Overview

URLtrack.dublicitly.com/ofc/e58e263d-e81a9e33-bd57541c-3559-edfb/01e8aec5-37a6ecd8-ed5f2068-ebc6-d7e3
IP 185.103.37.69 (Spain)
ASN#29119 ServiHosting Networks S.L.
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-26 13:25:21 UTC
StatusLoading report..
IDS alerts0
Blocklist alert1
urlquery alerts No alerts detected
Tags None

Domain Summary (24)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
track.dublicitly.com (1) 0 No data No data 185.103.37.70 Unknown ranking
ocsp.digicert.com (7) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-26 05:33:20 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-26 05:33:16 UTC 34.117.237.239
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.39.96.8
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-26 11:26:18 UTC 142.250.74.168
img.selecoesbrasil.com.br (7) 0 2012-11-09 03:06:45 UTC 2022-11-25 14:21:40 UTC 104.21.47.189 Unknown ranking
cdnjs.cloudflare.com (1) 235 2015-04-17 20:46:33 UTC 2022-11-26 09:48:30 UTC 104.17.24.14
ocsp.sectigo.com (1) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 104.18.32.68
popups.rdstation.com.br (1) 65718 No data No data 34.68.90.188
igoal.go2cloud.org (2) 0 2016-10-11 11:27:39 UTC 2022-11-04 11:38:42 UTC 18.202.12.61 Domain (go2cloud.org) ranked at: 11575
campanha.protestemarketing.com.br (7) 0 2016-01-04 13:56:29 UTC 2022-11-25 18:33:10 UTC 172.67.208.176 Unknown ranking
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-26 07:22:52 UTC 142.250.74.10
fonts.gstatic.com (2) 0 2014-09-09 00:40:21 UTC 2022-11-26 10:10:14 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
stats.g.doubleclick.net (1) 96 2013-06-10 20:21:11 UTC 2022-11-26 08:32:06 UTC 142.251.1.156
d335luupugsy2.cloudfront.net (4) 0 2021-08-08 23:36:44 UTC 2022-11-26 10:31:58 UTC 54.230.245.19 Unknown ranking
pageview-notify.rdstation.com.br (1) 77269 2015-07-14 17:46:40 UTC 2020-05-03 01:00:47 UTC 35.223.116.65
r3.o.lencr.org (4) 344 No data No data 23.36.76.226
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.158
ocsp.pki.goog (8) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.3
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-11-26 11:34:11 UTC 142.250.74.174
static.hotjar.com (1) 641 2014-11-01 05:14:27 UTC 2020-04-26 08:32:02 UTC 143.204.55.84

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-26 2 track.dublicitly.com/ofc/e58e263d-e81a9e33-bd57541c-3559-edfb/01e8aec5-37a6 (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 185.103.37.69
Date UQ / IDS / BL URL IP
2022-11-29 14:48:10 +0000 0 - 0 - 1 track.severnor.com/mbsl/f6612a1d516725be822f3 (...) 185.103.37.69
2022-11-27 20:45:38 +0000 0 - 0 - 1 tracking.supreminor.com/mbsl/f6612a1d516725be (...) 185.103.37.69
2022-11-26 13:25:21 +0000 0 - 0 - 1 track.dublicitly.com/ofc/e58e263d-e81a9e33-bd (...) 185.103.37.69
2022-11-25 16:52:08 +0000 0 - 0 - 1 track.severnor.com/mbsl/f6612a1d516725be822f3 (...) 185.103.37.69
2022-10-22 18:55:14 +0000 0 - 0 - 1 track.dublicitly.com/ofsy/814047b9-c240bf8a-f (...) 185.103.37.69


Last 5 reports on ASN: ServiHosting Networks S.L.
Date UQ / IDS / BL URL IP
2023-02-02 13:08:35 +0000 0 - 6 - 0 ewk.es/ 84.236.238.37
2023-02-02 12:08:52 +0000 0 - 6 - 0 ewk.eu/ 84.236.238.37
2023-02-02 07:56:41 +0000 0 - 21 - 0 anandlee.acblnk.com/url/ver/373677332/2004674 (...) 185.2.150.180
2023-02-02 07:52:10 +0000 0 - 0 - 1 loged.webcindario.com/l-o-g/session/app/signin.php 5.57.226.202
2023-02-02 07:52:04 +0000 0 - 0 - 1 amzonolask.webcindario.com/amazonseccaptcha/d (...) 5.57.226.202


Last 4 reports on domain: dublicitly.com
Date UQ / IDS / BL URL IP
2022-12-22 23:12:54 +0000 0 - 0 - 1 track.dublicitly.com/ofc/e58e263d-e81a9e33-bd (...) 185.103.37.70
2022-11-26 13:25:21 +0000 0 - 0 - 1 track.dublicitly.com/ofc/e58e263d-e81a9e33-bd (...) 185.103.37.69
2022-10-22 23:59:35 +0000 0 - 0 - 1 track.dublicitly.com/ofsy/814047b9-c240bf8a-f (...) 185.103.37.70
2022-10-22 18:55:14 +0000 0 - 0 - 1 track.dublicitly.com/ofsy/814047b9-c240bf8a-f (...) 185.103.37.69


No other reports with similar screenshot

JavaScript

Executed Scripts (14)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (63)


