function(U,l){(l.push(U[0]<<24|U[1]<<16|U[2]<<8|U[3]),l.push(U[4]<<24|U[5]<<16|U[6]<<8|U[7]),l).push(U[8]<<24|U[9]<<16|U[10]<<8|U[11])},PG=function(U,l,t,I,D){for(U.ns=((U.AA=fi,(U.Hv=U[p],U).so=qw,U).yg=w2({get:function(){return this.concat()}},U.i),z)[U.i](U.yg,{value:{value:{}}}),I=0,D=[];128>I;I++)D[I]=String.fromCharCode(I);C(true,U,(f(U,(f(U,[((B(function(W){SV(4,W)},(B(function(W,P,V){g((P=(V=u((P=u(W),W)),J(P,W)),P=bY(P),W),V,P)},(g(U,299,[0,(B(function(W){V0(W,4)},(B(function(W,P,V,m,q){g(W,(V=(V=u((m=(P=u((q=u(W),W)),u(W)),W)),J(V,W)),m=J(m,W),P=J(P,W),q),cG(W,P,m,V))},(B(function(W,P){(W=(P=u(W),J)(P,W.I),W[0]).removeEventListener(W[1],W[2],A)},U,(B(function(W,P,V,m){g(W,(V=J((m=(V=u((P=u(W),W)),u(W)),P=J(P,W),V),W),m),P[V])},U,(B(function(W,P,V,m){g(W,(P=J((m=(P=u(W),u(W)),P),W),V=J(m,W),m),V+P)},(B(function(W,P,V,m){(m=u((V=(P=u(W),u(W)),W)),W).I==W&&(m=J(m,W),V=J(V,W),J(P,W)[V]=m,467==P&&(W.D=void 0,2==V&&(W.R=w(false,W,32),W.D=void 0)))},(g(U,(B(function(W){uY(4,W)},(B(function(W,P,V,m,q){for(m=(V=(q=tk((P=u(W),W)),[]),0);m<q;m++)V.push(E(W));g(W,P,V)},U,((B(function(W,P,V){V=(P=(V=u(W),u(W)),0!=J(V,W)),P=J(P,W),V&&g(W,99,P)},(B(function(W,P,V,m,q,e){y(false,true,W,P)||(m=Ci(W.I),q=m.o,e=q.length,V=m.v,P=m.mN,m=m.IS,q=0==e?new m[V]:1==e?new m[V](q[0]):2==e?new m[V](q[0],q[1]):3==e?new m[V](q[0],q[1],q[2]):4==e?new m[V](q[0],q[1],q[2],q[3]):2(),g(W,P,q))},U,(B((B(function(W,P,V,m){!y(false,true,W,P)&&(P=Ci(W),m=P.IS,V=P.v,W.I==W||V==W.Si&&m==W)&&(g(W,P.mN,V.apply(m,P.o)),W.Z=W.B())},(g(U,253,(B((g(U,20,(g(U,391,(B(function(W,P,V,m){g(W,(m=J((P=(m=(V=u(W),u(W)),u(W)),m),W),V=J(V,W)==m,P),+V)},((B(function(W,P,V){g(W,(V=u(W),P=u(W),P),""+J(V,W))},(B((B(function(W,P,V,m){if(P=W.Fq.pop()){for(m=E(W);0<m;m--)V=u(W),P[V]=W.F[V];W.F=(P[223]=W.F[223],P[91]=W.F[91],P)}else g(W,99,W.H)},(g((B(function(W){V0(W,1)},(g(U,(U.gT=(B(function(){},U,(B(function(W,P,V,m){g(W,(m=(V=(P=u(W),E(W)),u)(W),m),J(P,W)>>>V)},((g(U,(B(function(W,P,V,m,q,e,c,b,d,Z,Q,a){function X(N,G){for(;V<N;)b|=E(W)<<V,V+=8;return V-=N,G=b&(1<<N)-1,b>>=N,G}for(Z=(a=(d=(b=V=(Q=u(W),0),(X(3)|0)+1),X)(5),0),e=[],P=0;P<a;P++)c=X(1),e.push(c),Z+=c?0:1;for(m=(Z=((Z|0)-1).toString(2).length,[]),P=0;P<a;P++)e[P]||(m[P]=X(Z));for(Z=0;Z<a;Z++)e[Z]&&(m[Z]=u(W));for(q=[];d--;)q.push(J(u(W),W));B(function(N,G,O,k,F){for(O=(k=0,G=[],[]);k<a;k++){if(!(F=m[k],e[k])){for(;F>=O.length;)O.push(u(N));F=O[F]}G.push(F)}N.s=eV(N,(N.C=eV(N,q.slice()),G))},W,Q)},U,((g(U,(g(U,(B((g(U,(g(U,(U.Eo=(((U.H=0,U).Fq=[],U.h=((U.G=0,U).I=U,[]),U.O=(U.N=false,U.j=8001,U.D=(U.Y=1,void 0),U.J=25,U.F=[],(U.T=null,U).cv=false,U.l=[],I=(U.s=void 0,(U.lC=0,window).performance||{}),0),U.Si=(U.U=(U.Z=(U.W=0,U.K=false,0),U.L=void 0,U.g=0,U.C=(U.S=void 0,void 0),U.R=void 0,void 0),U.P=[],function(W){this.I=W}),U).V=[],I.timeOrigin||(I.timing||{}).navigationStart||0),99),0),492),0),function(W,P,V,m,q,e,c){for(q=(c=(m=(V=u(W),e=tk(W),""),J(317,W)),c).length,P=0;e--;)P=((P|0)+(tk(W)|0))%q,m+=D[c[P]];g(W,V,m)}),U,11),212),{}),396),U),U.oS=0,B)(function(W,P,V,m){g(W,(V=(m=(V=(P=u(W),u)(W),u(W)),P=J(P,W),J(V,W)),m),P in V|0)},U,446),110)),91),2048),g(U,32,H(4)),B)(function(W,P,V,m,q){(m=J((q=(q=(m=(P=u((V=u(W),W)),u(W)),u)(W),P=J(P,W),J(q,W)),m),W),V=J(V,W.I),0!==V)&&(m=cG(W,m,q,1,V,P),V.addEventListener(P,m,A),g(W,173,[V,P,m]))},U,395),U),70),45)),0),263),[160,0,0]),U),5),U),173,0),U),9),B(function(W,P,V){y(false,true,W,P)||(P=u(W),V=u(W),g(W,V,function(m){return eval(m)}(Ev(J(P,W.I)))))},U,440),function(W,P,V,m,q,e){if(!y(true,true,W,P)){if("object"==(V=J((P=J((P=(V=u((m=(q=u(W),u(W)),W)),u(W)),P),W),m=J(m,W),V),W),W=J(q,W),bY(W))){for(e in q=[],W)q.push(e);W=q}for(q=(V=0<V?V:1,e=0,W.length);e<q;e+=V)m(W.slice(e,(e|0)+(V|0)),P)}}),U,422),U),479),B)(function(W,P){P=J(u(W),W),sv(P,W.I)},U,498),U),351),0)),119)),function(W){SV(3,W)}),U,279),[])),U),83),function(W,P,V,m){g(W,(V=u((m=(P=u(W),u)(W),W)),V),J(P,W)||J(m,W))}),U,41),270)),U),267),U).ZZ=0,0)),U),194),10),n),U),333),U),359),397)),477)),U),98),g(U,223,[]),U),504),0),0]),U),305),U),329),f)(U,[Ze]),L),t]),[iY,l])),true))},g=function(U,l,t){if(99==l||492==l)U.F[l]?U.F[l].concat(t):U.F[l]=eV(U,t);else{if(U.K&&467!=l)return;263==l||32==l||253==l||223==l||299==l?U.F[l]||(U.F[l]=Mw(t,U,102,l)):U.F[l]=Mw(t,U,97,l)}467==l&&(U.R=w(false,U,32),U.D=void 0)},bY=function(U,l,t){if("object"==(t=typeof U,t))if(U){if(U instanceof Array)return"array";if(U instanceof Object)return t;if((l=Object.prototype.toString.call(U),"[object Window]")==l)return"object";if("[object Array]"==l||"number"==typeof U.length&&"undefined"!=typeof U.splice&&"undefined"!=typeof U.propertyIsEnumerable&&!U.propertyIsEnumerable("splice"))return"array";if("[object Function]"==l||"undefined"!=typeof U.call&&"undefined"!=typeof U.propertyIsEnumerable&&!U.propertyIsEnumerable("call"))return"function"}else return"null";else if("function"==t&&"undefined"==typeof U.call)return"object";return t},lY=function(U,l,t,I,D){if(I=U[0],I==r)l.J=25,l.A(U);else if(I==p){D=U[1];try{t=l.S||l.A(U)}catch(W){S(W,l),t=l.S}D(t)}else if(I==d2)l.A(U);else if(I==L)l.A(U);else if(I==iY){try{for(t=0;t<l.P.length;t++)try{D=l.P[t],D[0][D[1]](D[2])}catch(W){}}catch(W){}(0,(l.P=[],U)[1])(function(W,P){l.u(W,true,P)},function(W){((W=!l.h.length,f)(l,[IB]),W)&&C(true,l,false)})}else{if(I==Y)return t=U[2],g(l,101,U[6]),g(l,212,t),l.A(U);I==IB?(l.F=null,l.l=[],l.V=[]):I==Ze&&"loading"===n.document.readyState&&(l.T=function(W,P){function V(){P||(P=true,W())}n.document.addEventListener((P=false,"DOMContentLoaded"),V,A),n.addEventListener("load",V,A)})}},H=function(U,l){for(l=[];U--;)l.push(255*Math.random()|0);return l},aB=function(U,l,t){return U.u(function(I){t=I},false,l),t},v,sv=function(U,l){g(l,99,(l.Fq.push(l.F.slice()),l.F[99]=void 0,U))},T,K=function(U,l,t,I,D,W){if(l.I==l)for(W=J(U,l),32==U?(U=function(P,V,m,q){if((q=W.length,m=(q|0)-4>>3,W.iC)!=m){m=(m<<(V=[(W.iC=m,0),0,D[1],D[2]],3))-4;try{W.Cs=xa(Nw(W,m),V,Nw(W,(m|0)+4))}catch(e){throw e;}}W.push(W.Cs[q&7]^P)},D=J(299,l)):U=function(P){W.push(P)},I&&U(I&255),l=t.length,I=0;I<l;I++)U(t[I])},hk=function(U,l,t,I){function D(){}return{invoke:(I=Jk(U,function(W){D&&(l&&g2(l),t=W,D(),D=void 0)},(t=void 0,!!l))[0],function(W,P,V,m){function q(){t(function(e){g2(function(){W(e)})},V)}if(!P)return P=I(V),W&&W(P),P;t?q():(m=D,D=function(){g2((m(),q))})})}},SV=function(U,l,t,I,D){K(((t=(I=(t=(D=U&4,U&=3,u(l)),u)(l),J(t,l)),D)&&(t=jV(""+t)),U&&K(I,l,M(t.length,2)),I),l,t)},h=function(U,l,t,I,D,W){if(!t.K){if(3<(U=J(91,((l=((W=J(223,((I=void 0,U)&&U[0]===R&&(l=U[1],I=U[2],U=void 0),t)),0==W.length)&&(D=J(492,t)>>3,W.push(l,D>>8&255,D&255),void 0!=I&&W.push(I&255)),""),U)&&(U.message&&(l+=U.message),U.stack&&(l+=":"+U.stack)),t)),U)){(I=(l=(l=l.slice(0,(U|0)-3),U-=(l.length|0)+3,jV(l)),t.I),t).I=t;try{K(32,t,M(l.length,2).concat(l),9)}finally{t.I=I}}g(t,91,U)}},jV=function(U,l,t,I,D){for(D=(U=U.replace(/\\r\\n/g,"\\n"),I=0,[]),t=0;I<U.length;I++)l=U.charCodeAt(I),128>l?D[t++]=l:(2048>l?D[t++]=l>>6|192:(55296==(l&64512)&&I+1<U.length&&56320==(U.charCodeAt(I+1)&64512)?(l=65536+((l&1023)<<10)+(U.charCodeAt(++I)&1023),D[t++]=l>>18|240,D[t++]=l>>12&63|128):D[t++]=l>>12|224,D[t++]=l>>6&63|128),D[t++]=l&63|128);return D},w=function(U,l,t,I,D,W,P,V,m,q,e,c,b,d){if((e=J(99,l),e)>=l.H)throw[R,31];for(D=(I=l.Hv.length,b=0,t),m=e;0<D;)c=m%8,P=m>>3,W=8-(c|0),W=W<D?W:D,d=l.l[P],U&&(q=l,q.D!=m>>6&&(q.D=m>>6,V=J(467,q),q.L=xa(q.R,[0,0,V[1],V[2]],q.D)),d^=l.L[P&I]),m+=W,b|=(d>>8-(c|0)-(W|0)&(1<<W)-1)<<(D|0)-(W|0),D-=W;return g((U=b,l),99,(e|0)+(t|0)),U},uY=function(U,l,t,I){for(I=(t=u(l),0);0<U;U--)I=I<<8|E(l);g(l,t,I)},A={passive:true,capture:true},n=this||self,oB=function(U,l,t,I){try{I=U[((l|0)+2)%3],U[l]=(U[l]|0)-(U[((l|0)+1)%3]|0)-(I|0)^(1==l?I<<t:I>>>t)}catch(D){throw D;}},y=function(U,l,t,I,D,W,P,V,m){if(t.Y+=(W=(D=(P=(l||t.U++,0<t.O&&t.N)&&t.cv&&1>=t.W&&!t.C&&!t.T&&(!l||1<t.j-I)&&0==document.hidden,V=4==t.U)||P?t.B():t.Z,D-t.Z),m=W>>14,t.R&&(t.R^=m*(W<<2)),m),t.I=m||t.I,V||P)t.U=0,t.Z=D;if(!P||D-t.g<t.O-(U?255:l?5:2))return false;return!((g(t,(t.j=I,U=J(l?492:99,t),99),t.H),t.h.push([d2,U,l?I+1:I]),t).T=g2,0)},Nw=function(U,l){return U[l]<<24|U[(l|0)+1]<<16|U[(l|0)+2]<<8|U[(l|0)+3]},Mw=function(U,l,t,I,D,W,P,V){return(U=[-32,-66,-39,(P=t&(W=RB,7),-36),-61,36,U,-76,70,41],V=z[l.i](l.yg),V)[l.i]=function(m){P+=(D=m,6+7*t),P&=7},V.concat=function(m){return m=(m=(m=I%16+1,1*I*I*m+(W()|0)*m+U[P+27&7]*I*m+P-m*D-48*I*I*D- -3168*I*D+48*D*D-3552*D),U[m]),D=void 0,U[(P+37&7)+(t&2)]=m,U[P+(t&2)]=-66,m},V},J=function(U,l){if((l=l.F[U],void 0)===l)throw[R,30,U];if(l.value)return l.create();return(l.create(1*U*U+-66*U+74),l).prototype},y0=function(U,l){return[(l(function(t){t(U)}),function(){return U})]},w2=function(U,l){return z[l](z.prototype,{pop:U,length:U,propertyIsEnumerable:U,floor:U,replace:U,splice:U,call:U,document:U,stack:U,parent:U,console:U,prototype:U})},xa=function(U,l,t,I,D){for(l=l[2]|(I=l[D=0,3]|0,0);14>D;D++)t=t>>>8|t<<24,t+=U|0,U=U<<3|U>>>29,t^=l+3261,I=I>>>8|I<<24,U^=t,I+=l|0,l=l<<3|l>>>29,I^=D+3261,l^=I;return[U>>>24&255,U>>>16&255,U>>>8&255,U>>>0&255,t>>>24&255,t>>>16&255,t>>>8&255,t>>>0&255]},cG=function(U,l,t,I,D,W){function P(){if(U.I==U){if(U.F){var V=[Y,l,t,void 0,D,W,arguments];if(2==I)var m=C((f(U,V),false),U,false);else if(1==I){var q=!U.h.length;(f(U,V),q)&&C(false,U,false)}else m=lY(V,U);return m}D&&W&&D.removeEventListener(W,P,A)}}return P},B=function(U,l,t){U[g(l,t,U),Ze]=2796},g2=n.requestIdleCallback?function(U){requestIdleCallback(function(){U()},{timeout:4})}:n.setImmediate?function(U){setImmediate(U)}:function(U){setTimeout(U,0)},Q0=function(U,l){if((U=n.trustedTypes,l=null,!U)||!U.createPolicy)return l;try{l=U.createPolicy("bg",{createHTML:Ki,createScript:Ki,createScriptURL:Ki})}catch(t){n.console&&n.console.error(t.message)}return l},Jk=function(U,l,t,I){return(I=v[U.substring(0,3)+"_"])?I(U.substring(3),l,t):y0(U,l)},eV=function(U,l,t){return((t=z[U.i](U.ns),t)[U.i]=function(){return l},t).concat=function(I){l=I},t},$a=function(U,l,t){if(3==U.length){for(t=0;3>t;t++)l[t]+=U[t];for(t=[13,(U=0,8),13,12,16,5,3,10,15];9>U;U++)l[3](l,U%3,t[U])}},Ci=function(U,l,t,I,D,W){for(I=(l=u((D=(t=(W=U[Xi]||{},u)(U),W.mN=u(U),W.o=[],U).I==U?(E(U)|0)-1:1,U)),0);I<D;I++)W.o.push(u(U));for(W.IS=J(l,U);D--;)W.o[D]=J(W.o[D],U);return W.v=J(t,U),W},S=function(U,l){l.S=((l.S?l.S+"~":"E:")+U.message+":"+U.stack).slice(0,2048)},Gm=function(U,l,t,I){return J(212,(g(U,99,(((I=J(99,U),U.l&&I<U.H)?(g(U,99,U.H),sv(t,U)):g(U,99,t),mr)(l,U),I)),U))},Ki=function(U){return U},Xi=String.fromCharCode(105,110,116,101,103,67,104,101,99,107,66,121,112,97,115,115),d2=[],Ze=[],iY=[],p=(x.prototype.Wv=void 0,x.prototype.hA=(x.prototype.xQ=void 0,false),[]),Y=(x.prototype.X="toString",[]),IB=[],R={},r=[],L=[],z=(((De,function(){})(H),function(){})(oB),$a,R.constructor),RB=(T=x.prototype,T.ps=function(U,l,t,I,D,W){for(t=(D=I=0,[]);D<U.length;D++)for(I+=l,W=W<<l|U[D];7<I;)I-=8,t.push(W>>I&255);return t},void 0);T.rT=(T.DZ=((T.u=function(U,l,t,I,D){if((t="array"===bY(t)?t:[t],this).S)U(this.S);else try{I=[],D=!this.h.length,f(this,[r,I,t]),f(this,[p,U,I]),l&&!D||C(l,this,true)}catch(W){S(W,this),U(this.S)}},T).B=(window.performance||{}).now?function(){return this.Eo+window.performance.now()}:function(){return+new Date},T.Tb=function(U,l,t,I,D){for(I=D=0;I<U.length;I++)D+=U.charCodeAt(I),D+=D<<10,D^=D>>6;return(D=(U=(D+=D<<3,D^=D>>11,D+(D<<15)>>>0),new Number(U&(1<<l)-1)),D)[0]=(U>>>l)%t,D},T.RS=(x.prototype.i="create",function(){return Math.floor(this.B())}),function(){return Math.floor(this.G+(this.B()-this.g))}),function(U,l,t){return((l^=l<<13,l^=l>>17,l=(l^l<<5)&t)||(l=1),U)^l}),x.prototype.A=function(U,l){return U=(RB=function(){return l==U?74:111},l={},{}),function(t,I,D,W,P,V,m,q,e,c,b,d,Z,Q,a){Z=l,l=U;try{if(W=t[0],W==L){P=t[1];try{for(b=(D=[],c=atob(P),q=0);q<c.length;q++)d=c.charCodeAt(q),255<d&&(D[b++]=d&255,d>>=8),D[b++]=d;g(this,467,[0,0,(this.l=D,this.H=this.l.length<<3,0)])}catch(X){h(X,17,this);return}mr(8001,this)}else if(W==r)t[1].push(J(253,this).length,J(263,this).length,J(91,this),J(32,this).length),g(this,212,t[2]),this.F[175]&&Gm(this,8001,J(175,this));else{if(W==p){this.I=(I=(Q=M(((q=t[2],J(263,this)).length|0)+2,2),this).I,this);try{e=J(223,this),0<e.length&&K(263,this,M(e.length,2).concat(e),10),K(263,this,M(this.Y,1),109),K(263,this,M(this[p].length,1)),c=0,c-=(J(263,this).length|0)+5,c+=J(391,this)&2047,V=J(32,this),4<V.length&&(c-=(V.length|0)+3),0<c&&K(263,this,M(c,2).concat(H(c)),15),4<V.length&&K(263,this,M(V.length,2).concat(V),156)}finally{this.I=I}if((b=H(2).concat(J(263,this)),b[1]=b[0]^6,b[3]=b[1]^Q[0],b)[4]=b[1]^Q[1],a=this.bC(b))a="!"+a;else for(c=0,a="";c<b.length;c++)m=b[c][this.X](16),1==m.length&&(m="0"+m),a+=m;return J(32,(g(this,91,((J(253,(D=a,this)).length=q.shift(),J(263,this)).length=q.shift(),q.shift())),this)).length=q.shift(),D}if(W==d2)Gm(this,t[2],t[1]);else if(W==Y)return Gm(this,8001,t[1])}}finally{l=Z}}}();var qw,fi=/./,pi=L.pop.bind(x.prototype[x.prototype[iY]=[0,0,1,1,0,1,1],((x.prototype.bC=function(U,l,t,I){if(l=window.btoa){for(I=(t="",0);I<U.length;I+=8192)t+=String.fromCharCode.apply(null,U.slice(I,I+8192));U=l(t).replace(/\\+/g,"-").replace(/\\//g,"_").replace(/=/g,"")}else U=void 0;return U},x.prototype).NT=0,x).prototype.Bv=0,r]),Ev=(qw=w2({get:pi},(fi[x.prototype.X]=pi,x.prototype.i)),x.prototype.kQ=void 0,function(U,l){return(l=Q0())&&1===U.eval(l.createScript("1"))?function(t){return l.createScript(t)}:function(t){return""+t}}(n));(40<(v=n.botguard||(n.botguard={}),v.m)||(v.m=41,v.bg=hk,v.a=Jk),v).VBW_=function(U,l,t){return[(t=new x(l,U),function(I){return aB(t,I)})]};}).call(this);'));
}).call(this);
                                    

