Report - checkout.jumpmobile.com.br/c/usercheck?s=A9367429139042268245D2103B26B49D

Report Overview

Submitted URL
checkout.jumpmobile.com.br/c/usercheck?s=A9367429139042268245D2103B26B49D
IP
15.197.162.153
ASN
#16509 AMAZON-02
Submitted
2023-02-09 12:15:09
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
3
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.77.32
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.7 kB	5.6 kB	142.250.74.163
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	385 B	50 kB	142.250.74.168
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	522 B	578 B	142.250.74.35
region1.google-analytics.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:09:18Z	852 B	450 B	216.239.32.36
auth3.tim.com.br	418444	2017-02-22T20:54:50Z	2023-03-13T10:14:59Z	404 B	751 B	45.60.65.22
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
ocsp.r2m01.amazontrust.com	unknown	2022-10-12T22:43:53Z	2023-03-13T08:10:39Z	350 B	983 B	54.230.80.227
checkout.jumpmobile.com.br	unknown	2022-07-20T06:09:44Z	2023-03-12T02:51:55Z	404 B	418 B	15.197.162.153
www.timpromos.com.br	140429	2016-06-28T13:11:23Z	2023-03-12T10:40:46Z	4.6 kB	46 kB	91.241.94.8
analytics-br-tim.securewebfraud.io	unknown	2022-06-26T04:48:09Z	2023-03-12T10:40:49Z	423 B	330 B	91.220.208.18
www.google.com	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	523 B	578 B	142.250.74.164
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.149.117.124
offdeck.jumpmobile.com.br	710628	2022-07-20T06:09:46Z	2023-03-12T02:51:43Z	2.9 kB	65 kB	177.71.241.165
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	66 kB	34.120.237.76
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	376 B	21 kB	142.250.74.46
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	616 B	598 B	64.233.164.154

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-09 12:15:58	low	91.241.94.8	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-02-09 12:15:58	low	91.241.94.8	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-02-09 12:15:58	low	91.241.94.8	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW	75 B	2023-03-07	2024-04-21
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:38 Last Seen2024-04-21 21:46:29 Times Seen653 Hash 219540904c0178c788f7876c475cf695 34be8b20e8abc01ba107bb54f70c2319511043b7 328ca9901193cec5051c6c7fe1404faf85e4ce1cfed2d9bb7bc429a8573d90ca Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW	548 B	2023-03-13	2023-05-31
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 05:02:14 Last Seen2023-05-31 03:29:52 Times Seen27 Hash 73446065541f7540f8ca4167db1149e8 8734d0798ff8584f9ffd9c945b34ba8eb63750fb 651c457b4c466537d4806340408614416a31376f2014b81531cc0cf8c0c594b3 Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW	1.3 kB	2023-03-07	2024-04-21
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:38 Last Seen2024-04-21 21:46:29 Times Seen646 Hash 32107fcc1984fa62bea9d7dbbf932c08 ea6c30a9630a580a1656fb7360431afaf7bd9416 984649f7580993dc5ffefe351760e74f630f271d6593c7dde254f044a5fd4380 Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW	910 B	2023-03-07	2023-10-21
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:38 Last Seen2023-10-21 04:16:40 Times Seen242 Hash f68c373e37316f35bea482bd64481d75 6f1aef952c8b7e8d3899bffb83002c3c9b8aa7dc 78f68ab1a0e2c3cd5717ecb6f5a4e7d80575abb13e661b72b4ed360af988187e Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW	56 B	2023-03-07	2024-04-21
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:38 Last Seen2024-04-21 21:46:29 Times Seen324 Hash e633aa08ae12366911d8e26c62df0ac7 a16f61cc6d9dbd371d1111eaff9b8e9ab3532ad7 4d9920d1b0a027e9d1e7994912dede5626a56cef010170b15fb45edc85f882ed Loading...

