firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 16 Sep 2022 04:10:45 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: K_zcTcWlZwrjWu8gT62-kL9L1AAxHy3WwqLRtNsAgxc6fLQz1-I28Q==
Age: 2674
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 96daaf84cd2c07756756caf7a2724a29
d24d47c68eec98d44bf341dab9d893df97103e1a
fef9ce9f75ec19e7ae2ccbffb6654db2473a2b4acc94c1b4303e5ec24149465f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEF9CE9F75EC19E7AE2CCBFFB6654DB2473A2B4ACC94C1B4303E5EC24149465F"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13275
Expires: Fri, 16 Sep 2022 08:36:34 GMT
Date: Fri, 16 Sep 2022 04:55:19 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 16 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qMf2qTf-88I2DGB8CkjgxsEs8qVJUTZoVCsZJBp_2RTw1ZBAMV2zLg==
age: 1204
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 16 Sep 2022 04:55:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 16 Sep 2022 04:03:22 GMT
Cache-Control: max-age=3600
Expires: Fri, 16 Sep 2022 04:14:12 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: K_oxx9cb7MkCISkqDEu0dRt8JcNz213mtbnAKZteTEqVosZ4c-Ucfg==
Age: 3117
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d597af1ab2f21a983bf0f0d105b94209
9d5dd938777abde094c89066b539141a02106b88
a614eb7f969544c8040642be7c852625341e2441e757d063d2af1ff465c8c3f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5240
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:19 GMT
Last-Modified: Fri, 16 Sep 2022 03:27:59 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
seguro.cosmeticosprime.com/cart?cart_token=shopify-2a71897faefe5a6970f491ed2f764860&utm_source=google&utm_campaign=SMS%20Carrinho%20Abandonado%201&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=519d21a0-3566-11ed-8098-e3c7caae0cba
170.82.174.30301 Moved Permanently 134 B URL HTTP/1.1 seguro.cosmeticosprime.com/cart?cart_token=shopify-2a71897faefe5a6970f491ed2f764860&utm_source=google&utm_campaign=SMS%20Carrinho%20Abandonado%201&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=519d21a0-3566-11ed-8098-e3c7caae0cba
IP 170.82.174.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /cart?cart_token=shopify-2a71897faefe5a6970f491ed2f764860&utm_source=google&utm_campaign=SMS%20Carrinho%20Abandonado%201&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=519d21a0-3566-11ed-8098-e3c7caae0cba HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 16 Sep 2022 04:55:19 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://seguro.cosmeticosprime.com:443/cart?cart_token=shopify-2a71897faefe5a6970f491ed2f764860&utm_source=google&utm_campaign=SMS%20Carrinho%20Abandonado%201&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=519d21a0-3566-11ed-8098-e3c7caae0cba
X-GoCache-CacheStatus: BYPASS
Server: gocache
push.services.mozilla.com/
52.38.146.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.146.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eb+jHNpSXWTGFFGvlV0EmQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1o27z+0lnXgGyU0HHqx7JGb4c1k=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c7b14eb19d19a0fd09d4a9e1b8d971bf
322e90ba7e288b946637939bb1fa85e05071643c
20b52963291d83846cc54dbe87586d7925b7b1dae575c7bf74ebeff54a4e4e2f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "20B52963291D83846CC54DBE87586D7925B7B1DAE575C7BF74EBEFF54A4E4E2F"
Last-Modified: Wed, 14 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21531
Expires: Fri, 16 Sep 2022 10:54:11 GMT
Date: Fri, 16 Sep 2022 04:55:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16605
Expires: Fri, 16 Sep 2022 09:32:06 GMT
Date: Fri, 16 Sep 2022 04:55:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16605
Expires: Fri, 16 Sep 2022 09:32:06 GMT
Date: Fri, 16 Sep 2022 04:55:21 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8e3eca0d-da18-4b3c-8625-afa9f187d0e3.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8e3eca0d-da18-4b3c-8625-afa9f187d0e3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8bedb04287b8f09d30fed0ae386b9bcc
2b8a6de0faac5c1a99b48c28da9c05f520ef6add
cec3955f3330184ace4388b7c00262b52c9ca43e9ece6fb8f2fdec2ee9e53a9e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8e3eca0d-da18-4b3c-8625-afa9f187d0e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4955
x-amzn-requestid: e7c21397-14e0-42fd-86f3-3f1e6940da8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhU0zG1uIAMF_mA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b51-386abef75b6435a0656e86cd;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:38:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: w0izptVhe4GTDP0l4M18uTvK6vQeKiiaGSZ5UfZATWGIyjL5C8sURQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:55:30 GMT
etag: "2b8a6de0faac5c1a99b48c28da9c05f520ef6add"
content-type: image/jpeg
age: 25191
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ac817a0-279c-44ad-92b0-a799997b91ed.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ac817a0-279c-44ad-92b0-a799997b91ed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 918f9961aa6acc47b01feb731750d208
2029669d941625cb78a23b52cd6511af111c8591
1f8cfc977ecea3b3dba2992fd4e310f8d426be1316c467f516e5ed2332ecaf96
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ac817a0-279c-44ad-92b0-a799997b91ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8843
x-amzn-requestid: 055dc4af-96bb-48af-823a-56e606701c01
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVAlFseoAMFurw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b9d-67ba7aaf2b588234573e1c9c;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:39:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: WkdIyxNFlhmlhe5c3iNkCNWQmRrMrfKqD4pYMe5J7iYzUgo0XorwAg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:53:59 GMT
age: 25282
etag: "2029669d941625cb78a23b52cd6511af111c8591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd0c996-9a44-4dd0-b1b3-c5e213f14167.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd0c996-9a44-4dd0-b1b3-c5e213f14167.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 252e27665094eccd2f18dfed46d4e871