#2 JavaScript::Eval (size: 64, repeated: 1) - SHA256: f9b61a95c5995b1614d5988fe5a9aeebaa6ed941137234bd00d42e77f5661756

                                        0,
function(W, P, V) {
    g(W, (V = (P = (V = u(W), u(W)), W.F[V] && J(V, W)), P), V)
}
                                    

#3 JavaScript::Eval (size: 21402, repeated: 1) - SHA256: 0da1fbd57af043761d5f60e02bddf36b55fe6390b3102c05bf221d5a5e1de658

                                        (function() {
    var f = function(U, l) {
            U.h.splice(0, 0, l)
        },
        E = function(U) {
            return U.C ? Uv(U.s, U) : w(true, U, 8)
        },
        u = function(U, l) {
            if (U.C) return Uv(U.s, U);
            return (l = w(true, U, 8), l) & 128 && (l ^= 128, U = w(true, U, 2), l = (l << 2) + (U | 0)), l
        },
        WG = function(U, l, t, I) {
            for (; l.h.length;) {
                t = (l.T = null, l.h.pop());
                try {
                    I = lY(t, l)
                } catch (D) {
                    S(D, l)
                }
                if (U && l.T) {
                    (U = l.T, U)(function() {
                        C(true, l, true)
                    });
                    break
                }
            }
            return I
        },
        tk = function(U, l) {
            return (l = E(U), l) & 128 && (l = l & 127 | E(U) << 7), l
        },
        C = function(U, l, t, I, D, W) {
            if (l.h.length) {
                l.N && 0(), l.N = true, l.cv = U;
                try {
                    I = l.B(), l.Z = I, l.U = 0, l.g = I, W = WG(U, l), D = l.B() - l.g, l.G += D, D < (t ? 0 : 10) || 0 >= l.J-- || (D = Math.floor(D), l.V.push(254 >= D ? D : 254))
                } finally {
                    l.N = false
                }
                return W
            }
        },
        M = function(U, l, t, I) {
            for (I = (l | 0) - 1, t = []; 0 <= I; I--) t[(l | 0) - 1 - (I | 0)] = U >> 8 * I & 255;
            return t
        },
        x = function(U, l, t) {
            t = this;
            try {
                PG(this, U, l)
            } catch (I) {
                S(I, this), U(function(D) {
                    D(t.S)
                })
            }
        },
        mr = function(U, l, t, I, D, W) {
            if (!l.S) {
                l.W++;
                try {
                    for (W = (I = void 0, l.H), D = 0; --U;) try {
                        if ((t = void 0, l).C) I = Uv(l.C, l);
                        else {
                            if ((D = J(99, l), D) >= W) break;
                            I = (g(l, 492, D), t = u(l), J)(t, l)
                        }
                        y(false, false, l, (I && I[IB] & 2048 ? I(l, U) : h([R, 21, t], 0, l), U))
                    } catch (P) {
                        J(20, l) ? h(P, 22, l) : g(l, 20, P)
                    }
                    if (!U) {
                        if (l.hA) {
                            mr(553527590301, (l.W--, l));
                            return
                        }
                        h([R, 33], 0, l)
                    }
                } catch (P) {
                    try {
                        h(P, 22, l)
                    } catch (V) {
                        S(V, l)
                    }
                }
                l.W--
            }
        },
        V0 = function(U, l, t, I) {
            (I = (t = u(U), u)(U), K)(I, U, M(J(t, U), l))
        },
        Uv = function(U, l) {
            return (U = U.create().shift(), l.C).create().length || l.s.create().length || (l.C = void 0, l.s = void 0), U
        },
        De = function(U, l) {
            (l.push(U[0] << 24 | U[1] << 16 | U[2] << 8 | U[3]), l.push(U[4] << 24 | U[5] << 16 | U[6] << 8 | U[7]), l).push(U[8] << 24 | U[9] << 16 | U[10] << 8 | U[11])
        },
        PG = function(U, l, t, I, D) {
            for (U.ns = ((U.AA = fi, (U.Hv = U[p], U).so = qw, U).yg = w2({get: function() {
                        return this.concat()
                    }
                }, U.i), z)[U.i](U.yg, {
                    value: {
                        value: {}
                    }
                }), I = 0, D = []; 128 > I; I++) D[I] = String.fromCharCode(I);
            C(true, U, (f(U, (f(U, [((B(function(W) {
                SV(4, W)
            }, (B(function(W, P, V) {
                g((P = (V = u((P = u(W), W)), J(P, W)), P = bY(P), W), V, P)
            }, (g(U, 299, [0, (B(function(W) {
                V0(W, 4)
            }, (B(function(W, P, V, m, q) {
                g(W, (V = (V = u((m = (P = u((q = u(W), W)), u(W)), W)), J(V, W)), m = J(m, W), P = J(P, W), q), cG(W, P, m, V))
            }, (B(function(W, P) {
                (W = (P = u(W), J)(P, W.I), W[0]).removeEventListener(W[1], W[2], A)
            }, U, (B(function(W, P, V, m) {
                g(W, (V = J((m = (V = u((P = u(W), W)), u(W)), P = J(P, W), V), W), m), P[V])
            }, U, (B(function(W, P, V, m) {
                g(W, (P = J((m = (P = u(W), u(W)), P), W), V = J(m, W), m), V + P)
            }, (B(function(W, P, V, m) {
                (m = u((V = (P = u(W), u(W)), W)), W).I == W && (m = J(m, W), V = J(V, W), J(P, W)[V] = m, 467 == P && (W.D = void 0, 2 == V && (W.R = w(false, W, 32), W.D = void 0)))
            }, (g(U, (B(function(W) {
                uY(4, W)
            }, (B(function(W, P, V, m, q) {
                for (m = (V = (q = tk((P = u(W), W)), []), 0); m < q; m++) V.push(E(W));
                g(W, P, V)
            }, U, ((B(function(W, P, V) {
                V = (P = (V = u(W), u(W)), 0 != J(V, W)), P = J(P, W), V && g(W, 99, P)
            }, (B(function(W, P, V, m, q, e) {
                y(false, true, W, P) || (m = Ci(W.I), q = m.o, e = q.length, V = m.v, P = m.mN, m = m.IS, q = 0 == e ? new m[V] : 1 == e ? new m[V](q[0]) : 2 == e ? new m[V](q[0], q[1]) : 3 == e ? new m[V](q[0], q[1], q[2]) : 4 == e ? new m[V](q[0], q[1], q[2], q[3]) : 2(), g(W, P, q))
            }, U, (B((B(function(W, P, V, m) {
                !y(false, true, W, P) && (P = Ci(W), m = P.IS, V = P.v, W.I == W || V == W.Si && m == W) && (g(W, P.mN, V.apply(m, P.o)), W.Z = W.B())
            }, (g(U, 253, (B((g(U, 20, (g(U, 391, (B(function(W, P, V, m) {
                g(W, (m = J((P = (m = (V = u(W), u(W)), u(W)), m), W), V = J(V, W) == m, P), +V)
            }, ((B(function(W, P, V) {
                g(W, (V = u(W), P = u(W), P), "" + J(V, W))
            }, (B((B(function(W, P, V, m) {
                if (P = W.Fq.pop()) {
                    for (m = E(W); 0 < m; m--) V = u(W), P[V] = W.F[V];
                    W.F = (P[223] = W.F[223], P[91] = W.F[91], P)
                } else g(W, 99, W.H)
            }, (g((B(function(W) {
                V0(W, 1)
            }, (g(U, (U.gT = (B(function() {}, U, (B(function(W, P, V, m) {
                g(W, (m = (V = (P = u(W), E(W)), u)(W), m), J(P, W) >>> V)
            }, ((g(U, (B(function(W, P, V, m, q, e, c, b, d, Z, Q, a) {
                function X(N, G) {
                    for (; V < N;) b |= E(W) << V, V += 8;
                    return V -= N, G = b & (1 << N) - 1, b >>= N, G
                }
                for (Z = (a = (d = (b = V = (Q = u(W), 0), (X(3) | 0) + 1), X)(5), 0), e = [], P = 0; P < a; P++) c = X(1), e.push(c), Z += c ? 0 : 1;
                for (m = (Z = ((Z | 0) - 1).toString(2).length, []), P = 0; P < a; P++) e[P] || (m[P] = X(Z));
                for (Z = 0; Z < a; Z++) e[Z] && (m[Z] = u(W));
                for (q = []; d--;) q.push(J(u(W), W));
                B(function(N, G, O, k, F) {
                    for (O = (k = 0, G = [], []); k < a; k++) {
                        if (!(F = m[k], e[k])) {
                            for (; F >= O.length;) O.push(u(N));
                            F = O[F]
                        }
                        G.push(F)
                    }
                    N.s = eV(N, (N.C = eV(N, q.slice()), G))
                }, W, Q)
            }, U, ((g(U, (g(U, (B((g(U, (g(U, (U.Eo = (((U.H = 0, U).Fq = [], U.h = ((U.G = 0, U).I = U, []), U.O = (U.N = false, U.j = 8001, U.D = (U.Y = 1, void 0), U.J = 25, U.F = [], (U.T = null, U).cv = false, U.l = [], I = (U.s = void 0, (U.lC = 0, window).performance || {}), 0), U.Si = (U.U = (U.Z = (U.W = 0, U.K = false, 0), U.L = void 0, U.g = 0, U.C = (U.S = void 0, void 0), U.R = void 0, void 0), U.P = [], function(W) {
                this.I = W
            }), U).V = [], I.timeOrigin || (I.timing || {}).navigationStart || 0), 99), 0), 492), 0), function(W, P, V, m, q, e, c) {
                for (q = (c = (m = (V = u(W), e = tk(W), ""), J(317, W)), c).length, P = 0; e--;) P = ((P | 0) + (tk(W) | 0)) % q, m += D[c[P]];
                g(W, V, m)
            }), U, 11), 212), {}), 396), U), U.oS = 0, B)(function(W, P, V, m) {
                g(W, (V = (m = (V = (P = u(W), u)(W), u(W)), P = J(P, W), J(V, W)), m), P in V | 0)
            }, U, 446), 110)), 91), 2048), g(U, 32, H(4)), B)(function(W, P, V, m, q) {
                (m = J((q = (q = (m = (P = u((V = u(W), W)), u(W)), u)(W), P = J(P, W), J(q, W)), m), W), V = J(V, W.I), 0 !== V) && (m = cG(W, m, q, 1, V, P), V.addEventListener(P, m, A), g(W, 173, [V, P, m]))
            }, U, 395), U), 70), 45)), 0), 263), [160, 0, 0]), U), 5), U), 173, 0), U), 9), B(function(W, P, V) {
                y(false, true, W, P) || (P = u(W), V = u(W), g(W, V, function(m) {
                    return eval(m)
                }(Ev(J(P, W.I)))))
            }, U, 440), function(W, P, V, m, q, e) {
                if (!y(true, true, W, P)) {
                    if ("object" == (V = J((P = J((P = (V = u((m = (q = u(W), u(W)), W)), u(W)), P), W), m = J(m, W), V), W), W = J(q, W), bY(W))) {
                        for (e in q = [], W) q.push(e);
                        W = q
                    }
                    for (q = (V = 0 < V ? V : 1, e = 0, W.length); e < q; e += V) m(W.slice(e, (e | 0) + (V | 0)), P)
                }
            }), U, 422), U), 479), B)(function(W, P) {
                P = J(u(W), W), sv(P, W.I)
            }, U, 498), U), 351), 0)), 119)), function(W) {
                SV(3, W)
            }), U, 279), [])), U), 83), function(W, P, V, m) {
                g(W, (V = u((m = (P = u(W), u)(W), W)), V), J(P, W) || J(m, W))
            }), U, 41), 270)), U), 267), U).ZZ = 0, 0)), U), 194), 10), n), U), 333), U), 359), 397)), 477)), U), 98), g(U, 223, []), U), 504), 0), 0]), U), 305), U), 329), f)(U, [Ze]), L), t]), [iY, l])), true))
        },
        g = function(U, l, t) {
            if (99 == l || 492 == l) U.F[l] ? U.F[l].concat(t) : U.F[l] = eV(U, t);
            else {
                if (U.K && 467 != l) return;
                263 == l || 32 == l || 253 == l || 223 == l || 299 == l ? U.F[l] || (U.F[l] = Mw(t, U, 102, l)) : U.F[l] = Mw(t, U, 97, l)
            }
            467 == l && (U.R = w(false, U, 32), U.D = void 0)
        },
        bY = function(U, l, t) {
            if ("object" == (t = typeof U, t))
                if (U) {
                    if (U instanceof Array) return "array";
                    if (U instanceof Object) return t;
                    if ((l = Object.prototype.toString.call(U), "[object Window]") == l) return "object";
                    if ("[object Array]" == l || "number" == typeof U.length && "undefined" != typeof U.splice && "undefined" != typeof U.propertyIsEnumerable && !U.propertyIsEnumerable("splice")) return "array";
                    if ("[object Function]" == l || "undefined" != typeof U.call && "undefined" != typeof U.propertyIsEnumerable && !U.propertyIsEnumerable("call")) return "function"
                } else return "null";
            else if ("function" == t && "undefined" == typeof U.call) return "object";
            return t
        },
        lY = function(U, l, t, I, D) {
            if (I = U[0], I == r) l.J = 25, l.A(U);
            else if (I == p) {
                D = U[1];
                try {
                    t = l.S || l.A(U)
                } catch (W) {
                    S(W, l), t = l.S
                }
                D(t)
            } else if (I == d2) l.A(U);
            else if (I == L) l.A(U);
            else if (I == iY) {
                try {
                    for (t = 0; t < l.P.length; t++) try {
                        D = l.P[t], D[0][D[1]](D[2])
                    } catch (W) {}
                } catch (W) {}(0, (l.P = [], U)[1])(function(W, P) {
                    l.u(W, true, P)
                }, function(W) {
                    ((W = !l.h.length, f)(l, [IB]), W) && C(true, l, false)
                })
            } else {
                if (I == Y) return t = U[2], g(l, 101, U[6]), g(l, 212, t), l.A(U);
                I == IB ? (l.F = null, l.l = [], l.V = []) : I == Ze && "loading" === n.document.readyState && (l.T = function(W, P) {
                    function V() {
                        P || (P = true, W())
                    }
                    n.document.addEventListener((P = false, "DOMContentLoaded"), V, A), n.addEventListener("load", V, A)
                })
            }
        },
        H = function(U, l) {
            for (l = []; U--;) l.push(255 * Math.random() | 0);
            return l
        },
        aB = function(U, l, t) {
            return U.u(function(I) {
                t = I
            }, false, l), t
        },
        v, sv = function(U, l) {
            g(l, 99, (l.Fq.push(l.F.slice()), l.F[99] = void 0, U))
        },
        T, K = function(U, l, t, I, D, W) {
            if (l.I == l)
                for (W = J(U, l), 32 == U ? (U = function(P, V, m, q) {
                        if ((q = W.length, m = (q | 0) - 4 >> 3, W.iC) != m) {
                            m = (m << (V = [(W.iC = m, 0), 0, D[1], D[2]], 3)) - 4;
                            try {
                                W.Cs = xa(Nw(W, m), V, Nw(W, (m | 0) + 4))
                            } catch (e) {