	www.googletagmanager.com/gtm.js?id=GTM-K3HVTMM	130 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-K3HVTMM IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:28:50 Last Seen2023-03-13 20:28:50 Times Seen1 Hash 446773a102b73d2ccbb3631e4166bcd2 ace35c80416698e097833db84442830df4c9bb65 31a4682fff0e8b1e459d7aa9240b6ce626cf2f733e323a9c09b0f1227104432d Loading...

	www.googletagmanager.com/gtag/js?id=G-Z2QSK4XKQP&l=dataLayer&cx=c	226 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-Z2QSK4XKQP&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:28:50 Last Seen2023-03-13 20:28:50 Times Seen1 Hash 4ebc57aee31d4712db8bdccce3435240 426c0f0ba8d7ea1f64d49a9cefdf2e3f5b6e685d 1cf35bd51211799b2b23acca2fd0802e49f775d4f0514fc1a0118e9dfa4cb53b Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW	130 kB	2023-03-13	2023-03-13
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:28:50 Last Seen2023-03-13 20:28:50 Times Seen1 Hash 4bab7e5dc3c026ebfe05c1a059c66391 b69c41d543b2c9032e7490ae7d5590f7159cf4b3 3ba5eb2fb2bc601cc1aa48a9ae708e57d92a6fbbdfd5f660de154ac1cc00e881 Loading...

	www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW	181 B	2023-03-13	2023-05-31
Pretty URL www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW IP 91.241.94.8 ASN #49582 Upstream Telecommunications And Software Systems S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 05:02:14 Last Seen2023-05-31 03:29:52 Times Seen27 Hash 29011aeeaa73cfed05b716cfce5cdbcb 94aec08bae001d90698e46a9ce862722e0caf44a d77edfd12db899c0adbcdd45a869951c54a88babc16a8ae67d443c32f34d6c5e Loading...

	www.googletagmanager.com/gtag/destination?id=G-Z2QSK4XKQP&l=dataLayer&cx=c	226 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/destination?id=G-Z2QSK4XKQP&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:28:50 Last Seen2023-03-13 20:28:50 Times Seen1 Hash 95ecbe4b4a58f6a900245314259b89ab 1e08d768d669797c2f413a58e64a1cb470eefe1b 1fd0b6a33ac5c9f9a0816a90355d9d30a7bca2da9c51e85576f6e41b418f775b Loading...

HTTP Transactions (46)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5931
Expires: Thu, 09 Feb 2023 13:53:49 GMT
Date: Thu, 09 Feb 2023 12:14:58 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7823
Expires: Thu, 09 Feb 2023 14:25:21 GMT
Date: Thu, 09 Feb 2023 12:14:58 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 11:34:15 GMT
content-type: application/json
age: 2443
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3218
Expires: Thu, 09 Feb 2023 13:08:36 GMT
Date: Thu, 09 Feb 2023 12:14:58 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: G4oR/b7MIKCnRBpC2ZEBZjI6fY14ywFicltjzU7lSLqaCNrVS1rCCD3AZIDn2KWHe46kQ0W82NfSfJiN9RR48Q==
x-amz-request-id: HVXQ6E65K995D6QM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 11:36:21 GMT
age: 2317
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

checkout.jumpmobile.com.br/c/usercheck?s=A9367429139042268245D2103B26B49D

15.197.162.153

307 Temporary Redirect

0 B

URL HTTP/1.1
checkout.jumpmobile.com.br/c/usercheck?s=A9367429139042268245D2103B26B49D
IP
15.197.162.153:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/usercheck?s=A9367429139042268245D2103B26B49D HTTP/1.1
Host: checkout.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 307 Temporary Redirect
Date: Thu, 09 Feb 2023 12:14:58 GMT
Content-Length: 0
Connection: keep-alive
Location: http://www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW
Set-Cookie: sessionId=A9367429139042268245D2103B26B49D;Version=1
Server: Jetty(9.3.15.v20161220)

