r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7322
Expires: Tue, 31 Jan 2023 15:16:51 GMT
Date: Tue, 31 Jan 2023 13:14:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8872
Expires: Tue, 31 Jan 2023 15:42:41 GMT
Date: Tue, 31 Jan 2023 13:14:49 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 12:43:17 GMT
content-type: application/json
age: 1892
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4256
Expires: Tue, 31 Jan 2023 14:25:45 GMT
Date: Tue, 31 Jan 2023 13:14:49 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 0ciVOugBNrHxdHIKqPBHiYYCMMMEMX1dXYpUrhjVN849PNx7yGSFtjuYDbLd0t3p8KCxCZ3j+RI=
x-amz-request-id: SGQ84BZAWABJFWEF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 12:51:10 GMT
age: 1419
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
m.bolomobi.com/c/n/200841/1913
45.56.88.170302 Found 0 B URL HTTP/1.1 m.bolomobi.com/c/n/200841/1913
IP 45.56.88.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /c/n/200841/1913 HTTP/1.1
Host: m.bolomobi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx/1.18.0
Date: Tue, 31 Jan 2023 13:14:49 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: uk=290171b862644c1e942b79cea3049907; Domain=bolomobi.com; Expires=Sun, 18-Feb-2091 16:28:56 GMT; Path=/; HttpOnly
Location: http://trk.adtera.com/path/lp.php?trvid=11255&trvx=e9855ab2&click_id=1999b10fb8b941a180a800de489b1774&aff_id=1913_
Cache-Control: no-transform
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 13:14:49 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
trk.adtera.com/path/lp.php?trvid=11255&trvx=e9855ab2&click_id=1999b10fb8b941a180a800de489b1774&aff_id=1913_
34.207.16.223302 Found 0 B URL HTTP/1.1 trk.adtera.com/path/lp.php?trvid=11255&trvx=e9855ab2&click_id=1999b10fb8b941a180a800de489b1774&aff_id=1913_
IP 34.207.16.223:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /path/lp.php?trvid=11255&trvx=e9855ab2&click_id=1999b10fb8b941a180a800de489b1774&aff_id=1913_ HTTP/1.1
Host: trk.adtera.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Tue, 31 Jan 2023 13:14:49 GMT
Server: Apache/2.4.27 (Amazon) PHP/5.6.32
X-Powered-By: PHP/5.6.32
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: THRIVE_SESS=jkhm34no837cll6a5qslcle380; expires=Wed, 01-Feb-2023 13:14:49 GMT; Max-Age=86400; path=/; domain=.trk.adtera.com
ClickId=f7j99lu815ik; expires=Thu, 02-Mar-2023 13:14:50 GMT; Max-Age=2592000; path=/; domain=.adtera.com
OfferPage=https%3A%2F%2Foffdeck.jumpmobile.com.br%2Fprouser%2Ftaplingo%2Ftim%2Fcheckout%2F%3FcampaignId%3DJump%26clickId%3Df7j99lu815ik; expires=Thu, 02-Mar-2023 13:14:50 GMT; Max-Age=2592000; path=/; domain=.adtera.com
OfferID=1479; expires=Thu, 02-Mar-2023 13:14:50 GMT; Max-Age=2592000; path=/; domain=.adtera.com
location: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=f7j99lu815ik
Content-Length: 0
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 12:49:04 GMT
age: 1546
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7523
Expires: Tue, 31 Jan 2023 15:20:13 GMT
Date: Tue, 31 Jan 2023 13:14:50 GMT
Connection: keep-alive
push.services.mozilla.com/
35.160.120.175101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.120.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DN32zO9/tZH/IylHlQvvKA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: YS+kPySjw85OQwFeZMCmmF4kBx0=
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 194392d192d9273f58f995bcb1d5ebbf
29556472d334632a07a549e4d81a290e9b2ca2c5
3f1bc7178349818a591c2f5fd84053df29ffdffe1d0e010a45619635d8ab00db
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=155738
Date: Tue, 31 Jan 2023 13:14:50 GMT
Etag: "63d8d1a4-1d7"
Expires: Thu, 02 Feb 2023 08:30:28 GMT