                                throw e;
                            }
                        }
                        W.push(W.Cs[q & 7] ^ P)
                    }, D = J(299, l)) : U = function(P) {
                        W.push(P)
                    }, I && U(I & 255), l = t.length, I = 0; I < l; I++) U(t[I])
        },
        hk = function(U, l, t, I) {
            function D() {}
            return {
                invoke: (I = Jk(U, function(W) {
                    D && (l && g2(l), t = W, D(), D = void 0)
                }, (t = void 0, !!l))[0], function(W, P, V, m) {
                    function q() {
                        t(function(e) {
                            g2(function() {
                                W(e)
                            })
                        }, V)
                    }
                    if (!P) return P = I(V), W && W(P), P;
                    t ? q() : (m = D, D = function() {
                        g2((m(), q))
                    })
                })
            }
        },
        SV = function(U, l, t, I, D) {
            K(((t = (I = (t = (D = U & 4, U &= 3, u(l)), u)(l), J(t, l)), D) && (t = jV("" + t)), U && K(I, l, M(t.length, 2)), I), l, t)
        },
        h = function(U, l, t, I, D, W) {
            if (!t.K) {
                if (3 < (U = J(91, ((l = ((W = J(223, ((I = void 0, U) && U[0] === R && (l = U[1], I = U[2], U = void 0), t)), 0 == W.length) && (D = J(492, t) >> 3, W.push(l, D >> 8 & 255, D & 255), void 0 != I && W.push(I & 255)), ""), U) && (U.message && (l += U.message), U.stack && (l += ":" + U.stack)), t)), U)) {
                    (I = (l = (l = l.slice(0, (U | 0) - 3), U -= (l.length | 0) + 3, jV(l)), t.I), t).I = t;
                    try {
                        K(32, t, M(l.length, 2).concat(l), 9)
                    } finally {
                        t.I = I
                    }
                }
                g(t, 91, U)
            }
        },
        jV = function(U, l, t, I, D) {
            for (D = (U = U.replace(/\r\n/g, "\n"), I = 0, []), t = 0; I < U.length; I++) l = U.charCodeAt(I), 128 > l ? D[t++] = l : (2048 > l ? D[t++] = l >> 6 | 192 : (55296 == (l & 64512) && I + 1 < U.length && 56320 == (U.charCodeAt(I + 1) & 64512) ? (l = 65536 + ((l & 1023) << 10) + (U.charCodeAt(++I) & 1023), D[t++] = l >> 18 | 240, D[t++] = l >> 12 & 63 | 128) : D[t++] = l >> 12 | 224, D[t++] = l >> 6 & 63 | 128), D[t++] = l & 63 | 128);
            return D
        },
        w = function(U, l, t, I, D, W, P, V, m, q, e, c, b, d) {
            if ((e = J(99, l), e) >= l.H) throw [R, 31];
            for (D = (I = l.Hv.length, b = 0, t), m = e; 0 < D;) c = m % 8, P = m >> 3, W = 8 - (c | 0), W = W < D ? W : D, d = l.l[P], U && (q = l, q.D != m >> 6 && (q.D = m >> 6, V = J(467, q), q.L = xa(q.R, [0, 0, V[1], V[2]], q.D)), d ^= l.L[P & I]), m += W, b |= (d >> 8 - (c | 0) - (W | 0) & (1 << W) - 1) << (D | 0) - (W | 0), D -= W;
            return g((U = b, l), 99, (e | 0) + (t | 0)), U
        },
        uY = function(U, l, t, I) {
            for (I = (t = u(l), 0); 0 < U; U--) I = I << 8 | E(l);
            g(l, t, I)
        },
        A = {
            passive: true,
            capture: true
        },
        n = this || self,
        oB = function(U, l, t, I) {
            try {
                I = U[((l | 0) + 2) % 3], U[l] = (U[l] | 0) - (U[((l | 0) + 1) % 3] | 0) - (I | 0) ^ (1 == l ? I << t : I >>> t)
            } catch (D) {
                throw D;
            }
        },
        y = function(U, l, t, I, D, W, P, V, m) {
            if (t.Y += (W = (D = (P = (l || t.U++, 0 < t.O && t.N) && t.cv && 1 >= t.W && !t.C && !t.T && (!l || 1 < t.j - I) && 0 == document.hidden, V = 4 == t.U) || P ? t.B() : t.Z, D - t.Z), m = W >> 14, t.R && (t.R ^= m * (W << 2)), m), t.I = m || t.I, V || P) t.U = 0, t.Z = D;
            if (!P || D - t.g < t.O - (U ? 255 : l ? 5 : 2)) return false;
            return !((g(t, (t.j = I, U = J(l ? 492 : 99, t), 99), t.H), t.h.push([d2, U, l ? I + 1 : I]), t).T = g2, 0)
        },
        Nw = function(U, l) {
            return U[l] << 24 | U[(l | 0) + 1] << 16 | U[(l | 0) + 2] << 8 | U[(l | 0) + 3]
        },
        Mw = function(U, l, t, I, D, W, P, V) {
            return (U = [-32, -66, -39, (P = t & (W = RB, 7), -36), -61, 36, U, -76, 70, 41], V = z[l.i](l.yg), V)[l.i] = function(m) {
                P += (D = m, 6 + 7 * t), P &= 7
            }, V.concat = function(m) {
                return m = (m = (m = I % 16 + 1, 1 * I * I * m + (W() | 0) * m + U[P + 27 & 7] * I * m + P - m * D - 48 * I * I * D - -3168 * I * D + 48 * D * D - 3552 * D), U[m]), D = void 0, U[(P + 37 & 7) + (t & 2)] = m, U[P + (t & 2)] = -66, m
            }, V
        },
        J = function(U, l) {
            if ((l = l.F[U], void 0) === l) throw [R, 30, U];
            if (l.value) return l.create();
            return (l.create(1 * U * U + -66 * U + 74), l).prototype
        },
        y0 = function(U, l) {
            return [(l(function(t) {
                t(U)
            }), function() {
                return U
            })]
        },
        w2 = function(U, l) {
            return z[l](z.prototype, {
                pop: U,
                length: U,
                propertyIsEnumerable: U,
                floor: U,
                replace: U,
                splice: U,
                call: U,
                document: U,
                stack: U,
                parent: U,
                console: U,
                prototype: U
            })
        },
        xa = function(U, l, t, I, D) {
            for (l = l[2] | (I = l[D = 0, 3] | 0, 0); 14 > D; D++) t = t >>> 8 | t << 24, t += U | 0, U = U << 3 | U >>> 29, t ^= l + 3261, I = I >>> 8 | I << 24, U ^= t, I += l | 0, l = l << 3 | l >>> 29, I ^= D + 3261, l ^= I;
            return [U >>> 24 & 255, U >>> 16 & 255, U >>> 8 & 255, U >>> 0 & 255, t >>> 24 & 255, t >>> 16 & 255, t >>> 8 & 255, t >>> 0 & 255]
        },
        cG = function(U, l, t, I, D, W) {
            function P() {
                if (U.I == U) {
                    if (U.F) {
                        var V = [Y, l, t, void 0, D, W, arguments];
                        if (2 == I) var m = C((f(U, V), false), U, false);
                        else if (1 == I) {
                            var q = !U.h.length;
                            (f(U, V), q) && C(false, U, false)
                        } else m = lY(V, U);
                        return m
                    }
                    D && W && D.removeEventListener(W, P, A)
                }
            }
            return P
        },
        B = function(U, l, t) {
            U[g(l, t, U), Ze] = 2796
        },
        g2 = n.requestIdleCallback ? function(U) {
            requestIdleCallback(function() {
                U()
            }, {
                timeout: 4
            })
        } : n.setImmediate ? function(U) {
            setImmediate(U)
        } : function(U) {
            setTimeout(U, 0)
        },
        Q0 = function(U, l) {
            if ((U = n.trustedTypes, l = null, !U) || !U.createPolicy) return l;
            try {
                l = U.createPolicy("bg", {
                    createHTML: Ki,
                    createScript: Ki,
                    createScriptURL: Ki
                })
            } catch (t) {
                n.console && n.console.error(t.message)
            }
            return l
        },
        Jk = function(U, l, t, I) {
            return (I = v[U.substring(0, 3) + "_"]) ? I(U.substring(3), l, t) : y0(U, l)
        },
        eV = function(U, l, t) {
            return ((t = z[U.i](U.ns), t)[U.i] = function() {
                return l
            }, t).concat = function(I) {
                l = I
            }, t
        },
        $a = function(U, l, t) {
            if (3 == U.length) {
                for (t = 0; 3 > t; t++) l[t] += U[t];
                for (t = [13, (U = 0, 8), 13, 12, 16, 5, 3, 10, 15]; 9 > U; U++) l[3](l, U % 3, t[U])
            }
        },
        Ci = function(U, l, t, I, D, W) {
            for (I = (l = u((D = (t = (W = U[Xi] || {}, u)(U), W.mN = u(U), W.o = [], U).I == U ? (E(U) | 0) - 1 : 1, U)), 0); I < D; I++) W.o.push(u(U));
            for (W.IS = J(l, U); D--;) W.o[D] = J(W.o[D], U);
            return W.v = J(t, U), W
        },
        S = function(U, l) {
            l.S = ((l.S ? l.S + "~" : "E:") + U.message + ":" + U.stack).slice(0, 2048)
        },
        Gm = function(U, l, t, I) {
            return J(212, (g(U, 99, (((I = J(99, U), U.l && I < U.H) ? (g(U, 99, U.H), sv(t, U)) : g(U, 99, t), mr)(l, U), I)), U))
        },
        Ki = function(U) {
            return U
        },
        Xi = String.fromCharCode(105, 110, 116, 101, 103, 67, 104, 101, 99, 107, 66, 121, 112, 97, 115, 115),
        d2 = [],
        Ze = [],
        iY = [],
        p = (x.prototype.Wv = void 0, x.prototype.hA = (x.prototype.xQ = void 0, false), []),
        Y = (x.prototype.X = "toString", []),
        IB = [],
        R = {},
        r = [],
        L = [],
        z = (((De, function() {})(H), function() {})(oB), $a, R.constructor),
        RB = (T = x.prototype, T.ps = function(U, l, t, I, D, W) {
            for (t = (D = I = 0, []); D < U.length; D++)
                for (I += l, W = W << l | U[D]; 7 < I;) I -= 8, t.push(W >> I & 255);
            return t
        }, void 0);
    T.rT = (T.DZ = ((T.u = function(U, l, t, I, D) {
        if ((t = "array" === bY(t) ? t : [t], this).S) U(this.S);
        else try {
            I = [], D = !this.h.length, f(this, [r, I, t]), f(this, [p, U, I]), l && !D || C(l, this, true)
        } catch (W) {
            S(W, this), U(this.S)
        }
    }, T).B = (window.performance || {}).now ? function() {
        return this.Eo + window.performance.now()
    } : function() {
        return +new Date
    }, T.Tb = function(U, l, t, I, D) {
        for (I = D = 0; I < U.length; I++) D += U.charCodeAt(I), D += D << 10, D ^= D >> 6;
        return (D = (U = (D += D << 3, D ^= D >> 11, D + (D << 15) >>> 0), new Number(U & (1 << l) - 1)), D)[0] = (U >>> l) % t, D
    }, T.RS = (x.prototype.i = "create", function() {
        return Math.floor(this.B())
    }), function() {
        return Math.floor(this.G + (this.B() - this.g))
    }), function(U, l, t) {
        return ((l ^= l << 13, l ^= l >> 17, l = (l ^ l << 5) & t) || (l = 1), U) ^ l
    }), x.prototype.A = function(U, l) {
        return U = (RB = function() {
                return l == U ? 74 : 111
            }, l = {}, {}),
            function(t, I, D, W, P, V, m, q, e, c, b, d, Z, Q, a) {
                Z = l, l = U;
                try {
                    if (W = t[0], W == L) {
                        P = t[1];
                        try {
                            for (b = (D = [], c = atob(P), q = 0); q < c.length; q++) d = c.charCodeAt(q), 255 < d && (D[b++] = d & 255, d >>= 8), D[b++] = d;
                            g(this, 467, [0, 0, (this.l = D, this.H = this.l.length << 3, 0)])
                        } catch (X) {
                            h(X, 17, this);
                            return
                        }
                        mr(8001, this)
                    } else if (W == r) t[1].push(J(253, this).length, J(263, this).length, J(91, this), J(32, this).length), g(this, 212, t[2]), this.F[175] && Gm(this, 8001, J(175, this));
                    else {
                        if (W == p) {
                            this.I = (I = (Q = M(((q = t[2], J(263, this)).length | 0) + 2, 2), this).I, this);
                            try {
                                e = J(223, this), 0 < e.length && K(263, this, M(e.length, 2).concat(e), 10), K(263, this, M(this.Y, 1), 109), K(263, this, M(this[p].length, 1)), c = 0, c -= (J(263, this).length | 0) + 5, c += J(391, this) & 2047, V = J(32, this), 4 < V.length && (c -= (V.length | 0) + 3), 0 < c && K(263, this, M(c, 2).concat(H(c)), 15), 4 < V.length && K(263, this, M(V.length, 2).concat(V), 156)
                            } finally {
                                this.I = I
                            }
                            if ((b = H(2).concat(J(263, this)), b[1] = b[0] ^ 6, b[3] = b[1] ^ Q[0], b)[4] = b[1] ^ Q[1], a = this.bC(b)) a = "!" + a;
                            else
                                for (c = 0, a = ""; c < b.length; c++) m = b[c][this.X](16), 1 == m.length && (m = "0" + m), a += m;
                            return J(32, (g(this, 91, ((J(253, (D = a, this)).length = q.shift(), J(263, this)).length = q.shift(), q.shift())), this)).length = q.shift(), D
                        }
                        if (W == d2) Gm(this, t[2], t[1]);
                        else if (W == Y) return Gm(this, 8001, t[1])
                    }
                } finally {
                    l = Z
                }
            }
    }();
    var qw, fi = /./,
        pi = L.pop.bind(x.prototype[x.prototype[iY] = [0, 0, 1, 1, 0, 1, 1], ((x.prototype.bC = function(U, l, t, I) {
            if (l = window.btoa) {
                for (I = (t = "", 0); I < U.length; I += 8192) t += String.fromCharCode.apply(null, U.slice(I, I + 8192));
                U = l(t).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "")
            } else U = void 0;
            return U
        }, x.prototype).NT = 0, x).prototype.Bv = 0, r]),
        Ev = (qw = w2({get: pi
        }, (fi[x.prototype.X] = pi, x.prototype.i)), x.prototype.kQ = void 0, function(U, l) {
            return (l = Q0()) && 1 === U.eval(l.createScript("1")) ? function(t) {
                return l.createScript(t)
            } : function(t) {
                return "" + t
            }
        }(n));
    (40 < (v = n.botguard || (n.botguard = {}), v.m) || (v.m = 41, v.bg = hk, v.a = Jk), v).VBW_ = function(U, l, t) {
        return [(t = new x(l, U), function(I) {
            return aB(t, I)
        })]
    };
}).call(this);
                                    