2656d1e3e105c1929b18ebf9b00bd603f2f410a6
ccd05f3e869946687ec611ee0d6c5a118a99f73abb1957c556e346ed522d3088
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febd0c996-9a44-4dd0-b1b3-c5e213f14167.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10296
x-amzn-requestid: f3bb82cc-9d5d-4dea-8a22-26b35fe603e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbIRLHBUIAMF7hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632120d4-64832ad820f6aeaf7868495d;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 00:31:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nZIGf23GLhOvGdsNG2xCOca_Eo8QPU3D1EtJlGiRg3iaxCFlQMG1Qw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:50:47 GMT
age: 25474
etag: "2656d1e3e105c1929b18ebf9b00bd603f2f410a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdbd68450-8c97-4e9a-a798-8484ec30f381.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdbd68450-8c97-4e9a-a798-8484ec30f381.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e4f3e6b013d785036c9b9c16aef3404f
28bf10400e47ad48eee5db04829b88340e021840
98596627e914528b177b8a3d2be8766bdf210c62415961ab99afefa465440819
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdbd68450-8c97-4e9a-a798-8484ec30f381.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8854
x-amzn-requestid: ae78dca7-cd78-40ad-8ef3-5b287d99b0e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO1suGFuoAMFptg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3651-12f3fedb07f856af06e8b1e5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:01:37 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: h1Q93ahPFyzjb40UxQcoDZPKkpLtrkcj1vE_mB4AW2Gn9CAibFnd6A==
via: 1.1 1f6e68152880a39d72e6bf2996cd6a60.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 22:03:47 GMT
age: 24694
etag: "28bf10400e47ad48eee5db04829b88340e021840"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e55a42-9f36-46db-9415-ab10753c0fb8.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e55a42-9f36-46db-9415-ab10753c0fb8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3a4ed510756efe784c4ca84c61c4b5ba
10262867cfb19d3ba8f618e235d1a98531048f34
b5ba0de5ce381579e49e3e3c23244048fc8aac693ce0c977560f28b9a51f6a0b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7e55a42-9f36-46db-9415-ab10753c0fb8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10163
x-amzn-requestid: 7c849e5d-468e-4f6a-ad44-c7995bfa81bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvuGFU5oAMF_Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202cc0-5376d2432c79a3146b6c29f4;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:09:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: XGVoNQZeoG0AQ6LabPW2Zg7pAQqdl-bGTFAhbNpLlgTWNWx55-wEUQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:45:14 GMT
age: 25807
etag: "10262867cfb19d3ba8f618e235d1a98531048f34"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7d4ee58e0f26ec6817dbab72aa7db6d
b6e634ef27eba9da38c6472565e0fdca6898e4f0
07db05a6ee70a699164ad55da47bfca58e6639956e256d902cbe0388cd7995c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8435
x-amzn-requestid: f6efd924-4f54-41a6-8771-087803b5b8ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhU0-EJaoAMFvtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b52-37c21ee857fe27d104b70337;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:38:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rgjwYJ-ZzVF3bv7pl1l8TN8EAoENIcaSAXJU_YhFOSNRCzrCuPuKbQ==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:44:10 GMT
age: 25871
etag: "b6e634ef27eba9da38c6472565e0fdca6898e4f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
awesome-assets.yampi.me/checkout/build/assets/css/app-f44a883bc0.css
104.26.2.88200 OK 134 kB URL HTTP/2 awesome-assets.yampi.me/checkout/build/assets/css/app-f44a883bc0.css
IP 104.26.2.88:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size 134 kB (133865 bytes)
Hash f44a883bc0053f8b6e3f2e277c57ba94
55b0c8ce27397adf2dde00dade512dd51e8a5227
4de73ff14ff621eb8699ce6f8d16011db1396da836d3f3c58b65fbcd7501365e
GET /checkout/build/assets/css/app-f44a883bc0.css HTTP/1.1
Host: awesome-assets.yampi.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 04:55:21 GMT
content-type: text/css
content-length: 133865
x-amz-id-2: iiKNJustH0CCZ5a6QV3nu9l0w55abVTuIhW6aZmtaWl2lTiesdV7yPUBVUWMwku5f4z6B95amAI=
x-amz-request-id: R7XSAPF5QSPDGPJG
cache-control: public, max-age=315360000, no-transform
last-modified: Tue, 06 Sep 2022 18:09:42 GMT
x-amz-version-id: 5d8O9v6VyeU6klY2wk2zkN3NliDvHubb
etag: "f44a883bc0053f8b6e3f2e277c57ba94"
cf-cache-status: HIT
age: 813287
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ex4qchw8Go50TQlmX7SsgpNbZGVAHGHCWf7SWkUCxDisb%2FqcuKqYjoN13l2SAywexVi1gZETzeEHYel9MGNea2v2w6u5vN%2Fnon53oiETzwUVYwScSnCmN56Hm0ZZ74t9BP1RWgESUA9L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b7026a6c170b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 91dad4479f7dcb623266cf0dcfef5875
9fcf1f0e16c17a43021ab8fb01089d2d9c9f1d3a
0dc4f9c3ecdccb7e1b7a651c72ee63acc06482b362f060547534c3196e561412
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6LdxeuoUAAAAAP6iiKD6JZKojOflG8Z_w0Ebx6LC
142.250.74.164200 OK 586 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LdxeuoUAAAAAP6iiKD6JZKojOflG8Z_w0Ebx6LC
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash a1b65f28c7eacc3b617c600af7fb448f
cd557e727bc3703d75377c7ffe8911e227bf59e5
17228ad4b636d8e21fc91d5856252fb51bc6bd12aefc7f2656b674d9a716d77a
GET /recaptcha/api.js?render=6LdxeuoUAAAAAP6iiKD6JZKojOflG8Z_w0Ebx6LC HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 16 Sep 2022 04:55:22 GMT
date: Fri, 16 Sep 2022 04:55:22 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 586
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8ff1c0d8a380ce4a561609526d995bf5
135ecd7e71ea2823d39f8c1efcb2121618ed8167