Last-Modified: Tue, 31 Jan 2023 08:30:28 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aNL9lKhe_W1jriYv1mCRRSWijrJov_TJ2k_fa5T6O3AjoANQzVaZFw==
offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=f7j99lu815ik
18.230.83.214302 Found 0 B URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=f7j99lu815ik
IP 18.230.83.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=f7j99lu815ik HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Tue, 31 Jan 2023 13:14:50 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: http://checkout.jumpmobile.com.br/c/usercheck?s=71EB7A86344F4A9683F8E37E878ECAC2
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
X-Firefox-Spdy: h2
checkout.jumpmobile.com.br/c/usercheck?s=71EB7A86344F4A9683F8E37E878ECAC2
15.197.162.153307 Temporary Redirect 0 B URL HTTP/1.1 checkout.jumpmobile.com.br/c/usercheck?s=71EB7A86344F4A9683F8E37E878ECAC2
IP 15.197.162.153:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/usercheck?s=71EB7A86344F4A9683F8E37E878ECAC2 HTTP/1.1
Host: checkout.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 307 Temporary Redirect
Date: Tue, 31 Jan 2023 13:14:51 GMT
Content-Length: 0
Connection: keep-alive
Location: http://www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=71EB7A86344F4A9683F8E37E878ECAC2&campaign=58&clickID=f7j99lu815ik&trafficSource=TECHFLOW&publisher=TECHFLOW
Set-Cookie: sessionId=71EB7A86344F4A9683F8E37E878ECAC2;Version=1
Server: Jetty(9.3.15.v20161220)
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3866
Expires: Tue, 31 Jan 2023 14:19:17 GMT
Date: Tue, 31 Jan 2023 13:14:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3866
Expires: Tue, 31 Jan 2023 14:19:17 GMT
Date: Tue, 31 Jan 2023 13:14:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3866
Expires: Tue, 31 Jan 2023 14:19:17 GMT
Date: Tue, 31 Jan 2023 13:14:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3866
Expires: Tue, 31 Jan 2023 14:19:17 GMT
Date: Tue, 31 Jan 2023 13:14:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3866
Expires: Tue, 31 Jan 2023 14:19:17 GMT
Date: Tue, 31 Jan 2023 13:14:51 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c4934be94898028e2ab696561b51462
6cf734e2d29938688913daacfb75506d8e004a94
239adcbb538b7a6d1483c65c7694d4a9f9fa9cadf456ab5681c4b764185e3596
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F003f28f8-6845-4b0d-8d8d-11c9deea4eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9987
x-amzn-requestid: 67109f87-6073-4991-b540-cdeedc2d7b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: flYlPF9uIAMFXMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d86e21-60ac2c7b37c72e6e54a5c69d;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 01:25:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Gif_csWkacU59D_hnOrJpK6u2aPI8Ylf2JyQEJZ2RLNMCrXSmmMa9w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 01:56:35 GMT
age: 40696
etag: "6cf734e2d29938688913daacfb75506d8e004a94"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2797bfd35b7ec24888de84be14f7f2ec
8e315ac5856967286eaa8769e081d827fb4ca39e
b99f3bd73eb4395194bc7bb6a1b801750182239e5b70f3207f99e494b60b72ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67cbd807-4e92-4ddb-a8c5-864884d25e99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11129
x-amzn-requestid: 74f2a4dd-7d5d-4839-90a8-d2e74f6d785d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffDBZGRPoAMFedg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e53b-3de444596550bb41188ada5b;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:17:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9Fga247EZZqiGmdMJ72resdBZR2KLgflGDBPESmuw9cFVs4hSzMzTw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:50:52 GMT