Request Response
                                        
                                            GET /ofc/e58e263d-e81a9e33-bd57541c-3559-edfb/01e8aec5-37a6ecd8-ed5f2068-ebc6-d7e3 HTTP/1.1 
Host: track.dublicitly.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         185.103.37.70
HTTP/1.1 303 See Other
Content-Type: text/html; charset=UTF-8
                                        
Date: Sat, 26 Nov 2022 13:25:10 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Cache-Control: no-cache, private
Location: http://igoal.go2cloud.org/aff_c?offer_id=5311&aff_id=1269&url_id=44765&aff_sub=M2022112613-8706b63b7dfa57bec01f5b092d1628d0&aff_sub3=
Content-Encoding: gzip
Age: 0
Vary: , Accept-Encoding
TP-Cache: MISS
Content-Length: 283
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (337)
Size:   283
Md5:    b11dd69fe3f480328d7c9d193c107d65
Sha1:   ba3d7e53d5068d08ffe24ac78d1e2add7e2a9c0d
Sha256: 818263aceedb45a9c2b05ee272ca13cdf51536506d54457296a41f63e40066af

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13336
Expires: Sat, 26 Nov 2022 17:07:26 GMT
Date: Sat, 26 Nov 2022 13:25:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5945
Cache-Control: max-age=168303
Date: Sat, 26 Nov 2022 13:25:10 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 12:10:13 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 13:19:13 GMT
cache-control: public,max-age=3600
age: 357
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    d130218d0e2841f39c99610fe1a2ab90
Sha1:   29fbe1e177ee55c7a61ae0a206afff271cf5f945
Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7489
Expires: Sat, 26 Nov 2022 15:29:59 GMT
Date: Sat, 26 Nov 2022 13:25:10 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: qwZSw2XBZdmS/siXtZkY535D7l/fOlfUVM91kAuJu+4tj2MKUND4FxoXSTVgOdD2p5TGD5i6TzE=
x-amz-request-id: D7CV976E50A3D382
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 12:41:12 GMT
age: 2638
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /aff_c?offer_id=5311&aff_id=1269&url_id=44765&aff_sub=M2022112613-8706b63b7dfa57bec01f5b092d1628d0&aff_sub3= HTTP/1.1 
Host: igoal.go2cloud.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         18.202.12.61
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Sat, 26 Nov 2022 13:25:10 GMT
Content-Length: 334
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://igoal.go2cloud.org/aff_c?offer_id=5311&aff_id=1269&url_id=44765&aff_sub=M2022112613-8706b63b7dfa57bec01f5b092d1628d0&aff_sub3=
P3p: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Set-Cookie: aff_ran_url_5311=44765; expires=Sun, 27 Nov 2022 13:25:10 GMT; path=/; SameSite=None; Secure
Access-Control-Allow-Origin: *
X-Request-Id: 2023aa8340a6e617b4d090d73f8eac0e
Access-Control-Allow-Headers: Tune-SDK-Version


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   334
Md5:    8b22b05e3208e0650748a733313caabf
Sha1:   a2f72e65621320d7df1dad81ade9560db4da6052
Sha256: 0d27acef9bae0d97b3211279cd26b2f0d09a988e83376477fe5cd893841ef158
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 26 Nov 2022 13:25:10 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.158
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=101149
Date: Sat, 26 Nov 2022 13:25:10 GMT
Etag: "6380edac-1d7"
Expires: Sun, 27 Nov 2022 17:30:59 GMT
Last-Modified: Fri, 25 Nov 2022 16:30:36 GMT
Server: ECS (bsa/EB19)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 3tPK1e2E6U-cLT-y8C9-S97nfon_Aec_D99H1lMgGCwcF-mGp944VQ==
Age: 3624

                                        
                                            GET /aff_c?offer_id=5311&aff_id=1269&url_id=44765&aff_sub=M2022112613-8706b63b7dfa57bec01f5b092d1628d0&aff_sub3= HTTP/1.1 
Host: igoal.go2cloud.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         18.202.12.61
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Sat, 26 Nov 2022 13:25:10 GMT
Content-Length: 246
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: http://campanha.protestemarketing.com.br/engine?mktcode=GUKP21
P3p: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Set-Cookie: aff_ran_url_5311=44765; expires=Sun, 27 Nov 2022 13:25:10 GMT; path=/; SameSite=None; Secure enc_aff_session_5311=ENC0344300741fd4a8c6df785f85c8ff0aede6c40f6b045be856bff5646c119729fe8cd65d46eca5957f1e8ea765f79bf4cd8148e3d71e59755964c373e4a457fa4497e8aac61a3461ce52fae274c3c2e089feaff7dcf591f6ee210019c1857d026d7d7d2edba539e76a586dfbbf5f3dcbe1ba861ecdeb3d118abd9897b59045726254d22db90a39267b60510960e4530e3d859f728b0c0438417648a8d5527ef78712cc2942d; expires=Sat, 03 Dec 2022 13:25:10 GMT; path=/; SameSite=None; Secure ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMDUuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgWDY0OyBSdjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsImFjY2VwdF9sYW5ndWFnZSI6ImVuLVVTLGVuO3E9MC41IiwiY29ubmVjdGlvbl9zcGVlZCI6ImJyb2FkYmFuZCJ9; expires=Tue, 21 Oct 2025 00:05:10 GMT; path=/; SameSite=None; Secure
Tracking_id: 1028580e50afa81d5e6112032d577d
X-Robots-Tag: noindex, nofollow
Access-Control-Allow-Origin: *
X-Request-Id: 8cd3457a68ee2d203b2daac4742c2ec5
Access-Control-Allow-Headers: Tune-SDK-Version