#4 JavaScript::Eval (size: 22, repeated: 1) - SHA256: cddf3e74bfb30b711ab78ab593d81b8eeaceb67583ef5cb097cb54dcb14f24ce

                                        0,
function(W) {
    uY(1, W)
}
                                    

#5 JavaScript::Eval (size: 22, repeated: 1) - SHA256: 590040aae3e25b40a2c334846d348c384c60ede4211a4373be806ca2ee55d9f9

                                        0,
function(W) {
    uY(2, W)
}
                                    

Executed Writes (0)



HTTP Transactions (77)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 26 Sep 2022 19:15:19 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Z3n_EwS_0m0cYgXmoOPaQZGlLIjw_VRmJ2mZqcOYofmHuxryjXGc5Q==
Age: 2161


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10045
Expires: Mon, 26 Sep 2022 22:38:45 GMT
Date: Mon, 26 Sep 2022 19:51:20 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 26 Sep 2022 04:35:16 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fyXB5IE1eQRTrbZ4vXbDgIsuJ7sMU3V9U4QCsn7e7qMTR6AWzBsbAQ==
age: 54965
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 26 Sep 2022 19:51:20 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 26 Sep 2022 19:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Mon, 26 Sep 2022 19:26:17 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: x8SsO6fPQEsS_Dfbs4CDBNsNfZqRXe6zMMl-EqX7RT3GZ65QgKIE9A==
Age: 2434