age: 33839
etag: "8e315ac5856967286eaa8769e081d827fb4ca39e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4a2d26da68a313cc65958fc2692351c2
798c3538f3147ca77d317676ddd1bf040bd0f93b
76ce30224803d680c0115e987a712ce5552b2760beadf796a96b17439fb20797
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10898
x-amzn-requestid: e29f8dfc-07d4-4136-afaf-e1e067eea2ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zxGshIAMFw5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-5e87d2a44722af9e4e86c3d4;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XYo_QvM8GWDyulOtUb5nVjS9PxOinaRJ3lYvCreeqd_9tHI5yv5xcQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:48:21 GMT
age: 55590
etag: "798c3538f3147ca77d317676ddd1bf040bd0f93b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c83dcdb618756ebbfeb69a8bff6d38c
5f909182ab6847690e7ebd100e3f0d2798e36192
2e29d0747fb973908228501178465ac09f6553ef8e50dd70ee617f3379eb733c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7049
x-amzn-requestid: bc6522f2-eb6b-4e59-9912-0c03d145f021
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk31LGE2IAMF8rw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839ba-67477ed1260c27f67e28043d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nD0Ji3SG6yi5fxcdQP9ylWjpT1OnVkgKH_vOgMVBQ4ksHlhjDamIAw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:49:06 GMT
age: 55545
etag: "5f909182ab6847690e7ebd100e3f0d2798e36192"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d957012d3e2b8c3bc0eefe11d66e8554
1959fdd94846fa3791c4890578dd15336b909dcc
a97e81ec5eb2eda6a603bf4bfd4fa4ef4fab762747479489e99e6c713258a736
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13853
x-amzn-requestid: ca6ea6e7-3e13-4194-87f5-20a07b813e21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zzF4hIAMFwWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-772487cb1b7495c52c552d36;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lUGjUSIkoacdmaO1jnMwIuNMONhjyVfAIcTQ3B5d5da_g9eEnCtW7g==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:48:17 GMT
age: 55594
etag: "1959fdd94846fa3791c4890578dd15336b909dcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6f9ffb8f9e99229b45ca5fdb84ce7d5
04577ad69ee9749b14382254eb5bbf0e1edcd7fa
6111acf3f363123b39d13cd3d23ab39b8c8d00379874f19231d1cd3da17c52c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37e3fb86-3315-41fd-97cb-ac82604d8869.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8558
x-amzn-requestid: 2841cd36-22e6-4ecb-b56a-bfadce3197c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffB_BFA8IAMFyvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e393-3fd03bd14de762b0738a3b0a;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R29JYq4Z8V_Xuq2no0bKxk1K6h2PmTO5OSxzMa4zppDVk3j9rO9aTw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 03:24:36 GMT
age: 35415
etag: "04577ad69ee9749b14382254eb5bbf0e1edcd7fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=71EB7A86344F4A9683F8E37E878ECAC2&campaign=58&clickID=f7j99lu815ik&trafficSource=TECHFLOW&publisher=TECHFLOW
91.241.94.8200 OK 42 kB URL HTTP/1.1 www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=71EB7A86344F4A9683F8E37E878ECAC2&campaign=58&clickID=f7j99lu815ik&trafficSource=TECHFLOW&publisher=TECHFLOW
IP 91.241.94.8:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62295)
Hash a4e3f4e0f93de9e5622f9c3545e1edef
56872ed2843435f149a766f68bb3a37dde699fb1
dad15ca16419f66f662f4431a9981aaa3794c7b99f4067faf4a1b0ae96a94243
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET /PTS/redirect?appid=14559&serviceProvider=prouser&requestId=71EB7A86344F4A9683F8E37E878ECAC2&campaign=58&clickID=f7j99lu815ik&trafficSource=TECHFLOW&publisher=TECHFLOW HTTP/1.1