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   246
Md5:    51dcb6c1e699cb4105b6e3d6413b3496
Sha1:   e096559c67d327408a408b914e87084ad382d9a7
Sha256: 95ab4c3c40e428d7932a79a8c7ff64a2e1b7d61744ca16d2d394466101c76112
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 13:08:54 GMT
cache-control: public,max-age=3600
age: 977
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1622
Cache-Control: max-age=158922
Date: Sat, 26 Nov 2022 13:25:11 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 09:33:53 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /engine?mktcode=GUKP21 HTTP/1.1 
Host: campanha.protestemarketing.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         172.67.208.176
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Date: Sat, 26 Nov 2022 13:25:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Location: /oferta?mktcode=GUKP21&eid=22113358460906&edmid=7C72D1C5AB8CB749B79DEE25ED65FE5A&page=D9652364815137A9&company=proteste&pga=1
Set-Cookie: ASP.NET_SessionId=i5vmlr5kh3tmaccizjuhizrl; path=/; HttpOnly; SameSite=Lax
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FCbc4j6rXmxbqxz4WuAjHC2akY4nwYKNVaFXH4G20Sm7L6d%2BnA%2BNUFL93lwDJw%2F%2BbG9RcyZgWNQDLpBoZKxOlGCFu6AMPMA8biIB7UILJxqSsm6BDgDktW8leGXCcZR5zhD8AfmlX%2BkDbsPdkryn32LaR50%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7702f2d728510b65-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   262
Md5:    89c23abfb02de3afa666d50d15faedaf
Sha1:   8a09fee4dc79d8d9b1509271bbd94946c80c1a41
Sha256: 8871ee87b51d57d070eb3b4c58fa3c8c1e7ee8fd14877707bf53e8930ca9ebb9
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VErqqUyTlYTK7D+ROVdWAA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.39.96.8
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 85xeei6OZdAjekroK9T2RB0L6qQ=

                                        
                                            GET /oferta?mktcode=GUKP21&eid=22113358460906&edmid=7C72D1C5AB8CB749B79DEE25ED65FE5A&page=D9652364815137A9&company=proteste&pga=1 HTTP/1.1 
Host: campanha.protestemarketing.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ASP.NET_SessionId=i5vmlr5kh3tmaccizjuhizrl
Upgrade-Insecure-Requests: 1

search
                                         172.67.208.176
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Sat, 26 Nov 2022 13:25:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Vary: Accept-Encoding
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fkWShKW%2F482%2F%2BcfFmJ626uWWcqDv7ubWrlhEVMb7EZnSstPizwH60b8BSkFMPAotizEPIURarWVaqIw4bBjI0br%2BXKpWCLNEOJgpCWZfoTay4IL9AnFeh%2B8vRCpglDg8co4UFnQlVKA6hZ7AY6r6%2BQuAfes%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7702f2da8c120b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (474), with CRLF, LF line terminators
Size:   2259
Md5:    ca9a0409d651b2e13acc7e13b9523855
Sha1:   1c674a203677cd8bf95ec588edfacaeb8bdcd5da
Sha256: 5e7661db1ff9370703c22b15d88cd5360612bd5c6023412143cbbb1e7ef06b6d
                                        
                                            GET /ajax/libs/animate.css/3.7.0/animate.min.css HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.24.14
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Sat, 26 Nov 2022 13:25:11 GMT
content-length: 3541
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d2a-e283"
last-modified: Mon, 04 May 2020 16:04:58 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1281436
expires: Thu, 16 Nov 2023 13:25:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h0DX5W1VWflSuzKE40y78m3t52dM%2Bjc4GZaPPGajmD5oOPkwf06X%2BaLVTP2xi1SNL2dscdTbzjxMm56MAGOYBA%2FGfwMMZ8EiSiIHe9FMdolHIdigLDcUZ1dAL4OoqAW9qL83my4e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7702f2dd5e640b4d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (57790)
Size:   3541
Md5:    ff6b787c5ff15f7b97e551a6d8a2849e
Sha1:   18229205ca4f08163d2abf04dfe21e01a4565248
Sha256: dd1520af68e81f23c6cc87b999d755e3bf9075258121e621a9f51a51833248f0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 13:25:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 13:25:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=113356
Date: Sat, 26 Nov 2022 13:25:11 GMT
Etag: "63812b83-116"
Expires: Sun, 27 Nov 2022 20:54:27 GMT
Last-Modified: Fri, 25 Nov 2022 20:54:27 GMT
Server: nginx
Content-Length: 278

                                        
                                            GET /gtm.js?id=GTM-KLL3N3 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 26 Nov 2022 13:25:11 GMT
expires: Sat, 26 Nov 2022 13:25:11 GMT
cache-control: private, max-age=900
last-modified: Sat, 26 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46651
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2595)
Size:   46651
Md5:    d17d99bf65120b3da498ceda1a87c36a
Sha1:   ec713cc7518c0234838c082b97d5464f01b727ea
Sha256: 75b23c26da65956120cc57493588801f6f82fa8c6e176bf5fc238c7fca8ae55b
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=113355
Date: Sat, 26 Nov 2022 13:25:12 GMT
Etag: "63812b83-116"
Expires: Sun, 27 Nov 2022 20:54:27 GMT
Last-Modified: Fri, 25 Nov 2022 20:54:27 GMT
Server: nginx
Content-Length: 278