f7228281af8d6de222aa47b3a78a627f85315244e65a8956fa2c0c7dff1bb7ad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e46e545fc2bf14cc287de0825ee46d6a
9cba1d2ad19e7c93b7fef0b5e6ab7031d966371a
bf22e123bec3b0e0a62a8a7b14bdc21a89a87b6e3ce8a6b409bcd99d588823b8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF22E123BEC3B0E0A62A8A7B14BDC21A89A87B6E3CE8A6B409BCD99D588823B8"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14115
Expires: Fri, 16 Sep 2022 08:50:37 GMT
Date: Fri, 16 Sep 2022 04:55:22 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1d4/pWyJAO6WNqQ
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/pWyJAO6WNqQ
IP 142.250.74.3:0
Hash 5744f07181f7da16f58545b2379e3f96
4a59c7ce23dd334d5030f343e2a81b5e4d7cf5e6
875938fe44f5bd269cab7375e3be1bbb2d9c19bc76bd50d09d5f370ff622389a
POST /s/gts1d4/pWyJAO6WNqQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:22 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
seguro.cosmeticosprime.com/checkout/address
170.82.173.30200 OK 44 kB URL HTTP/2 seguro.cosmeticosprime.com/checkout/address
IP 170.82.173.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (31151)
Hash 24fc42717b85fd4d0a80fbea07285cb6
b7f70397bfcc51fa01b55f55e674b1ccc8a708c6
a20524df59b372280d591d671254545005bdc7ff32fe3ab95bf9dcee0b126bf4
Analyzer Verdict Alert fortinet Phishing
GET /checkout/address HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjBJemRRdFZzUktFWkhPVjlObCtvWmc9PSIsInZhbHVlIjoiZzQxcDVMNWhuUEh5TXlnMzI1KzY4cWtiYmMxdk9LSWhORmlkTDl2eVRiS0ZNZVdIZDd5TWM0MGYyb2YxcUNuVzcxVlZvRWcyc1Bsdyt6OUp4VjY2blE9PSIsIm1hYyI6IjBmMzA0MDJkNzIwZmZkOTllY2Y5OGVmOWU1NDBjZjA0MmNjYjc2MTUzNTE3Y2M4YTU1NzBjYjY3MTdmNTkxMzUifQ%3D%3D; bubbstore_checkout=eyJpdiI6ImlaUU1UNHBnbkI0MzJQS0NMUjBqRGc9PSIsInZhbHVlIjoiY2tncDRwa3NVQmM3bXZOYlB4SzNBbUVDQXhxczA5QUNjWmJvbWU5bGlNRytrRzM1ZHZSelF3U3o5UmpnXC9ET1wvSHZwMzg1Z1JpUXhEcEZTa21aWUFzdz09IiwibWFjIjoiMjMyNWVlMTdiZjVmNWFlYmZhZDcxYmU4OGRiNGJmZWYyYmJhYzkxYWZhNGRlZjBjOWUwOGNhZWVmM2Q3ZDJmYiJ9; cosmeticos-prime_cart=eyJpdiI6Im1zbXZqa3JEQ2JETldVc1RnT1dzekE9PSIsInZhbHVlIjoiZU1JcmlSN1R4eVwvUWZkY2xOaE80eWJDU0pDNEVBVDJQQkQ4ajMzaXZ6VUdWTzNmcTZvdjhqSG9mYVBZMmJOTXdVSzhFb2RLY245THNzXC9kU1FPWVp3QT09IiwibWFjIjoiMjI4MTBmYmNhYjA2ZDlhMTljZGI1YzE2NDRiODFlZjc1ZTg0NjYxOWFlNGIzODA2MzhkMGY4NjEwNjVmYTc5NCJ9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 04:55:21 GMT
content-type: text/html; charset=UTF-8
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6Ild5amJEalwvbHN0QVwva0dIaEFHdHY3Zz09IiwidmFsdWUiOiJZbng0cGZvNDJpcjBEbnhSVHhydUVYeFVESERaaGRQa05EK1h3S1FpZWhVQ3VYcWpNUllPZUZNZk9ySWlkVzlwNnFzT1ZOcFp2a3RldDZYMFZudkExZz09IiwibWFjIjoiNjU3YzZmN2MxMzZkYjljMGIwNGYwNTNmZWI5NDQ1YjE0ZjM4NjcyMWNmMGZjMjhlYTA1YjBkZWFlMGYzYTAzOSJ9; expires=Fri, 16-Sep-2022 07:55:21 GMT; Max-Age=10800; path=/
bubbstore_checkout=eyJpdiI6IlwvWTVFY291S01QMUY0dlNvVTBSNDFnPT0iLCJ2YWx1ZSI6IkFhYVwvZEJWdWt4c3hvT3BCZWFTVjdENmZveGxCZG1PT1BEUzRJUng1ZU1MZ2FYd0ZYeXpTU2V0SnBvVnd3MzZnTWRDU2JPbTBhRTRLRUpEakZSK2M0Zz09IiwibWFjIjoiMGM1MDM4N2Q4MDlhNTIwNTI4ODkwMmZmYjU4NTM3MDU0Mzk1YmMxMWRmYjc4NGMwNGM1ZTVkN2ExZmM3NWRmNSJ9; expires=Fri, 16-Sep-2022 07:55:21 GMT; Max-Age=10800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/pWyJAO6WNqQ
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/pWyJAO6WNqQ
IP 142.250.74.3:0
Hash 5744f07181f7da16f58545b2379e3f96
4a59c7ce23dd334d5030f343e2a81b5e4d7cf5e6
875938fe44f5bd269cab7375e3be1bbb2d9c19bc76bd50d09d5f370ff622389a
POST /s/gts1d4/pWyJAO6WNqQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:22 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.yampi.io/ana/ana.min.js?t=1663372800000
104.18.15.227200 OK 3.3 kB URL HTTP/2 cdn.yampi.io/ana/ana.min.js?t=1663372800000
IP 104.18.15.227:0
Hash 41c7e1983fc0a6bac96dfe0c0deefb93
6f1834eb880df40fbdad02dffe4811090e8564f8
d3c4cb6e3946aa0a6e6b0ac6bb8e512db7265fd66b9633fab50593950a7a83bd
GET /ana/ana.min.js?t=1663372800000 HTTP/1.1
Host: cdn.yampi.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 04:55:22 GMT
content-type: application/javascript
x-amz-id-2: Z/WftKdxdmR+8RB5X2L+aGAJk8aX1BqdOt5b380Z7B9e5pkUERUK8W5GL8EpiIGQUHjnwCUUAVk=
x-amz-request-id: ZGYBCNSQ4E8ASTBB
last-modified: Sun, 26 Jun 2022 23:28:17 GMT
x-amz-version-id: QVByH4DoJS5uOcK0PZ6NhcCV1oJEdR5U
etag: W/"e7cabc20ce5d56c20d8c4577a36e2525"
cf-cache-status: HIT
age: 830
expires: Sat, 16 Sep 2023 04:55:22 GMT
cache-control: public, max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b7026c2eafb521-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7df27d4646e6e1cd358f0997ad604ea9
bf0c3feb55312e00ed8aa718458cc1e932903ac2
ba7ebd5b66156d280c46a2e492c5830f67e114711498b405b4e57ee1f45f4905
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.shopify.com/s/files/1/0664/1411/7113/products/sauvage-dior-eau-de-parfum-perfume-masculino-100ml-perfume-masculino-aquarela-cosmeticos-915216_250x250.jpg
104.16.255.71200 OK 4.2 kB URL HTTP/2 cdn.shopify.com/s/files/1/0664/1411/7113/products/sauvage-dior-eau-de-parfum-perfume-masculino-100ml-perfume-masculino-aquarela-cosmeticos-915216_250x250.jpg
IP 104.16.255.71:0
File type ISO Media, AVIF Image\012- data
Hash a15cfaa05e14579d7d5def4fd51a940d
658d38dedca2188a4a00ae039c615b8ffc1aa91c
6813d8331a36ed8fab9836ac4b694e5fe264da2e33c8713180d8b8674f688cac
GET /s/files/1/0664/1411/7113/products/sauvage-dior-eau-de-parfum-perfume-masculino-100ml-perfume-masculino-aquarela-cosmeticos-915216_250x250.jpg HTTP/1.1
Host: cdn.shopify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 04:55:22 GMT
content-type: image/avif
content-length: 4234
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31557600
link: <https://cdn.shopify.com/s/files/1/0664/1411/7113/products/sauvage-dior-eau-de-parfum-perfume-masculino-100ml-perfume-masculino-aquarela-cosmeticos-915216_250x250.jpg>; rel="canonical"
server-timing: imagery;dur=438.881, imageryFetch;dur=36.033, imageryProcess;dur=400.679;desc="image"
timing-allow-origin: *
vary: Accept, Accept-Encoding
x-content-type-options: nosniff
x-request-id: dcaaf05d-3a7f-4158-bc65-bc0800e283d8