Host: www.timpromos.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 13:14:51 GMT
Cache-Control: no-cache, private
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
X-Varnish: 278042234
Age: 0
Via: 1.1 varnish (Varnish/6.0)
X-Cache: MISS
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Set-Cookie: ng_session=eyJpdiI6IkxMRmNJRkdNaWw4cmsydnp4TFlWM3c9PSIsInZhbHVlIjoiVHJrWk80dmQwT3A4ZUsyOUs4QmU5SzhLNFZTdTZNTnp5UHMrS1BESWNCT0trbFJteWJxbWYzOTNoRlp0a0R1WTRSbkJMSXE2TEc4aE1HY1IvMGhHUVRTKzFmM2NWSWhOaHRjSTBCUGZGcHhrZlh6eG5kbEZkM1pIQnZmNUtzSlUiLCJtYWMiOiJmNjc1OTZmNDI4YzFiMTg2NDlmMzYxZjYzZmNmN2JlZWI5ZTU5MGVmZDdlZDIzNmQ3ZWVhYmRkMWU3N2NjMjQ0IiwidGFnIjoiIn0%3D; expires=Tue, 31-Jan-2023 19:14:51 GMT; Max-Age=21600; path=/; httponly; samesite=lax
ctxid=eyJpdiI6IjFpU1lEN1lmaE9tZlhLdnlxMVFVUXc9PSIsInZhbHVlIjoiK1pTUHFqZkNhNjd3eTZuSGdOcFFEVHpyK2ZRNUI0SWh0eVdScUR2OFl3Ty9jeVhDWEloaUxmVjZPUUc2T3hFSStlV2ZmSVp6QzZ1VW84TEF5WUhSS3AzMitQb0VNWGtEczdVa0F5WTExQU09IiwibWFjIjoiMDAzMzNmZjg4OTlkYTY3NzMzNDc1MmJkMGEyZTRiMGMyNjc0MjJkOTgxYTI3MzVlMzBjODBhZTZjYjhkMDExZSIsInRhZyI6IiJ9; expires=Fri, 28-Jan-2033 13:14:51 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
rd=deleted; expires=Mon, 31-Jan-2022 13:14:50 GMT; Max-Age=0; path=/; httponly; samesite=lax
userSessionID=eyJpdiI6Ims3YWpwMEV2c2lCcEtUaVpqL1Jnanc9PSIsInZhbHVlIjoiNFVTVzMzQ01rSkFiY1ZieGRNWXVQQms4QzB2VzEyZWVtbnNiQUxKeWFmV0s2V0VseFZNWFdkaHFjS0E4R3ZFS3hDZkR6dmV3cXBCTU9sbEZUR2xpRFNiODVFM2hnK0xKY3M2ZUptS3N3ZkE9IiwibWFjIjoiNmJiMTA2ZTUwNDNhMjUxYTZlMDNlOTgxN2ExMzA3YzYxZWNkYzQ5MjQwZTRkNDI1NjdiM2FkNzViNTY5ODE2ZiIsInRhZyI6IiJ9; expires=Tue, 31-Jan-2023 13:44:51 GMT; Max-Age=1800; path=/; httponly; samesite=lax
userPermID=eyJpdiI6IlozeGRwM0RCY3ZHRitEQ2dnSTNHR0E9PSIsInZhbHVlIjoiaFBzY2paRWpOazl6YkVMMTBvOTdBdTZBM285R0VrYnJRb3daSkI5TDZSa0s5N0lENWlGQklUaWFCdjlGY3VqOThkaCtkZTNqRXk3ZzBtSHB5Q2U0RElsd1NGZnR4SjFlY2ZFL1FFVGFTT289IiwibWFjIjoiODcxZWMwNWM3MDM2ZDUzZDFkYjliODgyOWFmMmRkNDMyZmFiZTE0YmJhYjU1M2IzNGY4MWFlMzY1YTA1ODVkMyIsInRhZyI6IiJ9; expires=Fri, 28-Jan-2033 13:14:51 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
TS01c950bd=01b02e3e89f28d8af1f1b5bd36aefa0d31c1a9e6358baeadf630eae3b2a6fc6246ceb8c24b2e40f6d09727d386fe5ee7042e9ed7a8; Path=/; Domain=.www.timpromos.com.br
Keep-Alive: timeout=5, max=1000
Connection: Keep-Alive
Transfer-Encoding: chunked
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 194392d192d9273f58f995bcb1d5ebbf
29556472d334632a07a549e4d81a290e9b2ca2c5
3f1bc7178349818a591c2f5fd84053df29ffdffe1d0e010a45619635d8ab00db
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 31 Jan 2023 13:14:52 GMT
Last-Modified: Tue, 31 Jan 2023 12:58:53 GMT
Server: ECS (dcb/7FA7)
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GO5Zzrgc6NMOksBR1pMRTvJM0gzLgkYstSYlMWXy2aye3LIes8_MBg==
Age: 959
offdeck.jumpmobile.com.br/prouser/taplingo/tim/css/
18.230.83.214200 OK 3.4 kB URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/css/
IP 18.230.83.214:0
Hash 08a77650246fbbab17f83c15713d79c9
08c4849acd7f03ceee96c95b2cdf3be577d99b37
7e28c236869355471ce54cb16993984fb1c5266ec0b479b4fa11b422b73fd0f0
GET /prouser/taplingo/tim/css/ HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 13:14:52 GMT
content-type: text/css;charset=UTF-8
content-length: 3426
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
www.timpromos.com.br/security-platform-web/web/v1/content/view/Confirmation/br_tim/AQ4z3kno5AcemJntwL6Rz6CaYVgFvUe8G1FD4FsG-tokCF-xXHBFkHLLM1Th_7DGUF5a
91.241.94.8200 51 B URL HTTP/1.1 www.timpromos.com.br/security-platform-web/web/v1/content/view/Confirmation/br_tim/AQ4z3kno5AcemJntwL6Rz6CaYVgFvUe8G1FD4FsG-tokCF-xXHBFkHLLM1Th_7DGUF5a