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=113355
Date: Sat, 26 Nov 2022 13:25:12 GMT
Etag: "63812b83-116"
Expires: Sun, 27 Nov 2022 20:54:27 GMT
Last-Modified: Fri, 25 Nov 2022 20:54:27 GMT
Server: nginx
Content-Length: 278

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=113355
Date: Sat, 26 Nov 2022 13:25:12 GMT
Etag: "63812b83-116"
Expires: Sun, 27 Nov 2022 20:54:27 GMT
Last-Modified: Fri, 25 Nov 2022 20:54:27 GMT
Server: ECS (amb/6B96)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /css?family=Baloo|Open+Sans:400,700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 13:25:11 GMT
date: Sat, 26 Nov 2022 13:25:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1218
Md5:    ef08d27eba9ea23d1379ad3a8a300cb3
Sha1:   7d00e2531446d9b71fd2ccf856acec652112c430
Sha256: c2bf6644d6f9e31ab0f9ef06b509c240df0429c36a8f6bffefcf10e9274ccb4b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 13:25:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /Scripts/func_js.js HTTP/1.1 
Host: campanha.protestemarketing.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/oferta?mktcode=GUKP21&eid=22113358460906&edmid=7C72D1C5AB8CB749B79DEE25ED65FE5A&page=D9652364815137A9&company=proteste&pga=1
Cookie: ASP.NET_SessionId=i5vmlr5kh3tmaccizjuhizrl

search
                                         172.67.208.176
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 26 Nov 2022 13:25:12 GMT
Content-Length: 1368
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Tue, 23 Oct 2018 15:00:55 GMT
ETag: "d86a1233e16ad41:0"
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gj4lkgMrgq6Q%2BF8HHmjCJ%2BX9ghkKGbRP7k1WL9aSCin2XZLNhA2G3bXOpxa0sh5LjuJSkZgKxRUj4QLoTy7Dy4T34cuTeEg23Y6udYqlL1LDC8DTX1APktX8xGhQC5ezP320jhCImmyNc3seK8Z0RPryTrU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7702f2dd3ec50b65-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1368
Md5:    50038c1eb358ac4065f501a4c80d237e
Sha1:   3dcb478fd68dd21bfb43ce3ddb30657f333c870a
Sha256: aaf7e0a085bec379f214b7bca343149c575524335c179aa771b82dfc41801e7c
                                        
                                            GET /Content/colorbox.css HTTP/1.1 
Host: campanha.protestemarketing.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/oferta?mktcode=GUKP21&eid=22113358460906&edmid=7C72D1C5AB8CB749B79DEE25ED65FE5A&page=D9652364815137A9&company=proteste&pga=1
Cookie: ASP.NET_SessionId=i5vmlr5kh3tmaccizjuhizrl

search
                                         172.67.208.176
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 26 Nov 2022 13:25:12 GMT
Content-Length: 1275
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Tue, 27 Nov 2018 13:20:21 GMT
ETag: "fa4ec4f25386d41:0"
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ij5dYtK5L4Mgwas3FJs1ZKzWXZSpazoxaw6dozjbLqxTDuMyxrbpgt39w1ErELssit9qrGWUtCFjl3IXzMWITyM0J%2FkrzBPIvC8Mm9wpww5UmWbgPlrdxhP%2BJfyFKBqc%2BstK5W%2F%2BjLYJLQ%2ByOBLqHSBAJL0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7702f2dd4bf61bfe-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text
Size:   1275
Md5:    74ff6e043a7dfe18d466e0e36ba80ce8
Sha1:   c182f401d8ab26a6220c20e5d6549e21766beb16
Sha256: 445b83e34d22e5af3d6c5f6b8d37f01f159f86a1409a05e4cd38eea91e89d591
                                        
                                            GET /Scripts/colorbox/jquery.colorbox.js HTTP/1.1 
Host: campanha.protestemarketing.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/oferta?mktcode=GUKP21&eid=22113358460906&edmid=7C72D1C5AB8CB749B79DEE25ED65FE5A&page=D9652364815137A9&company=proteste&pga=1
Cookie: ASP.NET_SessionId=i5vmlr5kh3tmaccizjuhizrl

search
                                         172.67.208.176
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Sat, 26 Nov 2022 13:25:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z4gEwmuZrR%2Fz8bkk0RI1pHa7mBuputjOjkOLbFcRYFTRbbBMEnV94wXjsQ4rBQTbia1pgGPiktJh1FdVrimnpJNtEHGIu1TvYnU0wEyqTFKFkeT9Py7hvI9ZQ6D4NzGVAAxBCAo2ZHrOU%2BbrNNDaAUgpPd0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7702f2dd4c200b41-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   681
Md5:    31e9fc60acd51416a2d46d438f110c87
Sha1:   3f2d477fbc4f31f7c1cdce67fa62b91dbcf3be31
Sha256: 7f5761616dfd681c53b9e4262352899378044d0bae11f301a7190d66bf5a4702
                                        