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /cart?cart_token=d2455aea-3cf4-11ed-bc08-027165b02942-63308b4b8da07&utm_source=SMS&utm_campaign=Carrinho%20Abandonado%201&forceCheckout=1&skipToCheckout=1&store_token=14c89e1a1a92eb05e5677a66dbd966c536060fae&customerToken=812a5160-3cf4-11ed-89ff-dfc4a1f20300 HTTP/1.1 
Host: seguro.caixamisteriosa.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         170.82.173.30
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Date: Mon, 26 Sep 2022 19:51:20 GMT
Content-Length: 134
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://seguro.caixamisteriosa.net:443/cart?cart_token=d2455aea-3cf4-11ed-bc08-027165b02942-63308b4b8da07&utm_source=SMS&utm_campaign=Carrinho%20Abandonado%201&forceCheckout=1&skipToCheckout=1&store_token=14c89e1a1a92eb05e5677a66dbd966c536060fae&customerToken=812a5160-3cf4-11ed-89ff-dfc4a1f20300
X-GoCache-CacheStatus: BYPASS
Server: gocache


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   134
Md5:    4aa7a432bb447f094408f1bd6229c605
Sha1:   1965c4952cc8c082a6307ed67061a57aab6632fa
Sha256: 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4844
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 19:51:20 GMT
Last-Modified: Mon, 26 Sep 2022 18:30:36 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F341A91CCA657C3124029567D07C347D573173C3D9809F0223A1FDC68DCA2493"
Last-Modified: Sat, 24 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 27 Sep 2022 01:51:21 GMT
Date: Mon, 26 Sep 2022 19:51:21 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Hhc5Hg6qnsMU7A3bZ+UsDg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.214.236.46
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Qy/9gBX9gXpKawFD1dqNdhXOWrI=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4061
Expires: Mon, 26 Sep 2022 20:59:03 GMT
Date: Mon, 26 Sep 2022 19:51:22 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4061
Expires: Mon, 26 Sep 2022 20:59:03 GMT
Date: Mon, 26 Sep 2022 19:51:22 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9723d426-a6ee-4860-8067-0b8d98143233.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8637
x-amzn-requestid: 07dc23e0-000f-4f6c-8d2b-0e65d88be270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSvvEenoAMFr0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cb31-520803124760abc216152d7b;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:42:09 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mToVKJcSAtJB1AOuQ-Y9o_EZzyhUuZJivVa3DLql5FwzK4NC82kh5Q==
via: 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:06:17 GMT
age: 78305
etag: "e49306a3713cb724be024a4ddb5e90645718a718"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8637
Md5:    d02ede0c964f3346fd53ae2950bf2a62
Sha1:   e49306a3713cb724be024a4ddb5e90645718a718
Sha256: c0e653d89656016c55aca9b198b9191620f1ae9a3c45742a90744bd74c4f9505
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd85aa2-fe15-49c2-aa3e-38b97cb99849.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5157
x-amzn-requestid: b5748f49-693f-4bc3-a850-cb68e770de24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUG9GUHIAMF7pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd5f-5d2aaa212cf1be2506593746;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:51:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4h9lb_7egxb2hBbxjcS_cpZ5lDq6Lx-c_WUZyRHdUA0YTwr6kgDuiQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:10:16 GMT
age: 78066
etag: "85e378d0fff856832a8dd01743516b9476fed8c6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5157
Md5:    2fe8c4f0c70fb6c1f4259eabedc7015e
Sha1:   85e378d0fff856832a8dd01743516b9476fed8c6
Sha256: 508a1c7d350fcf82d1ece0b99f8557b2f300c7c1148f28c3ae9fece20530e4b6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3689ec8-63b4-42ae-b7d5-a9b4b63af788.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5980
x-amzn-requestid: fbf0c390-da24-49e2-8492-43e29e5d4bb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCTHCGJVoAMFgxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cbc6-1f9b1b7d63467c58702e6d7e;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:44:38 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pt7rJi8EIQFBk0gHQZ1WnjvThPba86XZCGFs83l1ZW2dj-_6bZprAA==
via: 1.1 ec2a2c75c16156e4d43504606c118b90.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:49:56 GMT
age: 79286
etag: "12aac1bd22e675f09a220de08b4656e801c2e647"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5980
Md5:    ef17205adb2b478d3bff54b048208d22
Sha1:   12aac1bd22e675f09a220de08b4656e801c2e647
Sha256: 620fe39cf421ed3a21e968570f7e863d69224113be867ec2457ed3850ea113f6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10318
x-amzn-requestid: 6a205445-8a9e-4f25-b144-ba6e6934d383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSlhFNAIAMFmBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330caef-61ecbf9154cd56131b940ac0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qP5-TglQAoTGc78-rIK27mKRTS_WthN0OpiiMqSF-y2rmWxVOyfNVw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:57:14 GMT
age: 78848
etag: "cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10318
Md5:    a90590f26bae9ad9e95ffdfbfb7dd21d
Sha1:   cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3
Sha256: 33fe3394213e01d11c3e005cb5a678ba74511704d4132fc2bd9f7ad4e1b7dbfc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 21:37:19 GMT
age: 80043
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Size:   12826
Md5:    b3a72e81317074689a71dac7059e4b6a
Sha1:   b6d56333d7f1ea7ddc8838d84de498ff913c5464
Sha256: e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7838a122-2b2e-4e4c-9bcc-7c6b46a93b1e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11728
x-amzn-requestid: bf60e58f-c4f4-45c7-923b-0d1539f720f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCUCGGw7oAMF3wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330cd40-32043c1b1411544f5d00edc0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:50:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZRG0Axnhc5RY5rDbnnbauco9dpPeFdkP01UxkpNYI5pgSbfGKWcikw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 22:16:26 GMT
age: 77696
etag: "9660bb2d38079182efbd11d7a687bfc7f9d30751"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11728
Md5:    968b9c138702fb5994d1d9eab1a697fa
Sha1:   9660bb2d38079182efbd11d7a687bfc7f9d30751
Sha256: 5ba74820ad451747c8ed25529f06b037bebf4c0616a1f2165c9197c1171db7a6
                                        
                                            GET /checkout/address HTTP/1.1 
Host: seguro.caixamisteriosa.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Inc4dlhrcWYxTEcrK2E2dkk4VURcL0dBPT0iLCJ2YWx1ZSI6IktkUVA3UVZ5dElJNWRHQWNQSU5mTVFBNmpKXC9QNWlyUExtVVIzc3J5ZmFjQTR0RURTSWR2ajVhWXNKVWhOVXYxQ0crYitpN1hhXC9mS0hFU3hrblwvQjZnPT0iLCJtYWMiOiJmNDQ5MmQ3NTU0MDE4MWJlZTEyYTk2NWM3NWJiNGZjZTQyM2ViNzQyNmRhYzc3ODMxYmY4NDI5YjY3ZWMxMDlmIn0%3D; bubbstore_checkout=eyJpdiI6ImZTU3c3SU1PcWZ6RmlKQzNSdE4yUFE9PSIsInZhbHVlIjoiQ0QwTWw1NzA3ZUZKaFFCSzdIQXVrR1NuYTVScFVIanhsMjlCdWNlTkZZWTNwOHlHb0trVVJUNUtEQ2FURFVac1F5TnFmdWI0ZjRoeUlxODRXN1wvR1BBPT0iLCJtYWMiOiI5ODA5ZTNhMjRkN2RhZDQ5NjYxYTg3MjI5MDEzNzY2NDJhNmFjNzExMDJiMTgzZmVmYTVmOTllYzA2NTE3Y2M4In0%3D; caixa-misteriosa9_cart=eyJpdiI6IjNsNmxGRWNGNVNSY1wvZGJBQWtsOTh3PT0iLCJ2YWx1ZSI6InZiZVQ5Z1Z6U2x2N3grd3lFVkRPQmN4MkF4NEZTamVTM2xmWjBaWEhzWDY1WDNoMzVGQXY4WWdQUHR5Y3MwQTh5RlB2bTBOQzJiZ1NseXkwRk84amZ3PT0iLCJtYWMiOiIyNzZlMTc5MzNjMzM1YWViZWNkZmNkOGFlNmE5ZmVmODc3MzE2MzFmM2I1MTNhMDBkMGE3ZTJlZDE0NjVjY2ZiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

                                         
                                         170.82.173.30
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Mon, 26 Sep 2022 19:51:23 GMT
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6ImM0ckdLb1dUcGJ0UHBFUDZuamdZK0E9PSIsInZhbHVlIjoiWHZYTFBnazgzYXZVSFI4T25JT3V2RjFKVTMwbFExOVcwTFFvSE02aDRUUXZIU3A5ZllzMEpOMkkzcllpMXQ2YjJTQm1pclVFZk1ZeVdoa3JNTG5vMlE9PSIsIm1hYyI6ImIxMTcxMmUxZTliNjUzOGFmMjRmYTQzODQzOGU3NDU4OWFmMzZhMGE1NzJkZTI2YjI4NTM4NjIxMTU5NzIzMTcifQ%3D%3D; expires=Mon, 26-Sep-2022 22:51:23 GMT; Max-Age=10800; path=/ bubbstore_checkout=eyJpdiI6IjdxSFhXUjRjTk5qU2xjMTc3NDFkMkE9PSIsInZhbHVlIjoiUWN4NHN0SnFJdHE5YlZxMndMdUhyZldvTWRsN3pyZmNsdFFTVFJjTmZReVRIcXd3aEhUS2FPYUNSbmppKzVIQktRUko2SG5JQ29oN0x2XC92d1JEY0JnPT0iLCJtYWMiOiI4NDg4ZmNhYWM3MmYzODI4NjI3OWIyOWQxOGI3YTU1ZmE3MTRhNGU1YTQ1MmJiNGM4MzA2MWJkNzQ0ZjE2MjA0In0%3D; expires=Mon, 26-Sep-2022 22:51:23 GMT; Max-Age=10800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   36495
Md5:    6bbff05b3d40c757300ad79ac7e90224
Sha1:   690c9d72ddbedf2f772f8217a9d5814cd193ae24
Sha256: c2b687bb4cb0299a3ac04fd517f0456f9b0c822424ba27df0747322b23e57283

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /s/gts1d4/pWyJAO6WNqQ HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 19:51:23 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 19:51:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v0.js HTTP/1.1 
Host: js.upnid.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         130.211.14.112
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
vary: Origin
content-encoding: gzip
via: 1.1 google
content-length: 8884
date: Mon, 26 Sep 2022 17:09:15 GMT
age: 9728
last-modified: Tue, 19 Jan 2021 20:16:07 GMT
cache-control: public,max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (23050)
Size:   8884
Md5:    960c2f02f796ed460b2c3911ee0f498d
Sha1:   862e007ff302286b83d9e5b4b880acdf5894ac1a
Sha256: d5112369b9ae06973e98285df7d92749ddae470430912d01fd70f7c45207592f
                                        
                                            GET /cart?cart_token=d2455aea-3cf4-11ed-bc08-027165b02942-63308b4b8da07&utm_source=SMS&utm_campaign=Carrinho%20Abandonado%201&forceCheckout=1&skipToCheckout=1&store_token=14c89e1a1a92eb05e5677a66dbd966c536060fae&customerToken=812a5160-3cf4-11ed-89ff-dfc4a1f20300 HTTP/1.1 
Host: seguro.caixamisteriosa.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         170.82.173.30
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Mon, 26 Sep 2022 19:51:21 GMT
location: https://seguro.caixamisteriosa.net/checkout/payment?cart_token=d2455aea-3cf4-11ed-bc08-027165b02942-63308b4b8da07&utm_source=SMS&utm_campaign=Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=14c89e1a1a92eb05e5677a66dbd966c536060fae&customerToken=812a5160-3cf4-11ed-89ff-dfc4a1f20300
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6Im01TW5QZ3BLYmlHVlJzSEh5OXVtOHc9PSIsInZhbHVlIjoiWVJ3N1NPcFFLYjMzNHZvMEdYU3pUQzZYQm9yU2RqdldXZ0ZpUVlTQlordk1yQ2puTGRIVVdtQnRXVTlEYzNYbHhXRkd2YTJ1b29oNmdJa2hOMHZoZ3c9PSIsIm1hYyI6IjMxNjZhMTgyMjBmMDYwZmQxNTQzMjNkOGNhOWQ0MWFkNjMyZTRiM2U3NzU3YTZiMmM1OWQxY2YwYTZiNGY4YzQifQ%3D%3D; expires=Mon, 26-Sep-2022 22:51:21 GMT; Max-Age=10800; path=/ bubbstore_checkout=eyJpdiI6IjJRaWZ1XC9DWVB2MGFsSjB6aGluNU9nPT0iLCJ2YWx1ZSI6Ik1HUGJFY1ppamM5aUVnR29xZjY5eU9vbVBpRzE3RTZrbEVGOVBHa2xTejBLTURvenFXYjh2MUVTd0Z2T0JYTGJnTFhLUjByV2ExM0tQb1VuMFVTY1JRPT0iLCJtYWMiOiJjYTI3NmNmZjNlMjEyMTE2MDE4MTUyZjY1MTAzNzRhNjViMDc5MmQyZDFhZjYyMTMyYzk1MTAzODg1ZWNiOWRmIn0%3D; expires=Mon, 26-Sep-2022 22:51:21 GMT; Max-Age=10800; path=/; httponly caixa-misteriosa9_cart=eyJpdiI6IjNsNmxGRWNGNVNSY1wvZGJBQWtsOTh3PT0iLCJ2YWx1ZSI6InZiZVQ5Z1Z6U2x2N3grd3lFVkRPQmN4MkF4NEZTamVTM2xmWjBaWEhzWDY1WDNoMzVGQXY4WWdQUHR5Y3MwQTh5RlB2bTBOQzJiZ1NseXkwRk84amZ3PT0iLCJtYWMiOiIyNzZlMTc5MzNjMzM1YWViZWNkZmNkOGFlNmE5ZmVmODc3MzE2MzFmM2I1MTNhMDBkMGE3ZTJlZDE0NjVjY2ZiIn0%3D; expires=Sat, 01-Oct-2022 19:51:21 GMT; Max-Age=432000; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   7153
Md5:    2a2c8074ba50a603a8cc40395e8b3f87
Sha1:   a48e115c7ba27fd63b4499492a8921de8c19c8c5
Sha256: 02044a58f997dcc9c4cbf3a175edb4de5ae09ab62d3bf5e53523d0021ccc260d
                                        