IP 91.241.94.8:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 49cdc214849d5ced018d230677b14076
0e75513436e6b01963759f6a88282445ff2e5b3a
7455bacb03f7ef04d79010638db14d8434cf7a349914c2ee99eb5d4220338675
GET /security-platform-web/web/v1/content/view/Confirmation/br_tim/AQ4z3kno5AcemJntwL6Rz6CaYVgFvUe8G1FD4FsG-tokCF-xXHBFkHLLM1Th_7DGUF5a HTTP/1.1
Host: www.timpromos.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=71EB7A86344F4A9683F8E37E878ECAC2&campaign=58&clickID=f7j99lu815ik&trafficSource=TECHFLOW&publisher=TECHFLOW
Cookie: ng_session=eyJpdiI6IkxMRmNJRkdNaWw4cmsydnp4TFlWM3c9PSIsInZhbHVlIjoiVHJrWk80dmQwT3A4ZUsyOUs4QmU5SzhLNFZTdTZNTnp5UHMrS1BESWNCT0trbFJteWJxbWYzOTNoRlp0a0R1WTRSbkJMSXE2TEc4aE1HY1IvMGhHUVRTKzFmM2NWSWhOaHRjSTBCUGZGcHhrZlh6eG5kbEZkM1pIQnZmNUtzSlUiLCJtYWMiOiJmNjc1OTZmNDI4YzFiMTg2NDlmMzYxZjYzZmNmN2JlZWI5ZTU5MGVmZDdlZDIzNmQ3ZWVhYmRkMWU3N2NjMjQ0IiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6IjFpU1lEN1lmaE9tZlhLdnlxMVFVUXc9PSIsInZhbHVlIjoiK1pTUHFqZkNhNjd3eTZuSGdOcFFEVHpyK2ZRNUI0SWh0eVdScUR2OFl3Ty9jeVhDWEloaUxmVjZPUUc2T3hFSStlV2ZmSVp6QzZ1VW84TEF5WUhSS3AzMitQb0VNWGtEczdVa0F5WTExQU09IiwibWFjIjoiMDAzMzNmZjg4OTlkYTY3NzMzNDc1MmJkMGEyZTRiMGMyNjc0MjJkOTgxYTI3MzVlMzBjODBhZTZjYjhkMDExZSIsInRhZyI6IiJ9; userSessionID=eyJpdiI6Ims3YWpwMEV2c2lCcEtUaVpqL1Jnanc9PSIsInZhbHVlIjoiNFVTVzMzQ01rSkFiY1ZieGRNWXVQQms4QzB2VzEyZWVtbnNiQUxKeWFmV0s2V0VseFZNWFdkaHFjS0E4R3ZFS3hDZkR6dmV3cXBCTU9sbEZUR2xpRFNiODVFM2hnK0xKY3M2ZUptS3N3ZkE9IiwibWFjIjoiNmJiMTA2ZTUwNDNhMjUxYTZlMDNlOTgxN2ExMzA3YzYxZWNkYzQ5MjQwZTRkNDI1NjdiM2FkNzViNTY5ODE2ZiIsInRhZyI6IiJ9; userPermID=eyJpdiI6IlozeGRwM0RCY3ZHRitEQ2dnSTNHR0E9PSIsInZhbHVlIjoiaFBzY2paRWpOazl6YkVMMTBvOTdBdTZBM285R0VrYnJRb3daSkI5TDZSa0s5N0lENWlGQklUaWFCdjlGY3VqOThkaCtkZTNqRXk3ZzBtSHB5Q2U0RElsd1NGZnR4SjFlY2ZFL1FFVGFTT289IiwibWFjIjoiODcxZWMwNWM3MDM2ZDUzZDFkYjliODgyOWFmMmRkNDMyZmFiZTE0YmJhYjU1M2IzNGY4MWFlMzY1YTA1ODVkMyIsInRhZyI6IiJ9; TS01c950bd=01b02e3e89f28d8af1f1b5bd36aefa0d31c1a9e6358baeadf630eae3b2a6fc6246ceb8c24b2e40f6d09727d386fe5ee7042e9ed7a8
HTTP/1.1 200
Date: Tue, 31 Jan 2023 13:14:53 GMT
Cache-Control: no-store, private
Content-Disposition: attachment; filename="pixel"
Pragma: no-cache
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 51
Keep-Alive: timeout=5, max=999
Connection: Keep-Alive
Access-Control-Allow-Origin: *
analytics-br-tim.securewebfraud.io/web/v1/content/view/Confirmation/br_tim/AQ4z3kno5AcemJntwL6Rz6CaYVgFvUe8G1FD4FsG-tokCF-xXHBFkHLLM1Th_7DGUF5a
91.220.208.18200 51 B URL HTTP/1.1 analytics-br-tim.securewebfraud.io/web/v1/content/view/Confirmation/br_tim/AQ4z3kno5AcemJntwL6Rz6CaYVgFvUe8G1FD4FsG-tokCF-xXHBFkHLLM1Th_7DGUF5a
IP 91.220.208.18:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 49cdc214849d5ced018d230677b14076
0e75513436e6b01963759f6a88282445ff2e5b3a
7455bacb03f7ef04d79010638db14d8434cf7a349914c2ee99eb5d4220338675
GET /web/v1/content/view/Confirmation/br_tim/AQ4z3kno5AcemJntwL6Rz6CaYVgFvUe8G1FD4FsG-tokCF-xXHBFkHLLM1Th_7DGUF5a HTTP/1.1
Host: analytics-br-tim.securewebfraud.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.timpromos.com.br/
HTTP/1.1 200
Date: Tue, 31 Jan 2023 13:14:53 GMT
Cache-Control: no-store, private
Content-Disposition: attachment; filename="pixel"
Pragma: no-cache
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 51
Keep-Alive: timeout=2, max=1000
Connection: Keep-Alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 13:14:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-K3HVTMM
142.250.74.40200 OK 48 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-K3HVTMM
IP 142.250.74.40:0
File type ASCII text, with very long lines (1759)