                                            GET /edm_megaconcurso_proteste_201902_ms_logo-pt.png HTTP/1.1 
Host: img.selecoesbrasil.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.21.47.189
HTTP/2 200 OK
content-type: image/png
                                        
date: Sat, 26 Nov 2022 13:25:12 GMT
content-length: 3367
last-modified: Wed, 13 Feb 2019 17:45:05 GMT
etag: "f650d9dac3c3d41:0"
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1nSVyKSgMIaDNVvAN%2FKXMi3eX5I4LONq8M%2Fud%2BiXouqCujw20nMCPobX6Q2hJzdGsH0%2F%2BjzLX3%2Faxyvmxig2y%2BAMjniDMqNXjegMPgPZ%2BgIvxVBKNQ4kasIU8OFk4MP2UF9sX4U8gBKXgJ83"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702f2de2b460b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 148 x 35, 8-bit/color RGBA, non-interlaced\012- data
Size:   3367
Md5:    b353955c486da98cd4ba0e02703d6acc
Sha1:   b7e117f5be2eae5334a5ec844d7c9600166b4c61
Sha256: 189df1483e87ab30d39125a0ef9ffe6ddfbd7775fbcafb0a04608de7cc88122f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=113356
Date: Sat, 26 Nov 2022 13:25:12 GMT
Etag: "63812b83-116"
Expires: Sun, 27 Nov 2022 20:54:28 GMT
Last-Modified: Fri, 25 Nov 2022 20:54:27 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 278

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E943AACB4A46480AB031EF294A0E089976EC125C331C15116B6C79F6B0F2FF0"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16212
Expires: Sat, 26 Nov 2022 17:55:24 GMT
Date: Sat, 26 Nov 2022 13:25:12 GMT
Connection: keep-alive

                                        
                                            GET /edm_megaconcurso_proteste_201902_ms_script.js HTTP/1.1 
Host: img.selecoesbrasil.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.47.189
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 26 Nov 2022 13:25:12 GMT
last-modified: Wed, 13 Feb 2019 17:52:20 GMT
etag: W/"6279caddc4c3d41:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CYt61kabG%2BjLZ4QWahCGWHag2X6%2FGJLqMNq7IOqI%2FzK%2Bb%2BqRzXOeYthzK4GcSx3d9tI4IhPW1ST6P9fw2zNxGxTonkghlLXQhHC%2BtREnCXeh%2BSpVKZqDmjw7tNhDLVFvGlb4NyqPwuY7bZJ6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702f2de2b440b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   776
Md5:    af4c1b4197ea4931e167beaf474f3c24
Sha1:   75e89387acaead9b7b58c56c13fe3692924b77e9
Sha256: d96e3bca547f5329a525c369a2b385f51f749080f5d2edc85d65978919e18abb
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93728079-c686-4b9a-9313-1cc6778793d2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7799
x-amzn-requestid: 4b3bf619-fb69-4cfe-b8e7-7de4ea127853
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXADFOvoAMFXQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813866-77f561ae3496d84c75541300;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:49:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lt_7H9W9LVUS5gKPrBF_vGiXg-anP_bGV5izsxPiGhiasy2eBnltuw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:33:39 GMT
age: 53493
etag: "3f4a47cdd9ea3bbd20fec37e4a9dbfa9af2acc50"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7799
Md5:    96437d0cb1ceaffa77124f0dcfeb38cf
Sha1:   3f4a47cdd9ea3bbd20fec37e4a9dbfa9af2acc50
Sha256: 89244601b0a4bc150033e52dc56cf0fbe2846ebba7532c477146258a70783e05
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e649ab-6d56-47c9-ab7e-c65d9bdfcffd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6789
x-amzn-requestid: eede6332-5376-4f9c-83fc-f894430c1f4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWWYFFgoAMFhaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381375b-66d7ffc70f7d901420a503da;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:44:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yM8EHyxy6pUHVZhGUOHuFOU-Z4eTyL2N3Ooa6QMrPlIfp6X5I_JBRw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:06 GMT
age: 56346
etag: "c47a3884465fc02b5c57faa5ffbd986ba29c64c2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6789
Md5:    926df9839ec3d924b563b55d8bccace8
Sha1:   c47a3884465fc02b5c57faa5ffbd986ba29c64c2
Sha256: a97cd625959aa81bc516024628315b2c6e2ce94f76cd579751a686a6611cc4d2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SRN-oOfa8Z0mQZFYkWAv32XFiXChfGjfwZkfWz-IzHubwrKgzwoTxQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 03:55:38 GMT
age: 34174
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3502
Md5:    a783df85f30f9c555f9df6b99f61744d
Sha1:   61f9bed607e81606be78285596acdc5e0e4f4994
Sha256: 19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 15818
x-amzn-requestid: a6570859-3b03-492e-9f84-e25b01223da2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXrUF3bIAMF8CA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381397b-379b1bcf2ac0715835e10e48;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:54:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TI0cacek54dPUYW7fYy0xm-1CKdRXZGqBH1vGURakUsBbm-WGcW-vA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:17:55 GMT
age: 54437
etag: "1ac7a410cd4f3709f476c776dd5646dd982dcfa8"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   15818
Md5:    17ebe470d040a6ea8c57e9b9d4f4e828
Sha1:   1ac7a410cd4f3709f476c776dd5646dd982dcfa8
Sha256: d65114b68fcc12344c6df7bf294718b79822fa9782d3bd54ca044b66f82052b1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9049
x-amzn-requestid: 6cbd9639-c29d-4ff4-8091-3168f64f4c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVGHzKoAMFSuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135ba-100ea4235fdf1df8491041c8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: utbUF-6Z7rMqPNdRKHJyI-IZoyTy6HpkNBY-60xcZ-6NDXBz1XN6-Q==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:40 GMT
age: 56192
etag: "3d32bff85cb7ec118c4496d0c3802829fdc9af3b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9049
Md5:    c8dc4b8a7e9f7f4f84f0da568b43392b
Sha1:   3d32bff85cb7ec118c4496d0c3802829fdc9af3b
Sha256: 4b0ffde427085c796a7a5823604b29a4af43dbb93e99ec41f34feb37f52ac7d9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffad04f54-f199-4bc1-a785-cf5c76640147.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11150
x-amzn-requestid: 0b773c28-feda-41a2-9de6-8b559bd773eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVC5EukoAMFxfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813545-3bfe118939abc352072c5af1;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TpEr70sCNigNhVg7rDFIUG12AVpzC0BUW6-xW3QTvjLcBUrpehjJbQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:46:06 GMT
age: 56346
etag: "845842c789e6e97fd1687e668d446bbb8309ffc7"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11150
Md5:    d0f860248042a8499ffb1701a880b2ba
Sha1:   845842c789e6e97fd1687e668d446bbb8309ffc7
Sha256: 9eca5258c7b6e4e145ca6576a3f3791f1324714404ffd7a56a61961f81e7bd44
                                        