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 12:14:58 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 12:14:53 GMT
age: 5
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5133
Expires: Thu, 09 Feb 2023 13:40:32 GMT
Date: Thu, 09 Feb 2023 12:14:59 GMT
Connection: keep-alive

www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW

91.241.94.8

200 OK

43 kB

URL HTTP/1.1
www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW
IP
91.241.94.8:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62279)
Size
43 kB (42994 bytes)
Hash
52dc587efd1c8da02ae60550a516efdd
e18715f95c42441d0fe0e965c3f1f7dc43415b18
9a3a8882034ba56539d8c80d8be2ba2c60867b993a472f9fe77981932cfb53af

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW HTTP/1.1
Host: www.timpromos.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 12:14:58 GMT
Cache-Control: no-cache, private
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
X-Varnish: 312555000
Age: 0
Via: 1.1 varnish (Varnish/6.0)
X-Cache: MISS
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Set-Cookie: ng_session=eyJpdiI6InNjeWJwR0FqQmxraE9sRmxJeEY5SUE9PSIsInZhbHVlIjoicjNwMk02UjhGdTZRSVl2Y3dMa0R1UHVUN1VwTzRoaVc2TXRaMGZHa0tDWE93Znh1bGRnRUNUVmtXd1lmVXRYc3JhaDlQZDZreXpKNGZxZDhuQlVwZC9jZ3ppUjErV1VUWHVvMWx1SjNLZ3A5VVQzWFFZdVcyR0pkVmZaMC9BcDgiLCJtYWMiOiI0YzY4ZDQ5YTQ0NzhlNDNmMjg2N2RhZmQ5MGU4OWM4MDMyZjVjYWNjNjYzMmQxYjU0YTdlNjQ2MDE5ZTc1YmY1IiwidGFnIjoiIn0%3D; expires=Thu, 09-Feb-2023 18:14:59 GMT; Max-Age=21600; path=/; httponly; samesite=lax
ctxid=eyJpdiI6InAxMEZYYlNCNXVUd0pQYklmYmZMNnc9PSIsInZhbHVlIjoiUmZiNUJ5Y294Y2ZsNnRXa0VPQ2RmbGxlT3QzWi9LNXJsbS95MWtWcVhTd2ZNa2Rpa2lYYjV6Uyt6dEdSelBTM2tWSFhkYlpFODR5ZTR1bzFSQXJJT25JVGIrTU9mNXdFa2F0akdzL1h0Wnc9IiwibWFjIjoiYjAwMDYzYjVmMWI0YmZmOGQwMjM1OWZjMDM4Yjk3NGJjN2NjYTlhNmE2ZTRmMDJiZTlkMDJkMmYwODczOWIzMCIsInRhZyI6IiJ9; expires=Sun, 06-Feb-2033 12:14:58 GMT; Max-Age=315359999; path=/; httponly; samesite=lax
rd=deleted; expires=Wed, 09-Feb-2022 12:14:58 GMT; Max-Age=0; path=/; httponly; samesite=lax
userSessionID=eyJpdiI6IlROSEU2Y0xickFNb2RtRWdoVzhmU1E9PSIsInZhbHVlIjoiZWc1TzNnSzVFa3BsVDQ0akZrM2Zmc1gzK1kxT3JHMzd5Z2tUczFJbHRadVZKUDhPbjU3a0txbWtySVA1OEhlbVZEVXhGS1A0cjFWR21TZlJ5TkxuZHVNRUIwM1ZPSWdxMGxLTlczQW93MFk9IiwibWFjIjoiZGYwZWU4MGNiYzQ3OTRlOWYyNWE3NWViOGUzZGZiYmNkYmUxNjEyODgxMDJmMzNhZjdlYmIyZjczZTc5NTVjNCIsInRhZyI6IiJ9; expires=Thu, 09-Feb-2023 12:44:58 GMT; Max-Age=1799; path=/; httponly; samesite=lax
userPermID=eyJpdiI6Im5lVmVNOUF1WHJ6d0tRWGNUQThUVkE9PSIsInZhbHVlIjoiZlk4WGIvNWw1YWI0VU1MdmFJbDJIWGZLalhENXRRcjkzSmcyMGVQaEVKaW5tbU5QcFJKL3gyd0dpcHptbmZPbUxKZ3BObHliRGJKdlhPVVVmb1kwY2FYV2FiREFLS0JJbW5TSFFuOVdmVGM9IiwibWFjIjoiYzY1ZGM5MDNiZjhhMjIzMzczOWNkNTM2MDRhYTEzM2EwMGI1MzllMGY2ZTk4NjNjODVjMTk1Njk1ODQ5ZmY1ZCIsInRhZyI6IiJ9; expires=Sun, 06-Feb-2033 12:14:58 GMT; Max-Age=315359999; path=/; httponly; samesite=lax
TS01c950bd=01b02e3e8942438b145ad230d479630861e4b41e127174c9739f23068b344113f2c72a3036776fa1d6a353be744685d87a20141253; Path=/; Domain=.www.timpromos.com.br
Keep-Alive: timeout=5, max=1000
Connection: Keep-Alive
Transfer-Encoding: chunked