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-dc: gcp-us-east1,us-central1
last-modified: Thu, 15 Sep 2022 20:52:58 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F3vD8S6uxPHa%2BFgzi4lUM4HQzBXE0unBuAD1oQdx2kDuj%2FRrj75JOlh8bo50wnX%2FCrPFmn1K8WLOcoanpirH8DT3ixTxs7Huy%2B2asmT0%2FoHk2gOd%2BR4%2BrfpcFnLWti5rPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74b7026b7e640afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/rubik/v21/iJWKBXyIfDnIV7nBrXw.woff2
142.250.74.163200 OK 34 kB URL HTTP/2 fonts.gstatic.com/s/rubik/v21/iJWKBXyIfDnIV7nBrXw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 33580, version 1.0\012- data
Hash 848cd2ecd011428969dc6b90431bc482
6b1a7b562a56bd54510e0f6f95e26babca331a1b
981307dcbbd348f6fb4e3eab184077392f9ee15097ea868f630debefad9044e9
GET /s/rubik/v21/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 12 Sep 2022 21:08:19 GMT
expires: Tue, 12 Sep 2023 21:08:19 GMT
cache-control: public, max-age=31536000
age: 287223
last-modified: Mon, 18 Jul 2022 19:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e46e545fc2bf14cc287de0825ee46d6a
9cba1d2ad19e7c93b7fef0b5e6ab7031d966371a
bf22e123bec3b0e0a62a8a7b14bdc21a89a87b6e3ce8a6b409bcd99d588823b8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF22E123BEC3B0E0A62A8A7B14BDC21A89A87B6E3CE8A6B409BCD99D588823B8"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14115
Expires: Fri, 16 Sep 2022 08:50:37 GMT
Date: Fri, 16 Sep 2022 04:55:22 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7df27d4646e6e1cd358f0997ad604ea9
bf0c3feb55312e00ed8aa718458cc1e932903ac2
ba7ebd5b66156d280c46a2e492c5830f67e114711498b405b4e57ee1f45f4905
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 968f3a8b2eeedf7509fe3f1ce1fd35a2
daefd0f61b6bb739db2acf99005abc5f3e29a1cf
0787a01f6f7086833bf7c613e9a95dfe9ac7959128c040d3d03a26c8bbefcc1d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 16 Sep 2022 04:55:22 GMT
Last-Modified: Fri, 16 Sep 2022 03:17:43 GMT
Server: ECS (nyb/1D22)
X-Cache: Miss from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RZqpjZmtoinhPszV9KD8WB0d6igTa6Gi8ElYEMFpXsIg-Wm5N8rmkg==
Age: 5859
fonts.dooki.com.br/fa/4.7.0/fa.woff2?v=4.7.0
104.18.1.53200 OK 77 kB URL HTTP/2 fonts.dooki.com.br/fa/4.7.0/fa.woff2?v=4.7.0
IP 104.18.1.53:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /fa/4.7.0/fa.woff2?v=4.7.0 HTTP/1.1
Host: fonts.dooki.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://fonts.dooki.com.br/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 04:55:22 GMT
content-type: binary/octet-stream
content-length: 77160
x-amz-id-2: OVCFnU3dSz4Xld8kGf68EHlJCXjOObHGi71mGQCN61mXK6h6bBX98GodqjScI7g0w7ZGHR1/rXE=
x-amz-request-id: YTJN8YC75Y37FH5M
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 1800
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Sat, 10 Nov 2018 14:21:40 GMT
x-amz-version-id: null
etag: "af7ae505a9eed503f8b8e6982036873e"
cf-cache-status: MISS
expires: Sat, 24 Sep 2022 04:55:22 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
server: cloudflare
cf-ray: 74b7026c4a2bb50f-OSL
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
142.250.74.163200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (581)
Size 158 kB (157726 bytes)
Hash 6519c7c04cf32a57b1c5ee45a73c233e
4939bb921988e9eb13780cc2244f3099776e9bfb
8352dd4e3e0fe82562cdc280c020fc31d2c6d054f7ead441a3b18de8ef04401b
GET /recaptcha/releases/zmiYzsHi8INTJBWt2QZC9aM5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 157726
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 05:37:29 GMT
expires: Thu, 14 Sep 2023 05:37:29 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Sep 2022 00:24:01 GMT
content-type: text/javascript
age: 170274
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Fri, 16 Sep 2022 04:41:12 GMT
expires: Fri, 16 Sep 2022 06:41:12 GMT
cache-control: public, max-age=7200
age: 851
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash ecb99528d18dbe7952eac9618eaf2d8e
eb59bf3afc849403fa3dde09b75b5fc51f29e7b5
bcecfe43bf3e0f22ff425fe630e189d28fc3ecdc9764dd1686599e5ce59f40cc
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: dRYum2H5FJAg6f5eBxplT7iiV7r2NI55lwJK5dlYCXB7mUOFfrNbrB9Kvo20sICVMSmiMMqCaKKH0YLKPv3atw==
content-length: 26872
x-fb-trip-id: 2050670934
date: Fri, 16 Sep 2022 04:55:23 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7dff4bc87dbee6fd33e0d7a3dc5ed3bd
59878d4dd98e60b39dcf7ac288e77bb262afab5d
8c3a027cee1f48144eb0504deff1f2b9aa98c9fc3f4e3057ece6caac9f604315
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4494
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:23 GMT
Last-Modified: Fri, 16 Sep 2022 03:40:29 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/j/collect?v=1&_v=j96&a=457763316&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Cosm%C3%A9ticos%20Prime&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEATAAAAAC~&jid=238763127&gjid=1955064745&cid=568182266.1663304107&tid=204326437-2&_gid=579129086.1663304107&_r=1&_slc=1&z=1466726730
142.250.74.174200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j96&a=457763316&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Cosm%C3%A9ticos%20Prime&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEATAAAAAC~&jid=238763127&gjid=1955064745&cid=568182266.1663304107&tid=204326437-2&_gid=579129086.1663304107&_r=1&_slc=1&z=1466726730
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j96&a=457763316&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Cosm%C3%A9ticos%20Prime&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEATAAAAAC~&jid=238763127&gjid=1955064745&cid=568182266.1663304107&tid=204326437-2&_gid=579129086.1663304107&_r=1&_slc=1&z=1466726730 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://seguro.cosmeticosprime.com
date: Fri, 16 Sep 2022 04:55:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j96&a=457763316&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Cosm%C3%A9ticos%20Prime&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEHAAEATAAAAAC~&jid=657279052&gjid=542452209&cid=568182266.1663304107&tid=UA-45745009-5&_gid=579129086.1663304107&_r=1&_slc=1&z=939083640