                                            GET /Scripts/colorbox/jquery.colorbox.js HTTP/1.1 
Host: campanha.protestemarketing.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/oferta?mktcode=GUKP21&eid=22113358460906&edmid=7C72D1C5AB8CB749B79DEE25ED65FE5A&page=D9652364815137A9&company=proteste&pga=1
Cookie: ASP.NET_SessionId=i5vmlr5kh3tmaccizjuhizrl

search
                                         172.67.208.176
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Sat, 26 Nov 2022 13:25:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mG71u3mBvgYacgdHJCbYgL4HKYEKPx3J5n%2BrTWhxz4IcuauyRJFx41sUs%2BzboU6VV8k3AGPYvXGW89yzfLOlynvRfsi25aRMBN8%2BzsEsXwwa%2BguWz2QdhPVBRsx9gPJSeELhuJpd%2FPIv5FP1w9JuA5JRVR4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7702f2e3a9631bfe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   681
Md5:    31e9fc60acd51416a2d46d438f110c87
Sha1:   3f2d477fbc4f31f7c1cdce67fa62b91dbcf3be31
Sha256: 7f5761616dfd681c53b9e4262352899378044d0bae11f301a7190d66bf5a4702
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 13:25:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 13:25:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://campanha.protestemarketing.com.br
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 05:42:51 GMT
expires: Fri, 24 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 200541
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            GET /s/baloo/v13/6xKhdSpJJ92I9MWPCm4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://campanha.protestemarketing.com.br
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 25656
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:52:21 GMT
expires: Thu, 23 Nov 2023 18:52:21 GMT
cache-control: public, max-age=31536000
age: 239572
last-modified: Tue, 19 Apr 2022 17:57:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 25656, version 1.0\012- data
Size:   25656
Md5:    28117f9c43a85a42f07155dd25b2c0cd
Sha1:   2fb0c176e9fc237ae77cebdce8230b151fed8ec6
Sha256: 924c700458c4713734d2d78fcd9c278879ea20fafb2a7c40b82005968525cbbb
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 13:25:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /edm_beneficios_proteste_201903_ms_img-cartao-proteste_202008ok_75.png HTTP/1.1 
Host: img.selecoesbrasil.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.21.47.189
HTTP/2 200 OK
content-type: image/png
                                        
date: Sat, 26 Nov 2022 13:25:13 GMT
content-length: 79024
last-modified: Wed, 24 Nov 2021 14:22:59 GMT
etag: "c4b628c83ee1d71:0"
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EbFozIHBsHiOc1iiEZ9m%2F19zKkax7DuLleeU9DY%2BzmLAqWXNwcVI2JM2PfW2gLvZC%2B5D03prb%2FfW16HiNXROnqz5s5wjVIUzvYaxQArIvFOw4HPB0L%2FAt2JtMnRy45q6gehYBsGggcCqRA63"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702f2de2b450b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 573 x 661, 8-bit colormap, non-interlaced\012- data
Size:   79024
Md5:    fcc95a68ee6dc242a7446b939463ff19
Sha1:   b706283b2ace011296b61171841745b501dc49ad
Sha256: 3d6c3ee944cc5a31f853162d155769029c2dad902d762ba39a6513599c54f231
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 26 Nov 2022 12:41:08 GMT
expires: Sat, 26 Nov 2022 14:41:08 GMT
cache-control: public, max-age=7200
age: 2645
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            GET /c/hotjar-2823494.js?sv=6 HTTP/1.1 
Host: static.hotjar.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.84
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Sat, 26 Nov 2022 13:25:13 GMT
access-control-allow-origin: *
cache-control: max-age=60
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: W/b6c94dbacd889067535da99d81b66e4d
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: USXZmUZnuhC4vBpe4QCuewKbu9AO0XSTuja9rl_Ra8D8693PVZaNCw==
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5909)
Size:   3053
Md5:    f595d4119d6d40cdf3bf87c2ea8ca345
Sha1:   b3f68dd1c540e73f8748be85e50db72f7fac1395
Sha256: 21c019791193d2ab4017aa4ace6ba23b0c7151ce98f3c5c62a5cbb30bd067ef4
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 13:25:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-80454069-3&cid=930482344.1669469113&jid=23828086&gjid=77962282&_gid=1095909924.1669469113&_u=YGBAgAABAAAAAE~&z=1213387275 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://campanha.protestemarketing.com.br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.251.1.156
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: http://campanha.protestemarketing.com.br
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 26 Nov 2022 13:25:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 13:25:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /img/NGWP_favicon.JPEG HTTP/1.1 
Host: campanha.protestemarketing.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/oferta?mktcode=GUKP21&eid=22113358460906&edmid=7C72D1C5AB8CB749B79DEE25ED65FE5A&page=D9652364815137A9&company=proteste&pga=1
Cookie: ASP.NET_SessionId=i5vmlr5kh3tmaccizjuhizrl