push.services.mozilla.com/

54.149.117.124

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.117.124:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: V2aD5syDVRsomYEj+oNfew==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: oKqTq8wXKxSNs3RNSpieOfcnOMk=

ocsp.r2m01.amazontrust.com/

54.230.80.227

200 OK

471 B

URL HTTP/1.1
ocsp.r2m01.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
b3251869327b8ca40d1f81c9073992cb
91843524eaaa62a5ef6f18096ca522a62815065b
553ee1bdfc5e6c4cb5e4014e2d3bcca6830dd7c1e6ebd75e3cf87cabdd832b93

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=97450
Date: Thu, 09 Feb 2023 12:14:59 GMT
Etag: "63e3bd6d-1d7"
Expires: Fri, 10 Feb 2023 15:19:09 GMT
Last-Modified: Wed, 08 Feb 2023 15:19:09 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: edqGaDMe0UYfOGrAxoiZBtSviqfLUdvVBU2E1pyvQixkm_jp5q1F2g==

offdeck.jumpmobile.com.br/prouser/taplingo/tim/css/

177.71.241.165

200 OK

3.4 kB

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/css/
IP
177.71.241.165:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
3.4 kB (3426 bytes)
Hash
08a77650246fbbab17f83c15713d79c9
08c4849acd7f03ceee96c95b2cdf3be577d99b37
7e28c236869355471ce54cb16993984fb1c5266ec0b479b4fa11b422b73fd0f0

HTTP Headers

GET /prouser/taplingo/tim/css/ HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 09 Feb 2023 12:15:00 GMT
content-type: text/css;charset=UTF-8
content-length: 3426
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6546
Expires: Thu, 09 Feb 2023 14:04:06 GMT
Date: Thu, 09 Feb 2023 12:15:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6546
Expires: Thu, 09 Feb 2023 14:04:06 GMT
Date: Thu, 09 Feb 2023 12:15:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6546
Expires: Thu, 09 Feb 2023 14:04:06 GMT
Date: Thu, 09 Feb 2023 12:15:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6546
Expires: Thu, 09 Feb 2023 14:04:06 GMT
Date: Thu, 09 Feb 2023 12:15:00 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg

34.120.237.76

200 OK

15 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
15 kB (15019 bytes)
Hash
95081172f8e19d19921acc802488e019
8531c150cb11de44361a95624b11cf46b9e0ba02
7a2d8f012c7d590f3f39ad834d4f3f9fb729143b7395bc588bd608b5bdee039b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15019
x-amzn-requestid: 574e3e2c-2fbe-4215-9500-021147338832
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f583LHiioAMFqkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a82d-4f12aac524c39f822ca4f422;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _3jIo3Giw3zmTmnSkJArAllT6uigN7EEzLPfkGpd6168_mSdqdk_Cg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 12:41:28 GMT
age: 84812
etag: "8531c150cb11de44361a95624b11cf46b9e0ba02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11760 bytes)
Hash
9203cfb9f0c1c958dd008eac55a9d3c4
6bdd1047590dd3fb54c15d5d6d38e7c86274b203
09770229be5ff3037708543e3204c66de84253b3a858a83a0e1672a04c0e9cb1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11760
x-amzn-requestid: b2863a01-4714-4554-a478-5402467b3448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKHc_oAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-1c5a3edf37bc7cc937c800d2;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y-1zzLzVegi0T-SAyTpUuFD6iVVYbuL5u71dc74BY2l7PrxVu-am5w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
etag: "6bdd1047590dd3fb54c15d5d6d38e7c86274b203"
content-type: image/jpeg
age: 52823
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe40cbcc3-f3e1-4c53-87ef-2b07e5039a1c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6061 bytes)
Hash
ea55fd1053c19123cb789a7d14479ccc
45fb06a6feeceff6a06c8c3f37e259ddf6e09820
393290f5ec8379a09da72b2554c30023b688489ffda79f5edfe6f114250ee4c7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe40cbcc3-f3e1-4c53-87ef-2b07e5039a1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6061
x-amzn-requestid: cf552847-17d0-4820-9711-3fb129090686
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f8xbCG8jIAMF7Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e1c913-0f2af41d6063340d483c3a55;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 03:44:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3WFg806rwKxFrS_8AcUHawHWXa5ED-6AOEZPlp1R2_Sm7Owm1x_jMg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 05:14:13 GMT
age: 25247
etag: "45fb06a6feeceff6a06c8c3f37e259ddf6e09820"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.0 kB (3014 bytes)
Hash
28ae39b238f62d6c0aee7bb16ff863d5
3c2247e40747c3ca72dd7877facee9a9fecf0f59
c530ba92455ea45e14410f497d2df04cc1321e2937cc7e81aa75f4fc14206a7c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3014
x-amzn-requestid: bec40915-584b-48fc-94c2-293e96567474
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKGrGoAMFelg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-2250ff00772341353151dd34;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmJxNCnPKUD5O4HCWIjqeVaanXL50KZ60Xu1iOC6bisRBDJNkVXvww==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
etag: "3c2247e40747c3ca72dd7877facee9a9fecf0f59"
content-type: image/jpeg
age: 52823
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ec996f6-8867-41f0-9850-ad04d05e22e6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10472 bytes)
Hash
464812429ec9f5c766def4ac26e86e4f
170a5d6fcaa69c78896ed8a37442a27c6309c09a
1248df6127626b254420b6ddabba6fba12066c9b7f314386c25ac51781f59060

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ec996f6-8867-41f0-9850-ad04d05e22e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10472
x-amzn-requestid: 6948a391-6553-40ec-8373-4c3b5c95c7e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ACoE9EgaoAMFRFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e42085-275d22cb2435af874715be99;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 22:21:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rj8wiiICVx4rJ0-InAUgGVx5E6VrRDV9MndpdsDgwnQJw_I2Up_XmA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 09:12:10 GMT
age: 10970
etag: "170a5d6fcaa69c78896ed8a37442a27c6309c09a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12811 bytes)
Hash
bb7c8b758fe17f6c06ce2bebb5008495
032d747cf20951f6ca6fd51489fefd7c09c4948d
835d89e028ec4c85a845f2835cb5eddb9653937f6736e2713b671419474608ed

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12811
x-amzn-requestid: be33f9ef-31cb-4572-9f22-0a433423e195
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChzZFiWIAMFgmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4167b-70ed2a756b8da4372ccc1f83;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:39:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JpeDqbyAp9qLkVVqTKxmVy96vqBfyK4-GDiWdgkAjQlUN4Fu160VLA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:45:55 GMT
etag: "032d747cf20951f6ca6fd51489fefd7c09c4948d"
content-type: image/jpeg
age: 52145
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

analytics-br-tim.securewebfraud.io/web/v1/content/view/Confirmation/br_tim/AQ4z3kk-FzgvjsoGQoFp0Op5pHtDG4V5boAkRN7G_nDYJ4c7xTlQIP6oSnWT1bGCrQVh