                                            POST /s/gts1d4/pWyJAO6WNqQ HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 19:51:23 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 19:51:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 19:51:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /assets/stores/caixa-misteriosa9/uploads/testimonies/62e9636950b51.jpeg HTTP/1.1 
Host: images.yampi.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.26.2.88
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 26 Sep 2022 19:51:23 GMT
content-length: 8648
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9336, status=webp_bigger
etag: "8220257871413a2a14ab3d6b964f6abf"
last-modified: Tue, 02 Aug 2022 17:48:39 GMT
x-amz-id-2: ouc8a2+SacvyVF/v73Vk87KbJQ8d9xkaJoM7ggwb85Ypzd6ImIQ3tuVDt//TWcNxIJuEm0+sOqg=
x-amz-request-id: NJ81Z001YFPEVFYN
x-amz-version-id: HfrtBnZFXQLQQPWMe2SSfAQyOFUNAZMA
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s4RU7K8XTRS7uDne59PYZul%2F2FBi%2Bs6iymnTuRyEMwHiCZw7ms6f5SajhCNz6XKhMe%2B5m5LnDaK2HBTlQWhjh1t49cBlLWB8cG2HpFYRH6ChZWKwQR0qtPC3VX8dUFRrLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750e88b4af060b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 150x150, components 3\012- data
Size:   8648
Md5:    53f8716e4000def629db36d31f645cb1
Sha1:   db8c371fc52e7ab263634119821620d9f03c814f
Sha256: 2efb36089e2b052421b3c15c6c159fae1924bc1a1c2209ccd82f4d0ccc13f1c2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 19:51:23 GMT
Server: ECS (amb/6B83)
Content-Length: 280

                                        
                                            GET /assets/stores/caixa-misteriosa9/uploads/testimonies/62e96354775ca.jpeg HTTP/1.1 
Host: images.yampi.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.26.2.88
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 26 Sep 2022 19:51:23 GMT
content-length: 8208
cf-bgj: imgq:100,h2pri
cf-polished: origSize=8822, status=webp_bigger
etag: "64d0d3cf4cf12b175c2bfde2b119fd73"
last-modified: Tue, 02 Aug 2022 17:48:39 GMT
x-amz-id-2: Hec9fp/1gbenj/r/SuuJGxNCiXP8S4qbh4PK6Sx0jIXXOclYL1lIfgQqxR79dCKihT8ukA+HHSY=
x-amz-request-id: NJ81HRF3F5T62JX5
x-amz-version-id: xeytj2tGe9ZE1VBrjh._yFfBsbQCZQQP
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k402W256fVTMH%2F0Y63BXKItfcJb9AMxWs6womBBLuSepRNrp%2B6I6pyzx%2BguhkQzYQe68cWI4cSekkPxftFWy1hG0XYt0%2Bo64etlTrUHuhlhpwez6DvPqWLMalkosKboUng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750e88b4bf0d0b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 150x150, components 3\012- data
Size:   8208
Md5:    9074436dac9f6d61bccb042c185adff3
Sha1:   b9d1247ca03baccc0203747de619c3579ac299fe
Sha256: b0a54814b8b0f5abf1f1c43941cfdc945fb105f0ad91962af3df15b2a98d1b24
                                        
                                            GET /assets/stores/caixa-misteriosa9/uploads/testimonies/62e9635ebe532.jpeg HTTP/1.1 
Host: images.yampi.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.26.2.88
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 26 Sep 2022 19:51:23 GMT
content-length: 10320
x-amz-id-2: PgZIUNm2E0JUWjYDWIF/KHV9njt9RdlmVfRQTTDm+T4AzKxDtkYs4ApE9Sy6uPVzAUuErPZJkf4=
x-amz-request-id: CY46QFQ3QFDKZDVJ
last-modified: Tue, 02 Aug 2022 17:48:39 GMT
x-amz-version-id: AatCE1mkRL6z1GEYqQay5AQrkz_0GlQk
etag: "04572c76d141851db42a1a6e13d38b71"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vkVLQ%2BUnYXyjrCGR%2Fkts93O8RiYBpLirg1eXqb8cld0BeHfPmW%2FLkejCGCR3j8qPqVTRJFs2M5ufbMCdJL21GoaLaZ%2F8qBOFuEKv6nuqd191QvO5IO0QfDNp%2BPdbU58qIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750e88b4af040b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 150x150, components 3\012- data
Size:   10320
Md5:    04572c76d141851db42a1a6e13d38b71
Sha1:   aee88a71a5c7a780c6fb9aad074674ea7caab126
Sha256: f97dc1da935583662b69ee9320a707de02f9c9ae32c6c825fdcaf51ee0618d50
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 19:51:24 GMT
Last-Modified: Mon, 26 Sep 2022 18:12:06 GMT
Server: ECS (nyb/1D27)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 4daX-ADCxs_F21UoN-a9L0h_N_VeGnuPek53usaIW6S0NaeLFigpvw==
Age: 5958

                                        
                                            GET /assets/stores/caixa-misteriosa9/uploads/images/caixa-misteriosa-edicao-limitada-62e956810efef-thumb.png HTTP/1.1 
Host: images.yampi.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.26.2.88
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 26 Sep 2022 19:51:24 GMT
content-length: 117743
x-amz-id-2: pVQuaDExIa7n+NjSxzs308rmaYBI9zAZiKUI6Bn1k0SF91ljcwPMstkRzFHHl00u5hJpEOtp2tA=
x-amz-request-id: CY4AVKXJ573KQKHB
last-modified: Tue, 02 Aug 2022 16:53:23 GMT
x-amz-version-id: wxueA8hLCjwh4ss.lHtzFO4OeJGoc8G3
etag: "c5a167df4f433c249cb974e00f55de3f"
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UuAWaOMqTeRPf0daxqePYQpO4GInKwc7JCR0WaC2PwHQP499bYQ5mINy4QsAwXFYx4T6fpA7CKB1iu4SykVGqs0MMj5p26f2JEmGiKGSJsdEy1Q4mP9V6uTZpcuikMzDtg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750e88b4af070b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 290 x 247, 8-bit/color RGBA, non-interlaced\012- data
Size:   117743
Md5:    c5a167df4f433c249cb974e00f55de3f
Sha1:   0fdbc7b9bda3c0885fb55020b14ea919f2df40e8
Sha256: 25c6c5a4710bc8608fe80c63712c812d1d03a01caa6ff038254851525fa08878
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 19:51:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/rubik/v21/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://seguro.caixamisteriosa.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 21:08:19 GMT
expires: Tue, 19 Sep 2023 21:08:19 GMT
cache-control: public, max-age=31536000
age: 600185
last-modified: Mon, 18 Jul 2022 19:32:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 33580, version 1.0\012- data
Size:   33580
Md5:    848cd2ecd011428969dc6b90431bc482
Sha1:   6b1a7b562a56bd54510e0f6f95e26babca331a1b
Sha256: 981307dcbbd348f6fb4e3eab184077392f9ee15097ea868f630debefad9044e9
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 19:51:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /fa/4.7.0/fa.woff2?v=4.7.0 HTTP/1.1 
Host: fonts.dooki.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://seguro.caixamisteriosa.net
Connection: keep-alive
Referer: https://fonts.dooki.com.br/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.0.53
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
date: Mon, 26 Sep 2022 19:51:25 GMT
content-length: 77160
x-amz-id-2: yqDwuz0f9TDs9rMT+Kv6V56HdF+LqNqg+hqSuGVeJIyHhxYYST23k09vF3ajW4MMfg+4FnCReDE=
x-amz-request-id: NJ84Y24GPPBHX159
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 1800
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Sat, 10 Nov 2018 14:21:40 GMT
x-amz-version-id: null
etag: "af7ae505a9eed503f8b8e6982036873e"
cf-cache-status: MISS
expires: Tue, 04 Oct 2022 19:51:25 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
server: cloudflare
cf-ray: 750e88bc7d8cb4f7-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size:   77160
Md5:    af7ae505a9eed503f8b8e6982036873e
Sha1:   d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
Sha256: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
                                        
                                            GET /king-assets.yampi.me/dooki/62e95d312bc5a/62e95d312bc60.png HTTP/1.1 
Host: s3.sa-east-1.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.95.164.84
HTTP/1.1 200 OK
Content-Type: image/png
                                        
x-amz-id-2: kAOIMLbqHB6zLhS3qvfAcqNjjd/Qumy+PGDrlNewvQnbt6sv4pOr77omM9KyIZs1/Uo6lIryxfY=
x-amz-request-id: CDKM8AGTEBDPF2DM
Date: Mon, 26 Sep 2022 19:51:25 GMT
Last-Modified: Tue, 02 Aug 2022 17:21:54 GMT
ETag: "42653495a27a747f3deff05ead6ab0f1"
Accept-Ranges: bytes
Server: AmazonS3
Content-Length: 190952


--- Additional Info ---
Magic:  PNG image data, 1628 x 1083, 8-bit/color RGBA, non-interlaced\012- data
Size:   190952
Md5:    42653495a27a747f3deff05ead6ab0f1
Sha1:   7f774f610fb12f312daeb5d49c5cc88af7dd1dc1
Sha256: 3ce6c07440b880752a44c423832b8a6691d7b22898871e08b38f0abe62b92fc4
                                        