search
                                         172.67.208.176
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Sat, 26 Nov 2022 13:25:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j2VdS6tuYmVc9KZ2FyjPstg4a6KBUJL4l5%2FQH7EkZboENNJUWZxUugip2tR4Nt8u04UmNonR6k1B4ZGLofJ4JojxGj3WJhnVUU6t1YsBoDf%2FaMSd2FyIsWYrb7cYYJZbg%2Bh3eAYcj9M5VItXnIpeahZsP%2FI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7702f2e65ba01bfe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   681
Md5:    31e9fc60acd51416a2d46d438f110c87
Sha1:   3f2d477fbc4f31f7c1cdce67fa62b91dbcf3be31
Sha256: 7f5761616dfd681c53b9e4262352899378044d0bae11f301a7190d66bf5a4702
                                        
                                            GET /js/integration/stable/rd-js-integration.min.js?v=1 HTTP/1.1 
Host: d335luupugsy2.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.245.19
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
content-length: 5126
last-modified: Mon, 14 Mar 2022 19:11:46 GMT
content-encoding: gzip
x-amz-version-id: EFK6hy2tasKcabJ9JHnpmDSfRZbvtSM9
accept-ranges: bytes
server: AmazonS3
date: Fri, 25 Nov 2022 20:20:54 GMT
cache-control: max-age=86400, must-revalidate
etag: "037b8303bce609f3647bd079508031b2"
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8taW0TWtiu4gvbK-koBth12KYMLA-6ff4sj-MHxZY7Z4bubK2mxKtQ==
age: 61460
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (14095)
Size:   5126
Md5:    037b8303bce609f3647bd079508031b2
Sha1:   b76218de9ed86ba5eb7a432f264c016da0b044ea
Sha256: c2a0cc110766fc701e4aad2ec2deb59fdbdcbc1b22c957832948377d456fa87a
                                        
                                            GET /js/rdstation-popups/bricks/rdstation-popup.min.js?v=1 HTTP/1.1 
Host: d335luupugsy2.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.245.19
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
content-length: 55730
date: Fri, 25 Nov 2022 20:17:45 GMT
last-modified: Thu, 01 Sep 2022 18:56:54 GMT
etag: "0745a774ff7c7e1979835e815fedb0c4"
content-encoding: gzip
x-amz-version-id: Rdke.7MSx732uledJxJP7l.H8q8C1Qau
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: K79GjmSO4EoI2f7rCeb9LD3cKX7uAPmuSNQAyrDXLcj__moMq_GUVQ==
age: 61649
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65224)
Size:   55730
Md5:    0745a774ff7c7e1979835e815fedb0c4
Sha1:   0432043be5a45c2bae353163bad348047a498160
Sha256: 361f3851dc0b75b8fda43f41acdce3fddb156c0df39218304149cb6e3e7459bb
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C051A7B155C74A046987CFD6491101E34BA090BBFD2ADB395710E293C1E224FB"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5991
Expires: Sat, 26 Nov 2022 15:05:05 GMT
Date: Sat, 26 Nov 2022 13:25:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 13:25:14 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 07:05:14 GMT
Expires: Fri, 02 Dec 2022 07:05:13 GMT
Etag: "0ef59f99eca8e9d960404871d4d374489d04f154"
Cache-Control: max-age=494998,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7702f2ef8b8fb524-OSL

                                        
                                            GET /popup/show.json?account_id=122066&uniq=_yqguj1tml&ref=aHR0cDovL2NhbXBhbmhhLnByb3Rlc3RlbWFya2V0aW5nLmNvbS5ici9vZmVydGE%2FbWt0Y29kZT1HVUtQMjEmZWlkPTIyMTEzMzU4NDYwOTA2JmVkbWlkPTdDNzJEMUM1QUI4Q0I3NDlCNzlERUUyNUVENjVGRTVBJnBhZ2U9RDk2NTIzNjQ4MTUxMzdBOSZjb21wYW55PXByb3Rlc3RlJnBnYT0x HTTP/1.1 
Host: popups.rdstation.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://campanha.protestemarketing.com.br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.68.90.188
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=7776000
x-frame-options: sameorigin
content-length: 13
date: Sat, 26 Nov 2022 13:25:14 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   13
Md5:    6346e069259dd802eaf247566e2f4368
Sha1:   03783069db6874744910cd5a92636f22529c6328
Sha256: 96ddd38efe76ec82a9f2b4ecb8c151aa7b202d792823131a8936fc9bd616b22a
                                        