Hash b3c221ed63776ec8312646a336e1b4d6
c61832a91104510db7ed5af48ecc7863d62dbec0
7ab6d0d3c7bfe10ea8a12889eeaf32e5660d98b47c5c04999fe57ca1f102a934
GET /gtm.js?id=GTM-K3HVTMM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 31 Jan 2023 13:14:54 GMT
expires: Tue, 31 Jan 2023 13:14:54 GMT
cache-control: private, max-age=900
last-modified: Tue, 31 Jan 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 48194
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d81f874741beb45c89de8bb5c6de438e
a251ab903e654953631d84721479bbae55aa5cdf
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 13:14:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.timpromos.com.br/security-platform-web/api/v1/beacon/retrieve?secureSessionId=AQ4z3kno5AcemJntwL6Rz6CaYVgFvUe8G1FD4FsG-tokCF-xXHBFkHLLM1Th_7DGUF5a
91.241.94.8200 0 B URL HTTP/1.1 www.timpromos.com.br/security-platform-web/api/v1/beacon/retrieve?secureSessionId=AQ4z3kno5AcemJntwL6Rz6CaYVgFvUe8G1FD4FsG-tokCF-xXHBFkHLLM1Th_7DGUF5a
IP 91.241.94.8:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /security-platform-web/api/v1/beacon/retrieve?secureSessionId=AQ4z3kno5AcemJntwL6Rz6CaYVgFvUe8G1FD4FsG-tokCF-xXHBFkHLLM1Th_7DGUF5a HTTP/1.1
Host: www.timpromos.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=71EB7A86344F4A9683F8E37E878ECAC2&campaign=58&clickID=f7j99lu815ik&trafficSource=TECHFLOW&publisher=TECHFLOW
Cookie: ng_session=eyJpdiI6IkxMRmNJRkdNaWw4cmsydnp4TFlWM3c9PSIsInZhbHVlIjoiVHJrWk80dmQwT3A4ZUsyOUs4QmU5SzhLNFZTdTZNTnp5UHMrS1BESWNCT0trbFJteWJxbWYzOTNoRlp0a0R1WTRSbkJMSXE2TEc4aE1HY1IvMGhHUVRTKzFmM2NWSWhOaHRjSTBCUGZGcHhrZlh6eG5kbEZkM1pIQnZmNUtzSlUiLCJtYWMiOiJmNjc1OTZmNDI4YzFiMTg2NDlmMzYxZjYzZmNmN2JlZWI5ZTU5MGVmZDdlZDIzNmQ3ZWVhYmRkMWU3N2NjMjQ0IiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6IjFpU1lEN1lmaE9tZlhLdnlxMVFVUXc9PSIsInZhbHVlIjoiK1pTUHFqZkNhNjd3eTZuSGdOcFFEVHpyK2ZRNUI0SWh0eVdScUR2OFl3Ty9jeVhDWEloaUxmVjZPUUc2T3hFSStlV2ZmSVp6QzZ1VW84TEF5WUhSS3AzMitQb0VNWGtEczdVa0F5WTExQU09IiwibWFjIjoiMDAzMzNmZjg4OTlkYTY3NzMzNDc1MmJkMGEyZTRiMGMyNjc0MjJkOTgxYTI3MzVlMzBjODBhZTZjYjhkMDExZSIsInRhZyI6IiJ9; userSessionID=eyJpdiI6Ims3YWpwMEV2c2lCcEtUaVpqL1Jnanc9PSIsInZhbHVlIjoiNFVTVzMzQ01rSkFiY1ZieGRNWXVQQms4QzB2VzEyZWVtbnNiQUxKeWFmV0s2V0VseFZNWFdkaHFjS0E4R3ZFS3hDZkR6dmV3cXBCTU9sbEZUR2xpRFNiODVFM2hnK0xKY3M2ZUptS3N3ZkE9IiwibWFjIjoiNmJiMTA2ZTUwNDNhMjUxYTZlMDNlOTgxN2ExMzA3YzYxZWNkYzQ5MjQwZTRkNDI1NjdiM2FkNzViNTY5ODE2ZiIsInRhZyI6IiJ9; userPermID=eyJpdiI6IlozeGRwM0RCY3ZHRitEQ2dnSTNHR0E9PSIsInZhbHVlIjoiaFBzY2paRWpOazl6YkVMMTBvOTdBdTZBM285R0VrYnJRb3daSkI5TDZSa0s5N0lENWlGQklUaWFCdjlGY3VqOThkaCtkZTNqRXk3ZzBtSHB5Q2U0RElsd1NGZnR4SjFlY2ZFL1FFVGFTT289IiwibWFjIjoiODcxZWMwNWM3MDM2ZDUzZDFkYjliODgyOWFmMmRkNDMyZmFiZTE0YmJhYjU1M2IzNGY4MWFlMzY1YTA1ODVkMyIsInRhZyI6IiJ9; TS01c950bd=01b02e3e89f28d8af1f1b5bd36aefa0d31c1a9e6358baeadf630eae3b2a6fc6246ceb8c24b2e40f6d09727d386fe5ee7042e9ed7a8
HTTP/1.1 200
Date: Tue, 31 Jan 2023 13:14:53 GMT
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Keep-Alive: timeout=5, max=998
Connection: Keep-Alive
Access-Control-Allow-Origin: *
offdeck.jumpmobile.com.br/prouser/taplingo/tim/header/
18.230.83.214200 OK 234 B URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/header/
IP 18.230.83.214:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cc160afb27685807b41ec5fe29db1c08
f76fa2c371cf87fe3fc2c5c70bca7ce7018cb05a
76e4c70d262f73e9d822908a9e435ae891daf97493b53ca027ea58c2a7b56956
GET /prouser/taplingo/tim/header/ HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 13:14:54 GMT
content-type: text/html; charset=UTF-8
content-length: 234
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