                                            POST /e/t HTTP/1.1 
Host: seguro.caixamisteriosa.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: Vg8EVFRXARAJVldbDwQGVVU=
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MzUyNDkiLCJhcCI6IjExMzQxNzA4MjMiLCJpZCI6IjEwYmY4Zjc0MTBkZDYwMzIiLCJ0ciI6IjcyNjQxNGEyY2FlMmM4YTRjMDE4OWJkNGU3Yjc2NzRiIiwidGkiOjE2NjQyMjE4ODMyNDV9fQ==
traceparent: 00-726414a2cae2c8a4c0189bd4e7b7674b-10bf8f7410dd6032-01
tracestate: 2935249@nr=0-1-2935249-1134170823-10bf8f7410dd6032----1664221883245
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 376
Origin: https://seguro.caixamisteriosa.net
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/checkout/address
Cookie: XSRF-TOKEN=eyJpdiI6ImM0ckdLb1dUcGJ0UHBFUDZuamdZK0E9PSIsInZhbHVlIjoiWHZYTFBnazgzYXZVSFI4T25JT3V2RjFKVTMwbFExOVcwTFFvSE02aDRUUXZIU3A5ZllzMEpOMkkzcllpMXQ2YjJTQm1pclVFZk1ZeVdoa3JNTG5vMlE9PSIsIm1hYyI6ImIxMTcxMmUxZTliNjUzOGFmMjRmYTQzODQzOGU3NDU4OWFmMzZhMGE1NzJkZTI2YjI4NTM4NjIxMTU5NzIzMTcifQ%3D%3D; bubbstore_checkout=eyJpdiI6IjdxSFhXUjRjTk5qU2xjMTc3NDFkMkE9PSIsInZhbHVlIjoiUWN4NHN0SnFJdHE5YlZxMndMdUhyZldvTWRsN3pyZmNsdFFTVFJjTmZReVRIcXd3aEhUS2FPYUNSbmppKzVIQktRUko2SG5JQ29oN0x2XC92d1JEY0JnPT0iLCJtYWMiOiI4NDg4ZmNhYWM3MmYzODI4NjI3OWIyOWQxOGI3YTU1ZmE3MTRhNGU1YTQ1MmJiNGM4MzA2MWJkNzQ0ZjE2MjA0In0%3D; caixa-misteriosa9_cart=eyJpdiI6IjNsNmxGRWNGNVNSY1wvZGJBQWtsOTh3PT0iLCJ2YWx1ZSI6InZiZVQ5Z1Z6U2x2N3grd3lFVkRPQmN4MkF4NEZTamVTM2xmWjBaWEhzWDY1WDNoMzVGQXY4WWdQUHR5Y3MwQTh5RlB2bTBOQzJiZ1NseXkwRk84amZ3PT0iLCJtYWMiOiIyNzZlMTc5MzNjMzM1YWViZWNkZmNkOGFlNmE5ZmVmODc3MzE2MzFmM2I1MTNhMDBkMGE3ZTJlZDE0NjVjY2ZiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         170.82.173.30
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Mon, 26 Sep 2022 19:51:25 GMT
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6Im1wSE9sYXJxMVBaRTkwbHg0UlhpSXc9PSIsInZhbHVlIjoiSkhhSnhJcVIxaWhXXC9PYjRtdmlvSlFCM01NM2R6eU5MWHJxQkpLNVpZVElaTTNMRG9jT2J1WWFvVW1FRnVoNzQ3QzBaRkJtaExBZVp3dThzMUJxaXZ3PT0iLCJtYWMiOiIwZmY5MDM3ZjM5OTcwMzcyNzg1NTkxZDE3NTUyMTc3NGI3OTQ5YTlmZmE5Y2M5NzVhM2U3MjRkODYwZmJiNjg1In0%3D; expires=Mon, 26-Sep-2022 22:51:25 GMT; Max-Age=10800; path=/ bubbstore_checkout=eyJpdiI6IldQTHZRNXh1VUVKWE1uRUpUeXVpQVE9PSIsInZhbHVlIjoiU01mWnliM3dVangxbDl2WGxZaVQzUzhBWHZGM1JGVHdCR2plaTBWTjZSYVY3QlgzNWlPSTNtN0pmODVHZlpcL0xRUldXaU9LK2pEMldkSklKcHd0MEJRPT0iLCJtYWMiOiIxODJhZjM1MDUxYjVmYmI4OGQ5YmExNmQxOTFjMzNlNTc4NWVjZWZkMmE2NWViZmVhNTYxMjY2Zjc3ZDc4MjdjIn0%3D; expires=Mon, 26-Sep-2022 22:51:25 GMT; Max-Age=10800; path=/; httponly
x-newrelic-app-data: PxQFWFVWCgcJR1hQAQgPU1UCBxFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86THlDQDg9KkNFRzo4clldFhQMDlwHShFkZGRTVABKIl4PRxALWlsEFCNMQVEHCgtZVhVKVB8GA1JWU04ATApQCQgDHh5UFUMJAwJQXQMCA1BQCgZTXVNUFR1RBwhCU24=
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1106
Md5:    ffc99f36dabac4133f40755c99167916
Sha1:   eec166d43947a34d196cb49089f4d39bf7364b36
Sha256: 720dcdaa50eb2de9d2ba1bc5b9a8b7f85b14a73a68c6f765e617edcf1019298d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /e/t HTTP/1.1 
Host: seguro.caixamisteriosa.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: Vg8EVFRXARAJVldbDwQGVVU=
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MzUyNDkiLCJhcCI6IjExMzQxNzA4MjMiLCJpZCI6IjFlMThiN2VkMmNlYzI1ZjciLCJ0ciI6ImI4MGY2NGQ1NDNhMDUwMGM4ODQwM2RhZmEwY2VkMTFlIiwidGkiOjE2NjQyMjE4ODMyNDd9fQ==
traceparent: 00-b80f64d543a0500c88403dafa0ced11e-1e18b7ed2cec25f7-01
tracestate: 2935249@nr=0-1-2935249-1134170823-1e18b7ed2cec25f7----1664221883247
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 368
Origin: https://seguro.caixamisteriosa.net
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/checkout/address
Cookie: XSRF-TOKEN=eyJpdiI6ImM0ckdLb1dUcGJ0UHBFUDZuamdZK0E9PSIsInZhbHVlIjoiWHZYTFBnazgzYXZVSFI4T25JT3V2RjFKVTMwbFExOVcwTFFvSE02aDRUUXZIU3A5ZllzMEpOMkkzcllpMXQ2YjJTQm1pclVFZk1ZeVdoa3JNTG5vMlE9PSIsIm1hYyI6ImIxMTcxMmUxZTliNjUzOGFmMjRmYTQzODQzOGU3NDU4OWFmMzZhMGE1NzJkZTI2YjI4NTM4NjIxMTU5NzIzMTcifQ%3D%3D; bubbstore_checkout=eyJpdiI6IjdxSFhXUjRjTk5qU2xjMTc3NDFkMkE9PSIsInZhbHVlIjoiUWN4NHN0SnFJdHE5YlZxMndMdUhyZldvTWRsN3pyZmNsdFFTVFJjTmZReVRIcXd3aEhUS2FPYUNSbmppKzVIQktRUko2SG5JQ29oN0x2XC92d1JEY0JnPT0iLCJtYWMiOiI4NDg4ZmNhYWM3MmYzODI4NjI3OWIyOWQxOGI3YTU1ZmE3MTRhNGU1YTQ1MmJiNGM4MzA2MWJkNzQ0ZjE2MjA0In0%3D; caixa-misteriosa9_cart=eyJpdiI6IjNsNmxGRWNGNVNSY1wvZGJBQWtsOTh3PT0iLCJ2YWx1ZSI6InZiZVQ5Z1Z6U2x2N3grd3lFVkRPQmN4MkF4NEZTamVTM2xmWjBaWEhzWDY1WDNoMzVGQXY4WWdQUHR5Y3MwQTh5RlB2bTBOQzJiZ1NseXkwRk84amZ3PT0iLCJtYWMiOiIyNzZlMTc5MzNjMzM1YWViZWNkZmNkOGFlNmE5ZmVmODc3MzE2MzFmM2I1MTNhMDBkMGE3ZTJlZDE0NjVjY2ZiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         170.82.173.30
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Mon, 26 Sep 2022 19:51:25 GMT
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6ImliS296aW55R2RpWWRodnBNQUpMbUE9PSIsInZhbHVlIjoidDBmUHpNckJPYVE1dFFadGwxd24yZnZnOHFndmxsSWg4dDZjWTl3MWJQZjFjaVZqXC9XZlRnTFBQTlduQWdcL09oUGZ3ZWdRaHBDTnZxdEc5WjB3MjVJUT09IiwibWFjIjoiMzhlNDNhMzIwZWExNmIwMTk0MTA2YzI4MWU5ZjM0YmQ0Zjg4N2FjYTRkYWEwY2FmMmZjMGYwY2Q5OGNhNDNkZiJ9; expires=Mon, 26-Sep-2022 22:51:25 GMT; Max-Age=10800; path=/ bubbstore_checkout=eyJpdiI6ImxWcUFTM1o2d3NHazhuWlVCUUlwRHc9PSIsInZhbHVlIjoiZnprOGM5dlBXMlZ4Z3MwaXplejlSSFZrZCtBcU5OdjgxNEl4VWl0ZVc5Yk9FRXFESjZmdFcxT3BHbGtuUUhBVkRzXC9qT3VSamFPYkNLaXZNMmdzMG9nPT0iLCJtYWMiOiIzZmEwMTNlNTZmNTNiOTUwMTk1YWJkNTljZWRlYTMyNmQ3ZmYxMTA2MDViZTk1M2IyYjMyNDhiNDQxNGUxYzI4In0%3D; expires=Mon, 26-Sep-2022 22:51:25 GMT; Max-Age=10800; path=/; httponly
x-newrelic-app-data: PxQFWFVWCgcJR1hQAQgPU1UCBxFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86THlDQDg9KkNFRzo4clldFhQMDlwHShFkZGRTVABKIl4PRxALWlsEFCNMQVEHCgtZVhVKVB8GA1JWU04ATApUDg8FHh5UFUMFAAJSAFJUU1QAAQYDUFFTFR1RBwhCU24=
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (826)
Size:   158268
Md5:    8f79c00e424b3b5c4f622584b12a987a
Sha1:   f4947c3c2d8da2ab679d5776fc5011e779c06db4
Sha256: 9d159dd6b499d05e4fdd93e3910369262890fc3b66a3683d53c25daf735c00f0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 19:51:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Mon, 26 Sep 2022 18:41:09 GMT
expires: Mon, 26 Sep 2022 20:41:09 GMT
cache-control: public, max-age=7200
age: 4217
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            GET /cart/recomm HTTP/1.1 
Host: seguro.caixamisteriosa.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: Vg8EVFRXARAJVldbDwQGVVU=
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MzUyNDkiLCJhcCI6IjExMzQxNzA4MjMiLCJpZCI6IjEzNzNjNjk1MTNmZjhjNjEiLCJ0ciI6IjFkMmRkNzQ3MmU3YmZiNTFjMWRkMTNhOTAzYWJlN2EzIiwidGkiOjE2NjQyMjE4ODMyMzd9fQ==
traceparent: 00-1d2dd7472e7bfb51c1dd13a903abe7a3-1373c69513ff8c61-01
tracestate: 2935249@nr=0-1-2935249-1134170823-1373c69513ff8c61----1664221883237
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/checkout/address
Cookie: XSRF-TOKEN=eyJpdiI6ImM0ckdLb1dUcGJ0UHBFUDZuamdZK0E9PSIsInZhbHVlIjoiWHZYTFBnazgzYXZVSFI4T25JT3V2RjFKVTMwbFExOVcwTFFvSE02aDRUUXZIU3A5ZllzMEpOMkkzcllpMXQ2YjJTQm1pclVFZk1ZeVdoa3JNTG5vMlE9PSIsIm1hYyI6ImIxMTcxMmUxZTliNjUzOGFmMjRmYTQzODQzOGU3NDU4OWFmMzZhMGE1NzJkZTI2YjI4NTM4NjIxMTU5NzIzMTcifQ%3D%3D; bubbstore_checkout=eyJpdiI6IjdxSFhXUjRjTk5qU2xjMTc3NDFkMkE9PSIsInZhbHVlIjoiUWN4NHN0SnFJdHE5YlZxMndMdUhyZldvTWRsN3pyZmNsdFFTVFJjTmZReVRIcXd3aEhUS2FPYUNSbmppKzVIQktRUko2SG5JQ29oN0x2XC92d1JEY0JnPT0iLCJtYWMiOiI4NDg4ZmNhYWM3MmYzODI4NjI3OWIyOWQxOGI3YTU1ZmE3MTRhNGU1YTQ1MmJiNGM4MzA2MWJkNzQ0ZjE2MjA0In0%3D; caixa-misteriosa9_cart=eyJpdiI6IjNsNmxGRWNGNVNSY1wvZGJBQWtsOTh3PT0iLCJ2YWx1ZSI6InZiZVQ5Z1Z6U2x2N3grd3lFVkRPQmN4MkF4NEZTamVTM2xmWjBaWEhzWDY1WDNoMzVGQXY4WWdQUHR5Y3MwQTh5RlB2bTBOQzJiZ1NseXkwRk84amZ3PT0iLCJtYWMiOiIyNzZlMTc5MzNjMzM1YWViZWNkZmNkOGFlNmE5ZmVmODc3MzE2MzFmM2I1MTNhMDBkMGE3ZTJlZDE0NjVjY2ZiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         170.82.173.30
HTTP/2 200 OK
content-type: application/json
                                        
date: Mon, 26 Sep 2022 19:51:25 GMT
x-protected-by: Sqreen
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6IkhHa1pqRzhwcXAxWTlyYXpKZkI3MUE9PSIsInZhbHVlIjoiMGsrTDAxYUZBWVNZamc2bmg4Tk9LU1p5SUlcL05FSGhCdkNDQXJmbG5ZQmNqTFlUVHNsSFU1azUrVkErakl5R3BzZ0NUOGt3dEhTakZlaHd4dFJEclVnPT0iLCJtYWMiOiI1MDFhYzAzY2Q0MDBkN2VlZmMyYTAzOGFmMmY4Zjk0MDU5NDk3OGY4YjFmNWEzY2Q1YjA1MDQ0ODhhYmMzYTcwIn0%3D; expires=Mon, 26-Sep-2022 22:51:25 GMT; Max-Age=10800; path=/ bubbstore_checkout=eyJpdiI6IjIxRmd6bVRMRU0wclpCVmpKQ2JrRVE9PSIsInZhbHVlIjoiYkNwakJQcU1nN3VrSmhxT1FxcUtUaTdcL1oyTWFxMW1jV3VmMHp6cEJRXC85QTVacUQ4cmt3QzRGd2IzZ3l5bUs4VitSZkVNRUo5ZjlyTTI1cHFtSGpkUT09IiwibWFjIjoiNDZhNTk5NjRkNTljY2NiMDIxZTUzMjA2MzhmM2M0MGFlZTY5NjA4NGE2MTJmY2FmMTM0NjI3NjEzYTJjOTM5OCJ9; expires=Mon, 26-Sep-2022 22:51:25 GMT; Max-Age=10800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63730)
Size:   27177
Md5:    39198463b1bc6e960ebd4f5d4170b735
Sha1:   0d698455e5a9b7b3a927b5dc67f3eb3be3b56b53
Sha256: 5385f1f9384befaac1344631ebb2e4c184775a7e4c0d0951b52c57d7fc101af3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fa/4.7.0/fa.css HTTP/1.1 
Host: fonts.dooki.com.br
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.0.53
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 26 Sep 2022 19:51:24 GMT
x-amz-id-2: gGNPVnAVZsqONOCg389UDgsIhA1ObjBdpsJMkqSZGddyTo93S8XPm4wvAm36dYfVkX+Cf24ZYFI=
x-amz-request-id: G8BNNJCT1K1R1RT8
last-modified: Sat, 10 Nov 2018 14:21:37 GMT
x-amz-version-id: null
etag: W/"36688de682a76454417c56541b1cf51e"
cf-cache-status: REVALIDATED
expires: Tue, 04 Oct 2022 19:51:24 GMT
cache-control: public, max-age=691200
vary: Accept-Encoding
server: cloudflare
cf-ray: 750e88b65ee70b02-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   7358
Md5:    3f955b661f361e6bf0b9b1e8d77ade01
Sha1:   bb46ee9b320c70181bbd2d9e89c7742e746fd410
Sha256: 108540864b2f81e02cb26e6ef0b416c61c9959855cf589ef768635d7fffc29cd
                                        
                                            GET /plugins/ua/ecommerce.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 738
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 19:49:49 GMT
expires: Mon, 26 Sep 2022 20:49:49 GMT
cache-control: public, max-age=3600
age: 97
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (745)
Size:   738
Md5:    f804aa0b574b678d24df5281ed71a61d
Sha1:   2fc02211b273e1ab4d362df05d592f2d822c2add
Sha256: 1d2d8c7f3502f4459478fe8c7495a27464d6f178b1d564333a107d310c0ea74d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 19:51:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?v=1&_v=j97&a=942951278&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Caixa%20Misteriosa&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEDAAAATAAAAAC~&jid=261755421&gjid=11246930&cid=383897080.1664221884&tid=UA-45745009-5&_gid=659242031.1664221884&_r=1&_slc=1&z=1143359758 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://seguro.caixamisteriosa.net
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://seguro.caixamisteriosa.net
date: Mon, 26 Sep 2022 19:51:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4
Md5:    9e92e190700c1af4539b40c2171320a9
Sha1:   209bcdb79e6067b51091ce8586d4b977f25b67d8
Sha256: aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 19:51:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-45745009-5&cid=383897080.1664221884&jid=261755421&gjid=11246930&_gid=659242031.1664221884&_u=IEDAAAASAAAAAC~&z=1669827336 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://seguro.caixamisteriosa.net
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         64.233.162.154
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://seguro.caixamisteriosa.net
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 26 Sep 2022 19:51:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 26 Sep 2022 19:51:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   86301
Md5:    2cac8d395f208f2806eff2d89f500513
Sha1:   77df07e55873860093b76d1d080387a2a81e809d
Sha256: b8a31ea2c3444105d28b06276ef475095b2da4ffb0e2c7c72ed5b89c360e6d30
                                        