142.250.74.174200 OK 4 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j96&a=457763316&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Cosm%C3%A9ticos%20Prime&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEHAAEATAAAAAC~&jid=657279052&gjid=542452209&cid=568182266.1663304107&tid=UA-45745009-5&_gid=579129086.1663304107&_r=1&_slc=1&z=939083640
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash 9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
POST /j/collect?v=1&_v=j96&a=457763316&t=pageview&_s=1&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&ul=en-us&de=UTF-8&dt=Finalizar%20compra%20-%20Cosm%C3%A9ticos%20Prime&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEHAAEATAAAAAC~&jid=657279052&gjid=542452209&cid=568182266.1663304107&tid=UA-45745009-5&_gid=579129086.1663304107&_r=1&_slc=1&z=939083640 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://seguro.cosmeticosprime.com
date: Fri, 16 Sep 2022 04:55:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s3.sa-east-1.amazonaws.com/king-assets.yampi.me/dooki/62f9a86fb7e70/62f9a86fb7e76.png
52.95.163.92200 OK 35 kB URL HTTP/1.1 s3.sa-east-1.amazonaws.com/king-assets.yampi.me/dooki/62f9a86fb7e70/62f9a86fb7e76.png
IP 52.95.163.92:0
File type PNG image data, 400 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash 41ed4f2611b892460245974a09220c6c
e3aa654fbe4959534578a5a9a5a1daab4bdb19b3
a7ae53f13cda4fee2898d7a715eaacf5d3af6532aee55811d30c2504f6961eb0
GET /king-assets.yampi.me/dooki/62f9a86fb7e70/62f9a86fb7e76.png HTTP/1.1
Host: s3.sa-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: l4ZqnRVu59InVsr4103u6XJzhXOFXVJ8a4ReuRwue6YiJY2BKs0quiyM820b3A18wxLPuM9Z5ic=
x-amz-request-id: YTJH1RWDP5JEZXG3
Date: Fri, 16 Sep 2022 04:55:23 GMT
Last-Modified: Mon, 15 Aug 2022 01:59:12 GMT
ETag: "41ed4f2611b892460245974a09220c6c"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 34975
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 848674a3bc6b0d4d6cba22b140c574bc
ec95f08f3a5b022c3753f78e30f71d03e2895d78
069aaae82ec20e5bbcc694f9603bded464798891e5e2abc27baadeace22f6a05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-45745009-5&cid=568182266.1663304107&jid=657279052&gjid=542452209&_gid=579129086.1663304107&_u=IEHAAEATAAAAAC~&z=297348480
142.251.1.156200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-45745009-5&cid=568182266.1663304107&jid=657279052&gjid=542452209&_gid=579129086.1663304107&_u=IEHAAEATAAAAAC~&z=297348480
IP 142.251.1.156:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-45745009-5&cid=568182266.1663304107&jid=657279052&gjid=542452209&_gid=579129086.1663304107&_u=IEHAAEATAAAAAC~&z=297348480 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://seguro.cosmeticosprime.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 16 Sep 2022 04:55:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 848674a3bc6b0d4d6cba22b140c574bc
ec95f08f3a5b022c3753f78e30f71d03e2895d78
069aaae82ec20e5bbcc694f9603bded464798891e5e2abc27baadeace22f6a05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 04:55:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=618226349943809&ev=PageView&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&rl=&if=false&ts=1663304107660&cd[content_ids]=%5B%227722404741369%22%5D&cd[content_type]=product_group&cd[value]=175.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.81&r=stable&ec=0&o=29&fbp=fb.1.1663304107659.873654479&it=1663304107374&coo=false&eid=PageView_8z3dfy40z&rqm=GET
31.13.72.36200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=618226349943809&ev=PageView&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&rl=&if=false&ts=1663304107660&cd[content_ids]=%5B%227722404741369%22%5D&cd[content_type]=product_group&cd[value]=175.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.81&r=stable&ec=0&o=29&fbp=fb.1.1663304107659.873654479&it=1663304107374&coo=false&eid=PageView_8z3dfy40z&rqm=GET
IP 31.13.72.36:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=618226349943809&ev=PageView&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&rl=&if=false&ts=1663304107660&cd[content_ids]=%5B%227722404741369%22%5D&cd[content_type]=product_group&cd[value]=175.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.81&r=stable&ec=0&o=29&fbp=fb.1.1663304107659.873654479&it=1663304107374&coo=false&eid=PageView_8z3dfy40z&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Fri, 16 Sep 2022 04:55:23 GMT
expires: Fri, 16 Sep 2022 04:55:23 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=618226349943809&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&rl=&if=false&ts=1663304107661&cd[content_ids]=%5B%227722404741369%22%5D&cd[content_type]=product_group&cd[value]=175.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.81&r=stable&ec=1&o=29&fbp=fb.1.1663304107659.873654479&it=1663304107374&coo=false&eid=InitiateCheckout_iwqoyjqz1&tm=1&rqm=GET
31.13.72.36200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=618226349943809&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&rl=&if=false&ts=1663304107661&cd[content_ids]=%5B%227722404741369%22%5D&cd[content_type]=product_group&cd[value]=175.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.81&r=stable&ec=1&o=29&fbp=fb.1.1663304107659.873654479&it=1663304107374&coo=false&eid=InitiateCheckout_iwqoyjqz1&tm=1&rqm=GET
IP 31.13.72.36:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=618226349943809&ev=InitiateCheckout&dl=https%3A%2F%2Fseguro.cosmeticosprime.com%2Fcheckout%2Faddress&rl=&if=false&ts=1663304107661&cd[content_ids]=%5B%227722404741369%22%5D&cd[content_type]=product_group&cd[value]=175.9&cd[currency]=BRL&sw=1280&sh=1024&v=2.9.81&r=stable&ec=1&o=29&fbp=fb.1.1663304107659.873654479&it=1663304107374&coo=false&eid=InitiateCheckout_iwqoyjqz1&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Fri, 16 Sep 2022 04:55:23 GMT