x-frame-options: allow-from http://auth3.tim.com.br/
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/bg.png
18.230.83.214200 OK 6.3 kB URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/bg.png
IP 18.230.83.214:0
File type PNG image data, 395 x 698, 8-bit/color RGBA, non-interlaced\012- data
Hash 98a6b2fed5d4c43b68d84d3d42f84f7e
3974191efeeace9ca2937d465a6af3e8f95121dd
bf991152257a91ba3a9fb0319d5b580148369650310e938b9c5a2bfb6bf31fac
GET /prouser/taplingo/tim/images/bg.png HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/css/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 13:14:54 GMT
content-type: image/png
content-length: 6332
server: Apache/2.4.38 (Debian)
last-modified: Sat, 19 Mar 2022 00:28:49 GMT
etag: "18bc-5da8758cfb240"
accept-ranges: bytes
X-Firefox-Spdy: h2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/footer/
18.230.83.214200 OK 357 B URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/footer/
IP 18.230.83.214:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 860dbd50a412d73e09a685597cc23459
c18867fd61ed6c526f8a14a22f9f297b9b9e5515
aa358b227501939cf749bf56e4566f49499b5f13e4e4438e2c678df1e051a1cc
GET /prouser/taplingo/tim/footer/ HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 13:14:54 GMT
content-type: text/html; charset=UTF-8
content-length: 357
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
x-frame-options: allow-from http://auth3.tim.com.br/
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 31 Jan 2023 11:46:59 GMT
expires: Tue, 31 Jan 2023 13:46:59 GMT
cache-control: public, max-age=7200
age: 5275
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 69ffc0a3f7ca2b025a6b99f9c38889be
1b436bda66cd246a1024f8c3d8e91e3aeef31eaa
9aaaf6c2a570c6a73a623f4fdfb0e1dfd5f16f086ae5d9c8d5b2403b0d016e4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 13:14:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-145115646-58&cid=67399741.1675170911&jid=1042638011&gjid=799718294&_gid=1380670125.1675170911&_u=YGBAgEABAAAAAEAAI~&z=349202851
173.194.73.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-145115646-58&cid=67399741.1675170911&jid=1042638011&gjid=799718294&_gid=1380670125.1675170911&_u=YGBAgEABAAAAAEAAI~&z=349202851
IP 173.194.73.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-145115646-58&cid=67399741.1675170911&jid=1042638011&gjid=799718294&_gid=1380670125.1675170911&_u=YGBAgEABAAAAAEAAI~&z=349202851 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.timpromos.com.br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://www.timpromos.com.br
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 31 Jan 2023 13:14:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 69ffc0a3f7ca2b025a6b99f9c38889be
1b436bda66cd246a1024f8c3d8e91e3aeef31eaa
9aaaf6c2a570c6a73a623f4fdfb0e1dfd5f16f086ae5d9c8d5b2403b0d016e4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 13:14:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 73d6f94eec5f7bf78dc11951011af215
2d7941713a82a83c174bf782b618a6f86a8ab2d7
9de1920abadb3501bcf9f787608807f13a266efea69f12fc811bc7cac14a3552
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 13:14:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 2ac1bcdceabf1fc4e07017906aa8a815
ba00b737325fc50b35af8d851ced0fe13d1cba22
c6c54f5dbbfc40b454b9c67a7972827f500d83b10a1594f7cb56c69158278c08
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 13:14:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=67399741.1675170911&jid=1042638011&_u=YGBAgEABAAAAAEAAI~&z=830839001
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=67399741.1675170911&jid=1042638011&_u=YGBAgEABAAAAAEAAI~&z=830839001