                                            GET /tr/?id=509010521227757&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886031&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=InitiateCheckout_bp12m1utk&tm=1&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   600816
Md5:    ceac83863368a4bbe46c48ea9cdb2af0
Sha1:   40dad6ddb0cf8896e67b6e6195ac1ba7767724ca
Sha256: 76c1485511401caac786e755ae1d77e682834955559c5851990fe80ec569a050
                                        
                                            GET /tr/?id=489039889334002&ev=PageView&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886008&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=PageView_qz1k6cmgk&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /checkout/build/mix/assets/css/app.css?id=c1cb1b608993e42920393f83d30bc32b HTTP/1.1 
Host: awesome-assets.yampi.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.26.2.88
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 26 Sep 2022 19:51:24 GMT
x-amz-id-2: OyOibZMfkkwB05gPZjuAsZeVUSb0Qjq+xaaRsKOG1t3dnzjziub4AwhX7Cp9nuLlFVGUfHwL6zY=
x-amz-request-id: CY4EYD17YF0TDT82
last-modified: Mon, 26 Sep 2022 19:44:15 GMT
x-amz-version-id: sk8GhqbtozvgmZdvBhWo.6c8nigPYGNS
etag: W/"c1cb1b608993e42920393f83d30bc32b"
cache-control: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wcfxXh8GnDPYF0tfygHcEnN76dgcNNaNkLw5SEUZELXXnVZlgQ7chirL0jaG%2Fr%2F5pw4RSt5Ztl3cMNNU2RbXzbL%2F%2BCmr9mtA2dDmS%2FOg2cSyZMD5NJs0MrYb0aixoJeSU9yVlAn84Y83"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750e88b4aefc0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size:   25858
Md5:    4a7229fe1ed2739986e3868928871d7b
Sha1:   a48b840ec9f4ae47587694a0a5af6efe72d9b0d9
Sha256: 371f1cf20601dfbe7a201d1c7d3e30cf0a7756922e70ee40482a631161798022
                                        
                                            GET /tr/?id=854129329078418&ev=PageView&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886012&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=PageView_qz1k6cmgk&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=450523277098060&ev=PageView&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886014&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=PageView_qz1k6cmgk&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=509010521227757&ev=PageView&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886017&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=PageView_qz1k6cmgk&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=932933074347132&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886019&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=InitiateCheckout_gqevr79m7&tm=1&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=670591011315008&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886021&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=InitiateCheckout_u5yoih3pf&tm=1&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=442848451125334&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886023&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=InitiateCheckout_nxjoewicw&tm=1&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=662231824775398&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886025&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=InitiateCheckout_5zt8a8s2x&tm=1&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=451025270299675&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886026&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=InitiateCheckout_j3scqnmpt&tm=1&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=489039889334002&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886027&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=InitiateCheckout_gs5syaslg&tm=1&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=3344446025826434&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886029&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=InitiateCheckout_ynz0w5huh&tm=1&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=854129329078418&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886030&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=InitiateCheckout_a7g5veqae&tm=1&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=450523277098060&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886030&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=1&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=InitiateCheckout_s8ma6nfo9&tm=1&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=670591011315008&ev=PageView&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221885998&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=PageView_qz1k6cmgk&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=932933074347132&ev=PageView&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221885995&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=PageView_qz1k6cmgk&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=442848451125334&ev=PageView&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886000&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=PageView_qz1k6cmgk&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=662231824775398&ev=PageView&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886003&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=PageView_qz1k6cmgk&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr/?id=451025270299675&ev=PageView&dl=https%3A%2F%2Fseguro.caixamisteriosa.net%2Fcheckout%2Faddress&rl=&if=false&ts=1664221886006&cd[content_ids]=%5B%2263824932%22%5D&cd[content_type]=product_group&cd[value]=89.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=29&fbp=fb.1.1664221885994.1741663200&it=1664221884208&coo=false&eid=PageView_qz1k6cmgk&rqm=GET HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 26 Sep 2022 19:51:28 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /nr-spa-1216.min.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 26 Sep 2022 19:51:28 GMT
via: 1.1 varnish
x-served-by: cache-bma1651-BMA
x-cache: HIT
x-cache-hits: 163
x-timer: S1664221888.140531,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32010)
Size:   18216
Md5:    6561a2403142205f966207d61576f1a6
Sha1:   1310e72f494e12ab63a4280fc1600a2c89dc9bb8
Sha256: 0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3637
Cache-Control: 'max-age=158059'
Date: Mon, 26 Sep 2022 19:51:28 GMT
Last-Modified: Mon, 26 Sep 2022 18:50:51 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=8283&ck=1&ref=https://seguro.caixamisteriosa.net/checkout/address&ap=157&be=3615&fe=8186&dc=5222&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664221878007,%22n%22:0,%22f%22:2532,%22dn%22:2532,%22dne%22:2532,%22c%22:2532,%22s%22:2532,%22ce%22:2532,%22rq%22:2539,%22rp%22:3592,%22rpe%22:3592,%22dl%22:3598,%22di%22:5220,%22ds%22:5221,%22de%22:5275,%22dc%22:8184,%22l%22:8184,%22le%22:8187%7D,%22navigation%22:%7B%7D%7D&fcp=4993&at=GhMHFwpIHx8%3D&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Mon, 26 Sep 2022 19:51:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 750e88d16b7cb51d-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=809748923fde4afe; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   77
Md5:    f1442f5831dbbe0210da2d7a4180d6b8
Sha1:   2ade23c6c7a001c66f0c0a9a101ec152747b434e
Sha256: c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
                                        
                                            POST /events/1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=8508&ck=1&ref=https://seguro.caixamisteriosa.net/checkout/address HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 696
Origin: https://seguro.caixamisteriosa.net
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Mon, 26 Sep 2022 19:51:28 GMT
Content-Length: 24
Connection: keep-alive
CF-Ray: 750e88d29d6eb51d-OSL
Access-Control-Allow-Origin: https://seguro.caixamisteriosa.net
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   24
Md5:    bc32ed98d624acb4008f986349a20d26
Sha1:   2d3df8c11d2168ce2c27e0937421d11d85016361
Sha256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
                                        
                                            GET /ana/ana.min.js?t=1664236800000 HTTP/1.1 
Host: cdn.yampi.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.15.227
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 26 Sep 2022 19:51:25 GMT
x-amz-id-2: Sd7u1q+qDRaq+/Eboy+v4eGkXe+/WylED1kT3JdocwY+Rkl5Hv0u/odlD2PbTGZD7pKNtpz7QhU=
x-amz-request-id: HRQV0TQXM842VWCM
last-modified: Sun, 26 Jun 2022 23:28:17 GMT
x-amz-version-id: QVByH4DoJS5uOcK0PZ6NhcCV1oJEdR5U
etag: W/"e7cabc20ce5d56c20d8c4577a36e2525"
cf-cache-status: HIT
expires: Tue, 26 Sep 2023 19:51:25 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 750e88bc3d37b4f7-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css2?family=Rubik:wght@400;500;700&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 26 Sep 2022 19:51:23 GMT
date: Mon, 26 Sep 2022 19:51:23 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /checkout/payment?cart_token=d2455aea-3cf4-11ed-bc08-027165b02942-63308b4b8da07&utm_source=SMS&utm_campaign=Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=14c89e1a1a92eb05e5677a66dbd966c536060fae&customerToken=812a5160-3cf4-11ed-89ff-dfc4a1f20300 HTTP/1.1 
Host: seguro.caixamisteriosa.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im01TW5QZ3BLYmlHVlJzSEh5OXVtOHc9PSIsInZhbHVlIjoiWVJ3N1NPcFFLYjMzNHZvMEdYU3pUQzZYQm9yU2RqdldXZ0ZpUVlTQlordk1yQ2puTGRIVVdtQnRXVTlEYzNYbHhXRkd2YTJ1b29oNmdJa2hOMHZoZ3c9PSIsIm1hYyI6IjMxNjZhMTgyMjBmMDYwZmQxNTQzMjNkOGNhOWQ0MWFkNjMyZTRiM2U3NzU3YTZiMmM1OWQxY2YwYTZiNGY4YzQifQ%3D%3D; bubbstore_checkout=eyJpdiI6IjJRaWZ1XC9DWVB2MGFsSjB6aGluNU9nPT0iLCJ2YWx1ZSI6Ik1HUGJFY1ppamM5aUVnR29xZjY5eU9vbVBpRzE3RTZrbEVGOVBHa2xTejBLTURvenFXYjh2MUVTd0Z2T0JYTGJnTFhLUjByV2ExM0tQb1VuMFVTY1JRPT0iLCJtYWMiOiJjYTI3NmNmZjNlMjEyMTE2MDE4MTUyZjY1MTAzNzRhNjViMDc5MmQyZDFhZjYyMTMyYzk1MTAzODg1ZWNiOWRmIn0%3D; caixa-misteriosa9_cart=eyJpdiI6IjNsNmxGRWNGNVNSY1wvZGJBQWtsOTh3PT0iLCJ2YWx1ZSI6InZiZVQ5Z1Z6U2x2N3grd3lFVkRPQmN4MkF4NEZTamVTM2xmWjBaWEhzWDY1WDNoMzVGQXY4WWdQUHR5Y3MwQTh5RlB2bTBOQzJiZ1NseXkwRk84amZ3PT0iLCJtYWMiOiIyNzZlMTc5MzNjMzM1YWViZWNkZmNkOGFlNmE5ZmVmODc3MzE2MzFmM2I1MTNhMDBkMGE3ZTJlZDE0NjVjY2ZiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

                                         
                                         170.82.173.30
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Mon, 26 Sep 2022 19:51:22 GMT
location: https://seguro.caixamisteriosa.net/checkout/address
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6Inc4dlhrcWYxTEcrK2E2dkk4VURcL0dBPT0iLCJ2YWx1ZSI6IktkUVA3UVZ5dElJNWRHQWNQSU5mTVFBNmpKXC9QNWlyUExtVVIzc3J5ZmFjQTR0RURTSWR2ajVhWXNKVWhOVXYxQ0crYitpN1hhXC9mS0hFU3hrblwvQjZnPT0iLCJtYWMiOiJmNDQ5MmQ3NTU0MDE4MWJlZTEyYTk2NWM3NWJiNGZjZTQyM2ViNzQyNmRhYzc3ODMxYmY4NDI5YjY3ZWMxMDlmIn0%3D; expires=Mon, 26-Sep-2022 22:51:22 GMT; Max-Age=10800; path=/ bubbstore_checkout=eyJpdiI6ImZTU3c3SU1PcWZ6RmlKQzNSdE4yUFE9PSIsInZhbHVlIjoiQ0QwTWw1NzA3ZUZKaFFCSzdIQXVrR1NuYTVScFVIanhsMjlCdWNlTkZZWTNwOHlHb0trVVJUNUtEQ2FURFVac1F5TnFmdWI0ZjRoeUlxODRXN1wvR1BBPT0iLCJtYWMiOiI5ODA5ZTNhMjRkN2RhZDQ5NjYxYTg3MjI5MDEzNzY2NDJhNmFjNzExMDJiMTgzZmVmYTVmOTllYzA2NTE3Y2M4In0%3D; expires=Mon, 26-Sep-2022 22:51:22 GMT; Max-Age=10800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /jquery/jquery.js HTTP/1.1 
Host: cdn.yampi.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.26.2.88
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 26 Sep 2022 19:51:23 GMT
x-amz-id-2: 7gxTttBd/kCkn0bd/hyRfHdpqJ9gzq8f1yoBkZ3x5D4QwamXpqfrXGunCOTo8cwqgRppri0a9Bk=
x-amz-request-id: 98FT7W7KHGHEXVPW
last-modified: Tue, 24 Sep 2019 11:23:34 GMT
x-amz-version-id: 6XhfNvj9UGB1eWzPJf8PFJnclFrAQqDF
etag: W/"9f7c65c84c8e8c3e317945e8fd89899b"
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IPURQ9iwVE4idsjNV0XdfGIkPGokx%2F3pVjQWzzGeiI%2FNoSSpJ8%2Ftn7wWhW93mIZjfu5PvmtvSkAW1UBRGa5vh2af5%2FFL71yJQaQqZy5ZH2CRjrvo2WjkhXN90iWYlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750e88b4bf160b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /checkout/build/mix/assets/js/app.js?id=9b6bc316d16463b544cdc0e695ce9d7c HTTP/1.1 
Host: awesome-assets.yampi.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.caixamisteriosa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.26.2.88
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 26 Sep 2022 19:51:25 GMT
x-amz-id-2: kiKMcAr44hCS/h/HVY248HvVsZ8c++jxSbplSUA+eauwmt5HsWg8UBb9Ul0Y6kT3rAvxJVfXLU0=
x-amz-request-id: CY4BWHFC5C676757
last-modified: Mon, 26 Sep 2022 19:44:15 GMT
x-amz-version-id: dI9F0vCOZifuvcVSKZO43mZnYXF0Vwno
etag: W/"20baf997b7e31a089f0a9544550cf45a"
cache-control: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2Bg0oKpm%2BsPdbIsllcGDt0%2FAB7y1blVavfcJRU6lOdkClocLX7rx1L%2FEvoVVpMkDolBSHfK9w4G%2FnyI%2B11kmWL8PbwqUiZOPJ4D1w0qIK0bJ1x5ZvJOqlHNCrIuJ0%2F6uSAE8bElHggXf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750e88b4bf0e0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---