expires: Fri, 16 Sep 2022 04:55:23 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1216.min.js
151.101.86.137200 OK 18 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1216.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32010)
Hash 6561a2403142205f966207d61576f1a6
1310e72f494e12ab63a4280fc1600a2c89dc9bb8
0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
GET /nr-spa-1216.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 16 Sep 2022 04:55:23 GMT
via: 1.1 varnish
x-served-by: cache-bma1671-BMA
x-cache: HIT
x-cache-hits: 255
x-timer: S1663304124.572454,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2
bam.nr-data.net/1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=4771&ck=1&ref=https://seguro.cosmeticosprime.com/checkout/address&ap=168&be=3064&fe=4688&dc=3600&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663304103025,%22n%22:0,%22f%22:2606,%22dn%22:2606,%22dne%22:2606,%22c%22:2606,%22s%22:2606,%22ce%22:2606,%22rq%22:2610,%22rp%22:3043,%22rpe%22:3043,%22dl%22:3049,%22di%22:3599,%22ds%22:3600,%22de%22:3649,%22dc%22:4686,%22l%22:4686,%22le%22:4688%7D,%22navigation%22:%7B%7D%7D&fcp=3391&at=GhMHFwpIHx8%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=4771&ck=1&ref=https://seguro.cosmeticosprime.com/checkout/address&ap=168&be=3064&fe=4688&dc=3600&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663304103025,%22n%22:0,%22f%22:2606,%22dn%22:2606,%22dne%22:2606,%22c%22:2606,%22s%22:2606,%22ce%22:2606,%22rq%22:2610,%22rp%22:3043,%22rpe%22:3043,%22dl%22:3049,%22di%22:3599,%22ds%22:3600,%22de%22:3649,%22dc%22:4686,%22l%22:4686,%22le%22:4688%7D,%22navigation%22:%7B%7D%7D&fcp=3391&at=GhMHFwpIHx8%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=4771&ck=1&ref=https://seguro.cosmeticosprime.com/checkout/address&ap=168&be=3064&fe=4688&dc=3600&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663304103025,%22n%22:0,%22f%22:2606,%22dn%22:2606,%22dne%22:2606,%22c%22:2606,%22s%22:2606,%22ce%22:2606,%22rq%22:2610,%22rp%22:3043,%22rpe%22:3043,%22dl%22:3049,%22di%22:3599,%22ds%22:3600,%22de%22:3649,%22dc%22:4686,%22l%22:4686,%22le%22:4688%7D,%22navigation%22:%7B%7D%7D&fcp=3391&at=GhMHFwpIHx8%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 04:55:23 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74b702749a930af6-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=9b4f44d52eba03ef; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.nr-data.net/events/1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=5084&ck=1&ref=https://seguro.cosmeticosprime.com/checkout/address
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=5084&ck=1&ref=https://seguro.cosmeticosprime.com/checkout/address
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-1173a7bb9742e987ab2?a=926985131&v=1216.487a282&to=NlQEYUJSDBFUBkdZWQ8eJ1ZEWg0MGgZbVVUKXhNBHlIGBkcAQEM%3D&rst=5084&ck=1&ref=https://seguro.cosmeticosprime.com/checkout/address HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 725
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 04:55:24 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74b702767bb60af6-OSL
Access-Control-Allow-Origin: https://seguro.cosmeticosprime.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
seguro.cosmeticosprime.com/cart/recomm
170.82.173.30200 OK 0 B URL HTTP/2 seguro.cosmeticosprime.com/cart/recomm
IP 170.82.173.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
Analyzer Verdict Alert fortinet Phishing
GET /cart/recomm HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: Vg8EVFRXARAJVldbDwQGVVU=
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MzUyNDkiLCJhcCI6IjExMzQxNzA4MjMiLCJpZCI6IjRhMDMxNTI4MGMyNWNmOTgiLCJ0ciI6IjA1NmY0NWY0YjI4MzI1NzA3YzFkMzNhNWMwYTZiNzJiIiwidGkiOjE2NjMzMDQxMDY2MzV9fQ==
traceparent: 00-056f45f4b28325707c1d33a5c0a6b72b-4a0315280c25cf98-01
tracestate: 2935249@nr=0-1-2935249-1134170823-4a0315280c25cf98----1663304106635
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/checkout/address
Cookie: XSRF-TOKEN=eyJpdiI6Ild5amJEalwvbHN0QVwva0dIaEFHdHY3Zz09IiwidmFsdWUiOiJZbng0cGZvNDJpcjBEbnhSVHhydUVYeFVESERaaGRQa05EK1h3S1FpZWhVQ3VYcWpNUllPZUZNZk9ySWlkVzlwNnFzT1ZOcFp2a3RldDZYMFZudkExZz09IiwibWFjIjoiNjU3YzZmN2MxMzZkYjljMGIwNGYwNTNmZWI5NDQ1YjE0ZjM4NjcyMWNmMGZjMjhlYTA1YjBkZWFlMGYzYTAzOSJ9; bubbstore_checkout=eyJpdiI6IlwvWTVFY291S01QMUY0dlNvVTBSNDFnPT0iLCJ2YWx1ZSI6IkFhYVwvZEJWdWt4c3hvT3BCZWFTVjdENmZveGxCZG1PT1BEUzRJUng1ZU1MZ2FYd0ZYeXpTU2V0SnBvVnd3MzZnTWRDU2JPbTBhRTRLRUpEakZSK2M0Zz09IiwibWFjIjoiMGM1MDM4N2Q4MDlhNTIwNTI4ODkwMmZmYjU4NTM3MDU0Mzk1YmMxMWRmYjc4NGMwNGM1ZTVkN2ExZmM3NWRmNSJ9; cosmeticos-prime_cart=eyJpdiI6Im1zbXZqa3JEQ2JETldVc1RnT1dzekE9PSIsInZhbHVlIjoiZU1JcmlSN1R4eVwvUWZkY2xOaE80eWJDU0pDNEVBVDJQQkQ4ajMzaXZ6VUdWTzNmcTZvdjhqSG9mYVBZMmJOTXdVSzhFb2RLY245THNzXC9kU1FPWVp3QT09IiwibWFjIjoiMjI4MTBmYmNhYjA2ZDlhMTljZGI1YzE2NDRiODFlZjc1ZTg0NjYxOWFlNGIzODA2MzhkMGY4NjEwNjVmYTc5NCJ9; __ana_uid=1-y1ql8fx1-l840bifh
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 04:55:22 GMT
content-type: application/json
x-protected-by: Sqreen
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InIybndcL2h3MTI5bjI4Unl2TTRLUUd3PT0iLCJ2YWx1ZSI6IkRHVjI4TmdndEEraTh2cmo3MmRCWnFlVjZkYTMwc2lqZnQ1VlR4dmZNWXFcL2dGNnp3WG5DcGgwZ3dmSEFVb0h1bFBLdHZiTkV4YWxyemIwaUJGVyszdz09IiwibWFjIjoiNGI3NDBiNGVmMmNiMDk4Y2FhNmMzZTEzYzg5ZGVmNTc4OTI1ZmE1YTg2ZTlkMGY3MTllOTcwN2MwZWEyYTQ4ZiJ9; expires=Fri, 16-Sep-2022 07:55:22 GMT; Max-Age=10800; path=/
bubbstore_checkout=eyJpdiI6ImJUaFVrRVdTTDh3K1NEZEhnZnEyeEE9PSIsInZhbHVlIjoicHZVMk81ajdjMlwvT2ZTaUtFWnN5YWFJRUFqc3Q5ZlpiUWY0RzBkd0JlV292YzBwamR3U3RxWHNycXRZUzVWQWZEamJZcFNNTFlsY3dKcjJRNWVkXC9hUT09IiwibWFjIjoiMTA0ZDEwNzc5Y2RhYTQxY2IyOGQ3MWVkNWE3NGNkNDVhYjdlZmVmODk4YTU4OTAzYzE3YTZjYzhkODhlY2JlYyJ9; expires=Fri, 16-Sep-2022 07:55:22 GMT; Max-Age=10800; path=/; httponly
x-newrelic-app-data: PxQFWFVWCgcJR1hQAQgPU1UCBxFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFtSQhBPEFJSWAsJExoDTFZTUgBSFFIWCAcEAVUVTABNEVsHDgNRX1ANAQBUVQEEBANESFdXXxEDPg==