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=67399741.1675170911&jid=1042638011&_u=YGBAgEABAAAAAEAAI~&z=830839001 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 13:14:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=67399741.1675170911&jid=1042638011&_u=YGBAgEABAAAAAEAAI~&z=830839001
142.250.74.132200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=67399741.1675170911&jid=1042638011&_u=YGBAgEABAAAAAEAAI~&z=830839001
IP 142.250.74.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=67399741.1675170911&jid=1042638011&_u=YGBAgEABAAAAAEAAI~&z=830839001 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 31 Jan 2023 13:14:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/header.png
18.230.83.214200 OK 44 kB URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/header.png
IP 18.230.83.214:0
File type PNG image data, 371 x 271, 8-bit/color RGBA, non-interlaced\012- data
Hash fbfc13255d88a6dc8f97c851256cf6a2
0b9ee7207a0f23b72d09efebbe0da2cc8ad1375b
a30dba0eedff8c59660e537579869c711d63fe002dd2649ac9fcb4bb55ae1b02
GET /prouser/taplingo/tim/images/header.png HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/header/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 13:14:54 GMT
content-type: image/png
content-length: 43907
server: Apache/2.4.38 (Debian)
last-modified: Sat, 19 Mar 2022 00:28:49 GMT
etag: "ab83-5da8758cfb240"
accept-ranges: bytes
X-Firefox-Spdy: h2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/footer.png
18.230.83.214200 OK 9.2 kB URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/footer.png
IP 18.230.83.214:0
File type PNG image data, 395 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash ee016d74f31893d53abe00745a623884
22156ecac466c0042b2c0274338d3b7ac5c41328
b5ce00dc7f8a7fc2d0caaf2836b9380741baa74cf28abfe46d130bfe918c40e5
GET /prouser/taplingo/tim/images/footer.png HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/footer/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 31 Jan 2023 13:14:54 GMT
content-type: image/png
content-length: 9159
server: Apache/2.4.38 (Debian)
last-modified: Sat, 19 Mar 2022 00:28:49 GMT
etag: "23c7-5da8758cfb240"
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 73d6f94eec5f7bf78dc11951011af215
2d7941713a82a83c174bf782b618a6f86a8ab2d7
9de1920abadb3501bcf9f787608807f13a266efea69f12fc811bc7cac14a3552
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 13:14:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a5ff07b9b81cdf319f4a57d8d6dbbd6d
736ae15d0ed2068580d35a7cff8b33c0ec87af52
24406eda914ef8f78e1f60d6b54237ea6311f2fdf54b2b63647d84b397b41de0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 31 Jan 2023 13:14:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
auth3.tim.com.br/OTP/css/TIM-Login-styles-sheet.css
45.60.65.22200 OK 0 B URL HTTP/2 auth3.tim.com.br/OTP/css/TIM-Login-styles-sheet.css
IP 45.60.65.22:0
GET /OTP/css/TIM-Login-styles-sheet.css HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 31 Jan 2023 13:14:53 GMT
server: Apache
last-modified: Thu, 04 May 2017 03:57:51 GMT
etag: "428b8-539a-54eaac6d7edc0"
accept-ranges: bytes
content-type: text/css
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91ff6o20101; expires=Tue, 31-Jan-2023 14:14:53 GMT; path=/; Httponly; Secure
visid_incap_2787765=HKrxG5lVSE+I8syz8rlozUsU2WMAAAAAQUIPAAAAAADSGLPHaVsjLXs/RdDipGrS; expires=Tue, 30 Jan 2024 22:53:42 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_720_2787765=g35pN0E8QRcQyF1MCvX9CUwU2WMAAAAAsvWu7lLV1YBMFYKnkr9UmA==; path=/; Domain=.tim.com.br
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 1-1911213-1911215 NNYN CT(234 701 0) RT(1675170891388 18) q(0 0 9 0) r(11 11) U5
X-Firefox-Spdy: h2