                                            POST /send HTTP/1.1 
Host: pageview-notify.rdstation.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 100
Origin: http://campanha.protestemarketing.com.br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.223.116.65
HTTP/2 200 OK
content-type: text/html;charset=utf-8
                                        
date: Sat, 26 Nov 2022 13:25:14 GMT
content-length: 36
access-control-allow-origin: http://campanha.protestemarketing.com.br
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: *, Content-Type, Accept, AUTHORIZATION, Cache-Control
access-control-allow-credentials: true
access-control-max-age: 1728000
access-control-expose-headers: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma
set-cookie: _rdtrk=b4e3ba54-11b0-44af-badf-7ed19d2010c4; domain=.rdstation.com.br; expires=Thu, 01 Jan 2032 00:00:00 -0000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15724800; includeSubDomains
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   36
Md5:    5dbb24193863cc729eb749436326033b
Sha1:   c9657074b0b36b69f63a355d247c29b0a95923dd
Sha256: ffebdce73f6dd943c5e499eb047326008eeafa403eb8a8fa288c42529d6af80d
                                        
                                            GET /bootstrap.min.css HTTP/1.1 
Host: img.selecoesbrasil.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.47.189
HTTP/2 200 OK
content-type: text/css
                                        
date: Sat, 26 Nov 2022 13:25:12 GMT
last-modified: Mon, 07 Mar 2022 13:43:44 GMT
etag: W/"726525d2932d81:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lzlQx2fzcpG%2FquP%2FCfQjYv5pxMbcpuLhbLvmkehUnLpHb8admOptEWa1Rmo5%2Flk5X5OtpylVN1pT3r0CxJ2StzjS9ruGfXd9%2B87rCCYVl3G8Oe3fQSmdsKKNMm0OnqmWfUYfRGZ%2Fhux7%2B4Fo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702f2de5b640b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /bootstrap.min.js HTTP/1.1 
Host: img.selecoesbrasil.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.47.189
HTTP/2 404 Not Found
content-type: text/html
                                        
date: Sat, 26 Nov 2022 13:25:12 GMT
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XjOPSTYhUUBXjS%2FsgHR9Ro8onz4VLfUBShaFoPFJ%2BO3aaQbESwwUAwXOMtpXPPLFFQ6tIA%2BVHHUWPKzXvXwGq0wyKyMoPAIIge9s0VaTihxBKLgo8nwYmWwipoeM7A88bSX6WlExGaCPeehU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7702f2de4b610b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /edm_beneficios_proteste_201903_ms_style.css HTTP/1.1 
Host: img.selecoesbrasil.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.47.189
HTTP/2 200 OK
content-type: text/css
                                        
date: Sat, 26 Nov 2022 13:25:12 GMT
last-modified: Fri, 29 Mar 2019 19:06:11 GMT
etag: W/"b9b0317962e6d41:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7MLbR3Rljwwo%2B8F%2Fu%2FOyictx0Mcsik4x0SyYgaKJ0JPhOaaIRo0L0DLZ0WVK6oJsJ8RPiplQXFPh%2BWj%2BN2uWfGd0OtOqMZNIp2FtJaANppvpCRhk75Wu3o8nY1KmpA9KgFuaxojuFYbvszk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702f2de5b650b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /jquery.min.js HTTP/1.1 
Host: img.selecoesbrasil.com.br
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.47.189
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 26 Nov 2022 13:25:12 GMT
last-modified: Tue, 29 Nov 2016 13:54:18 GMT
etag: W/"0a1f313484ad21:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XPSpucOyAnxA3oRipuwJmy5TmNEIn3yRdSq7UmgGH4rbAfHWeOw1%2BSOMKFKmA%2FkLydGnPHhTC7W8SzVAdjQ2hgd5TneL8ruTUK%2FL6MDGs%2B3Dydl%2B2S75eeZki7cdpcAUcFmaEMhNjYdlnEQv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7702f2de4b5f0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/loader-scripts/9691d6d0-d2d2-46f0-84d7-5698134e5178-loader.js HTTP/1.1 
Host: d335luupugsy2.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.245.19
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 26 Nov 2022 13:25:14 GMT
last-modified: Fri, 21 Oct 2022 13:30:59 GMT
etag: W/"42fe7ec5ef271ecfe3597b1c25238c8b"
cache-control: no-cache
x-amz-version-id: fLQ2MNTWPHD3vAPAuphOFJgJF3LqYDWp
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Y5YPWVom_J8apuhvRtpHiFx0XjvyefUlA-GR_L8Uecves-hFnj_ehQ==
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/traffic-source-cookie/stable/traffic-source-cookie.min.js HTTP/1.1 
Host: d335luupugsy2.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://campanha.protestemarketing.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.245.19
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 26 Nov 2022 13:05:24 GMT
last-modified: Thu, 17 Nov 2022 14:58:51 GMT
etag: W/"60c4a92725ecad7b22391e314ecef104"
x-amz-version-id: _DcRcF.3JZ4tSr0ScmnT0Msp3iEBkteK
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PWMf5fxVsrJM4pOU79Nb8wZiU5HC-NKMW7h90sB0BgQuxrSuwl0JUw==
age: 1191
X-Firefox-Spdy: h2


--- Additional Info ---