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.dooki.com.br/fa/4.7.0/fa.css
104.18.1.53200 OK 0 B URL HTTP/2 fonts.dooki.com.br/fa/4.7.0/fa.css
IP 104.18.1.53:0
GET /fa/4.7.0/fa.css HTTP/1.1
Host: fonts.dooki.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 04:55:22 GMT
content-type: text/css
x-amz-id-2: gGNPVnAVZsqONOCg389UDgsIhA1ObjBdpsJMkqSZGddyTo93S8XPm4wvAm36dYfVkX+Cf24ZYFI=
x-amz-request-id: G8BNNJCT1K1R1RT8
last-modified: Sat, 10 Nov 2018 14:21:37 GMT
x-amz-version-id: null
etag: W/"36688de682a76454417c56541b1cf51e"
cf-cache-status: HIT
expires: Sat, 24 Sep 2022 04:55:22 GMT
cache-control: public, max-age=691200
vary: Accept-Encoding
server: cloudflare
cf-ray: 74b7026abf10b515-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
seguro.cosmeticosprime.com/e/t
170.82.173.30200 OK 0 B URL HTTP/2 seguro.cosmeticosprime.com/e/t
IP 170.82.173.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
Analyzer Verdict Alert fortinet Phishing
POST /e/t HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: Vg8EVFRXARAJVldbDwQGVVU=
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MzUyNDkiLCJhcCI6IjExMzQxNzA4MjMiLCJpZCI6IjY0MGZkOGI1MjcyOWI2MGMiLCJ0ciI6IjZlYjJkNzBjOTg4OTM0MmE3OGIxMzM3MDIxYjY1OTljIiwidGkiOjE2NjMzMDQxMDY2NDh9fQ==
traceparent: 00-6eb2d70c9889342a78b1337021b6599c-640fd8b52729b60c-01
tracestate: 2935249@nr=0-1-2935249-1134170823-640fd8b52729b60c----1663304106648
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 358
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/checkout/address
Cookie: XSRF-TOKEN=eyJpdiI6Ild5amJEalwvbHN0QVwva0dIaEFHdHY3Zz09IiwidmFsdWUiOiJZbng0cGZvNDJpcjBEbnhSVHhydUVYeFVESERaaGRQa05EK1h3S1FpZWhVQ3VYcWpNUllPZUZNZk9ySWlkVzlwNnFzT1ZOcFp2a3RldDZYMFZudkExZz09IiwibWFjIjoiNjU3YzZmN2MxMzZkYjljMGIwNGYwNTNmZWI5NDQ1YjE0ZjM4NjcyMWNmMGZjMjhlYTA1YjBkZWFlMGYzYTAzOSJ9; bubbstore_checkout=eyJpdiI6IlwvWTVFY291S01QMUY0dlNvVTBSNDFnPT0iLCJ2YWx1ZSI6IkFhYVwvZEJWdWt4c3hvT3BCZWFTVjdENmZveGxCZG1PT1BEUzRJUng1ZU1MZ2FYd0ZYeXpTU2V0SnBvVnd3MzZnTWRDU2JPbTBhRTRLRUpEakZSK2M0Zz09IiwibWFjIjoiMGM1MDM4N2Q4MDlhNTIwNTI4ODkwMmZmYjU4NTM3MDU0Mzk1YmMxMWRmYjc4NGMwNGM1ZTVkN2ExZmM3NWRmNSJ9; cosmeticos-prime_cart=eyJpdiI6Im1zbXZqa3JEQ2JETldVc1RnT1dzekE9PSIsInZhbHVlIjoiZU1JcmlSN1R4eVwvUWZkY2xOaE80eWJDU0pDNEVBVDJQQkQ4ajMzaXZ6VUdWTzNmcTZvdjhqSG9mYVBZMmJOTXdVSzhFb2RLY245THNzXC9kU1FPWVp3QT09IiwibWFjIjoiMjI4MTBmYmNhYjA2ZDlhMTljZGI1YzE2NDRiODFlZjc1ZTg0NjYxOWFlNGIzODA2MzhkMGY4NjEwNjVmYTc5NCJ9; __ana_uid=1-y1ql8fx1-l840bifh
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 04:55:22 GMT
content-type: text/html; charset=UTF-8
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6Im9GZDYydHVkN0dicCtXTjhNSCtSbUE9PSIsInZhbHVlIjoidkhoV0hmOFpBaDhcL092bEdHejhJb1EzXC9pYnV4d29sN0x6MFZleFwvS1lmVzBiNHVtQ0xmdk9OZHZudTFITDhKSGE0QXhOWnRFVXFIQXdQY0ZEbFRXRVE9PSIsIm1hYyI6ImE3Zjc2NmIwZGY2MDFjYTU1NzA2YTgzYjc3ODA4N2VhMTQzNTdlODJhZWZiYmI2NDNjYmJhZjcxMWNkMGRlOTMifQ%3D%3D; expires=Fri, 16-Sep-2022 07:55:22 GMT; Max-Age=10800; path=/
bubbstore_checkout=eyJpdiI6IjkxYnY0YTFZejJkSGg0OGVCZWxnRHc9PSIsInZhbHVlIjoiNXhHWll6M2IzcEtmR2tDbHNxMys3ZmVLeTlYdURDN0VKem1nZE5HY2VGdVRXT1lneGdRWllDSlZZYW1uUTRhY2hFNXZ4U211MEtLOXpuWVwvczQwbjBnPT0iLCJtYWMiOiI2NzZjMGIxZGJmMGQ1MTA3NTBhYWNjZjk0Y2IyZDFjODY1OWJjNmY5MTFiM2JjMmJlZjU3MjYwZGU0YjMxODUyIn0%3D; expires=Fri, 16-Sep-2022 07:55:22 GMT; Max-Age=10800; path=/; httponly
x-newrelic-app-data: PxQFWFVWCgcJR1hQAQgPU1UCBxFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86THlDQDg9KkNFRzo4clldFhQMDlwHShFkZGRTVABKIl4PRxALWlsEFCNMQVEHCgtZVhVKVB8GA1JWU04ATApQCgoHHh5UFUNUWQVVUQ8EBQcGDFIAUFVWFR1RBwhCU24=
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
content-encoding: gzip
X-Firefox-Spdy: h2
seguro.cosmeticosprime.com/cart?cart_token=shopify-2a71897faefe5a6970f491ed2f764860&utm_source=google&utm_campaign=SMS%20Carrinho%20Abandonado%201&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=519d21a0-3566-11ed-8098-e3c7caae0cba
170.82.173.30302 Found 0 B URL HTTP/2 seguro.cosmeticosprime.com/cart?cart_token=shopify-2a71897faefe5a6970f491ed2f764860&utm_source=google&utm_campaign=SMS%20Carrinho%20Abandonado%201&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=519d21a0-3566-11ed-8098-e3c7caae0cba
IP 170.82.173.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
GET /cart?cart_token=shopify-2a71897faefe5a6970f491ed2f764860&utm_source=google&utm_campaign=SMS%20Carrinho%20Abandonado%201&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=519d21a0-3566-11ed-8098-e3c7caae0cba HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Fri, 16 Sep 2022 04:55:20 GMT
content-type: text/html; charset=UTF-8
location: https://seguro.cosmeticosprime.com/checkout/payment?cart_token=shopify-2a71897faefe5a6970f491ed2f764860&utm_source=google&utm_campaign=SMS+Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=519d21a0-3566-11ed-8098-e3c7caae0cba
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6ImdhYktscW54OFBONWVzckxPbFRBQVE9PSIsInZhbHVlIjoiUXU0WnZra3ZPUll3Zk9hWitEOW5UKzFyelEwbTFCZHBHQkdaTUJOaFwvMDkrVEdSYkh1czlRUmR3dlU2VjN2d1RUdlhEa21DRCt3dWxIZlM2cFVlK3lRPT0iLCJtYWMiOiIyNjViZGE3NDZkZDMyZTk0N2M2N2U5NWUwNDA5NjQ5Y2I4MTk1ZTZiMmRhYjE3MWJiM2Y1YTRmYzBmNGE4MmRjIn0%3D; expires=Fri, 16-Sep-2022 07:55:20 GMT; Max-Age=10800; path=/
bubbstore_checkout=eyJpdiI6IjZvQUtuam55RVpaYXN4QTFHeXM0Smc9PSIsInZhbHVlIjoiK1d5WWg4ZktFd1VFc2V5RU9lXC91aFdreGhIanc4TVcwd3dXS0RpcXlWcURudTkwRzZlbmtaajZiRVVjUlhaK3BiUUR5MkR4c0hnczlKUXdXWkdCUkJnPT0iLCJtYWMiOiJhOTY4NWYzYWU2MWFmOTAyYzdkYTdhZjNjNDQwMzJjYTZmM2MwODNlZjBjZjkzYjgxNmQ3NjU5ZTdmNTkwNTk0In0%3D; expires=Fri, 16-Sep-2022 07:55:20 GMT; Max-Age=10800; path=/; httponly
cosmeticos-prime_cart=eyJpdiI6Im1zbXZqa3JEQ2JETldVc1RnT1dzekE9PSIsInZhbHVlIjoiZU1JcmlSN1R4eVwvUWZkY2xOaE80eWJDU0pDNEVBVDJQQkQ4ajMzaXZ6VUdWTzNmcTZvdjhqSG9mYVBZMmJOTXdVSzhFb2RLY245THNzXC9kU1FPWVp3QT09IiwibWFjIjoiMjI4MTBmYmNhYjA2ZDlhMTljZGI1YzE2NDRiODFlZjc1ZTg0NjYxOWFlNGIzODA2MzhkMGY4NjEwNjVmYTc5NCJ9; expires=Wed, 21-Sep-2022 04:55:20 GMT; Max-Age=432000; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
X-Firefox-Spdy: h2
seguro.cosmeticosprime.com/checkout/payment?cart_token=shopify-2a71897faefe5a6970f491ed2f764860&utm_source=google&utm_campaign=SMS+Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=519d21a0-3566-11ed-8098-e3c7caae0cba
170.82.173.30302 Found 0 B URL HTTP/2 seguro.cosmeticosprime.com/checkout/payment?cart_token=shopify-2a71897faefe5a6970f491ed2f764860&utm_source=google&utm_campaign=SMS+Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=519d21a0-3566-11ed-8098-e3c7caae0cba
IP 170.82.173.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
GET /checkout/payment?cart_token=shopify-2a71897faefe5a6970f491ed2f764860&utm_source=google&utm_campaign=SMS+Carrinho+Abandonado+1&forceCheckout=1&skipToCheckout=1&store_token=bfdd959479b2d0ccf2d734fe81b8edbcf39ac1e5&customerToken=519d21a0-3566-11ed-8098-e3c7caae0cba HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImdhYktscW54OFBONWVzckxPbFRBQVE9PSIsInZhbHVlIjoiUXU0WnZra3ZPUll3Zk9hWitEOW5UKzFyelEwbTFCZHBHQkdaTUJOaFwvMDkrVEdSYkh1czlRUmR3dlU2VjN2d1RUdlhEa21DRCt3dWxIZlM2cFVlK3lRPT0iLCJtYWMiOiIyNjViZGE3NDZkZDMyZTk0N2M2N2U5NWUwNDA5NjQ5Y2I4MTk1ZTZiMmRhYjE3MWJiM2Y1YTRmYzBmNGE4MmRjIn0%3D; bubbstore_checkout=eyJpdiI6IjZvQUtuam55RVpaYXN4QTFHeXM0Smc9PSIsInZhbHVlIjoiK1d5WWg4ZktFd1VFc2V5RU9lXC91aFdreGhIanc4TVcwd3dXS0RpcXlWcURudTkwRzZlbmtaajZiRVVjUlhaK3BiUUR5MkR4c0hnczlKUXdXWkdCUkJnPT0iLCJtYWMiOiJhOTY4NWYzYWU2MWFmOTAyYzdkYTdhZjNjNDQwMzJjYTZmM2MwODNlZjBjZjkzYjgxNmQ3NjU5ZTdmNTkwNTk0In0%3D; cosmeticos-prime_cart=eyJpdiI6Im1zbXZqa3JEQ2JETldVc1RnT1dzekE9PSIsInZhbHVlIjoiZU1JcmlSN1R4eVwvUWZkY2xOaE80eWJDU0pDNEVBVDJQQkQ4ajMzaXZ6VUdWTzNmcTZvdjhqSG9mYVBZMmJOTXdVSzhFb2RLY245THNzXC9kU1FPWVp3QT09IiwibWFjIjoiMjI4MTBmYmNhYjA2ZDlhMTljZGI1YzE2NDRiODFlZjc1ZTg0NjYxOWFlNGIzODA2MzhkMGY4NjEwNjVmYTc5NCJ9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 302 Found
date: Fri, 16 Sep 2022 04:55:21 GMT
content-type: text/html; charset=UTF-8
location: https://seguro.cosmeticosprime.com/checkout/address
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6IjBJemRRdFZzUktFWkhPVjlObCtvWmc9PSIsInZhbHVlIjoiZzQxcDVMNWhuUEh5TXlnMzI1KzY4cWtiYmMxdk9LSWhORmlkTDl2eVRiS0ZNZVdIZDd5TWM0MGYyb2YxcUNuVzcxVlZvRWcyc1Bsdyt6OUp4VjY2blE9PSIsIm1hYyI6IjBmMzA0MDJkNzIwZmZkOTllY2Y5OGVmOWU1NDBjZjA0MmNjYjc2MTUzNTE3Y2M4YTU1NzBjYjY3MTdmNTkxMzUifQ%3D%3D; expires=Fri, 16-Sep-2022 07:55:21 GMT; Max-Age=10800; path=/
bubbstore_checkout=eyJpdiI6ImlaUU1UNHBnbkI0MzJQS0NMUjBqRGc9PSIsInZhbHVlIjoiY2tncDRwa3NVQmM3bXZOYlB4SzNBbUVDQXhxczA5QUNjWmJvbWU5bGlNRytrRzM1ZHZSelF3U3o5UmpnXC9ET1wvSHZwMzg1Z1JpUXhEcEZTa21aWUFzdz09IiwibWFjIjoiMjMyNWVlMTdiZjVmNWFlYmZhZDcxYmU4OGRiNGJmZWYyYmJhYzkxYWZhNGRlZjBjOWUwOGNhZWVmM2Q3ZDJmYiJ9; expires=Fri, 16-Sep-2022 07:55:21 GMT; Max-Age=10800; path=/; httponly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
X-Firefox-Spdy: h2
seguro.cosmeticosprime.com/e/t
170.82.173.30200 OK 0 B URL HTTP/2 seguro.cosmeticosprime.com/e/t
IP 170.82.173.30:0
ASN #266444 3L CLOUD INTERNET SERVICES LTDA - EPP
Analyzer Verdict Alert fortinet Phishing
POST /e/t HTTP/1.1
Host: seguro.cosmeticosprime.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: Vg8EVFRXARAJVldbDwQGVVU=
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI5MzUyNDkiLCJhcCI6IjExMzQxNzA4MjMiLCJpZCI6IjY4Y2M1OTU4YjgyNjQ0NGMiLCJ0ciI6IjBjZTExODFhOGEwYjc5ZDk0ZDRhNmNkNTAxMTQ1OGI5IiwidGkiOjE2NjMzMDQxMDY2NDV9fQ==
traceparent: 00-0ce1181a8a0b79d94d4a6cd5011458b9-68cc5958b826444c-01
tracestate: 2935249@nr=0-1-2935249-1134170823-68cc5958b826444c----1663304106645
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 366
Origin: https://seguro.cosmeticosprime.com
Connection: keep-alive
Referer: https://seguro.cosmeticosprime.com/checkout/address
Cookie: XSRF-TOKEN=eyJpdiI6Ild5amJEalwvbHN0QVwva0dIaEFHdHY3Zz09IiwidmFsdWUiOiJZbng0cGZvNDJpcjBEbnhSVHhydUVYeFVESERaaGRQa05EK1h3S1FpZWhVQ3VYcWpNUllPZUZNZk9ySWlkVzlwNnFzT1ZOcFp2a3RldDZYMFZudkExZz09IiwibWFjIjoiNjU3YzZmN2MxMzZkYjljMGIwNGYwNTNmZWI5NDQ1YjE0ZjM4NjcyMWNmMGZjMjhlYTA1YjBkZWFlMGYzYTAzOSJ9; bubbstore_checkout=eyJpdiI6IlwvWTVFY291S01QMUY0dlNvVTBSNDFnPT0iLCJ2YWx1ZSI6IkFhYVwvZEJWdWt4c3hvT3BCZWFTVjdENmZveGxCZG1PT1BEUzRJUng1ZU1MZ2FYd0ZYeXpTU2V0SnBvVnd3MzZnTWRDU2JPbTBhRTRLRUpEakZSK2M0Zz09IiwibWFjIjoiMGM1MDM4N2Q4MDlhNTIwNTI4ODkwMmZmYjU4NTM3MDU0Mzk1YmMxMWRmYjc4NGMwNGM1ZTVkN2ExZmM3NWRmNSJ9; cosmeticos-prime_cart=eyJpdiI6Im1zbXZqa3JEQ2JETldVc1RnT1dzekE9PSIsInZhbHVlIjoiZU1JcmlSN1R4eVwvUWZkY2xOaE80eWJDU0pDNEVBVDJQQkQ4ajMzaXZ6VUdWTzNmcTZvdjhqSG9mYVBZMmJOTXdVSzhFb2RLY245THNzXC9kU1FPWVp3QT09IiwibWFjIjoiMjI4MTBmYmNhYjA2ZDlhMTljZGI1YzE2NDRiODFlZjc1ZTg0NjYxOWFlNGIzODA2MzhkMGY4NjEwNjVmYTc5NCJ9; __ana_uid=1-y1ql8fx1-l840bifh
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 04:55:22 GMT
content-type: text/html; charset=UTF-8
x-protected-by: Sqreen
set-cookie: XSRF-TOKEN=eyJpdiI6IlwvZWIyRk1TSlgzKzZNcWZDVldiR2RRPT0iLCJ2YWx1ZSI6InJlVmtNbnpUMlJsTHNYREFxaWo5SmpSWU5SXC9lMGgrWXZMM1FQMndQUHp1NEN0MFZvUjE4OHhzXC9ndEk0bjZoZGJMMFpaU3YzQVlQWXgxQUNPNmREYVE9PSIsIm1hYyI6IjY4NGM1NWI5YmMzMGM4OWU3YTlkOTRmNDA3MTg5NGQ3N2M0ZGJhOWRjOTcyNTE5MzRlOGVmMGFhYjY3ZjI2MGYifQ%3D%3D; expires=Fri, 16-Sep-2022 07:55:22 GMT; Max-Age=10800; path=/
bubbstore_checkout=eyJpdiI6ImgxXC9qajY1Z2o4eVwvbFExWG5RQzlhdz09IiwidmFsdWUiOiJlUm94SjNmSHBIVXpsSWZ3eGJ5d1Z3cHI3TkVnMzFKUTBha01Dc1NZQURTMnBaamZXSkFPMlhjWkdIQ0xOR1wvK3kwbXdnOEh2SjE3NzZCbWhxWkYxSlE9PSIsIm1hYyI6IjI1MGMwMDgwNWZlOGIyMjA1YWIyMzE3NTZjZTcwZTFmMmZiMTFkMjliMDk5Zjg3MzY2OTk2OTA3Yzc5OGEwNjkifQ%3D%3D; expires=Fri, 16-Sep-2022 07:55:22 GMT; Max-Age=10800; path=/; httponly
x-newrelic-app-data: PxQFWFVWCgcJR1hQAQgPU1UCBxFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86THlDQDg9KkNFRzo4clldFhQMDlwHShFkZGRTVABKIl4PRxALWlsEFCNMQVEHCgtZVhVKVB8GA1JWU04ATApTDAwNHh5UFUMIAlFUUFQHVwVRCQQHV1hWFR1RBwhCU24=
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-gocache-cachestatus: BYPASS
server: gocache
content-encoding: gzip
X-Firefox-Spdy: h2