91.220.208.18

200

51 B

URL HTTP/1.1
analytics-br-tim.securewebfraud.io/web/v1/content/view/Confirmation/br_tim/AQ4z3kk-FzgvjsoGQoFp0Op5pHtDG4V5boAkRN7G_nDYJ4c7xTlQIP6oSnWT1bGCrQVh
IP
91.220.208.18:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
51 B (51 bytes)
Hash
49cdc214849d5ced018d230677b14076
0e75513436e6b01963759f6a88282445ff2e5b3a
7455bacb03f7ef04d79010638db14d8434cf7a349914c2ee99eb5d4220338675

HTTP Headers

GET /web/v1/content/view/Confirmation/br_tim/AQ4z3kk-FzgvjsoGQoFp0Op5pHtDG4V5boAkRN7G_nDYJ4c7xTlQIP6oSnWT1bGCrQVh HTTP/1.1
Host: analytics-br-tim.securewebfraud.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.timpromos.com.br/

HTTP/1.1 200 
Date: Thu, 09 Feb 2023 12:15:00 GMT
Cache-Control: no-store, private
Content-Disposition: attachment; filename="pixel"
Pragma: no-cache
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 51
Keep-Alive: timeout=2, max=1000
Connection: Keep-Alive

www.timpromos.com.br/security-platform-web/web/v1/content/view/Confirmation/br_tim/AQ4z3kk-FzgvjsoGQoFp0Op5pHtDG4V5boAkRN7G_nDYJ4c7xTlQIP6oSnWT1bGCrQVh

91.241.94.8

200

51 B

URL HTTP/1.1
www.timpromos.com.br/security-platform-web/web/v1/content/view/Confirmation/br_tim/AQ4z3kk-FzgvjsoGQoFp0Op5pHtDG4V5boAkRN7G_nDYJ4c7xTlQIP6oSnWT1bGCrQVh
IP
91.241.94.8:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
51 B (51 bytes)
Hash
49cdc214849d5ced018d230677b14076
0e75513436e6b01963759f6a88282445ff2e5b3a
7455bacb03f7ef04d79010638db14d8434cf7a349914c2ee99eb5d4220338675

HTTP Headers

GET /security-platform-web/web/v1/content/view/Confirmation/br_tim/AQ4z3kk-FzgvjsoGQoFp0Op5pHtDG4V5boAkRN7G_nDYJ4c7xTlQIP6oSnWT1bGCrQVh HTTP/1.1
Host: www.timpromos.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW
Cookie: ng_session=eyJpdiI6InNjeWJwR0FqQmxraE9sRmxJeEY5SUE9PSIsInZhbHVlIjoicjNwMk02UjhGdTZRSVl2Y3dMa0R1UHVUN1VwTzRoaVc2TXRaMGZHa0tDWE93Znh1bGRnRUNUVmtXd1lmVXRYc3JhaDlQZDZreXpKNGZxZDhuQlVwZC9jZ3ppUjErV1VUWHVvMWx1SjNLZ3A5VVQzWFFZdVcyR0pkVmZaMC9BcDgiLCJtYWMiOiI0YzY4ZDQ5YTQ0NzhlNDNmMjg2N2RhZmQ5MGU4OWM4MDMyZjVjYWNjNjYzMmQxYjU0YTdlNjQ2MDE5ZTc1YmY1IiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6InAxMEZYYlNCNXVUd0pQYklmYmZMNnc9PSIsInZhbHVlIjoiUmZiNUJ5Y294Y2ZsNnRXa0VPQ2RmbGxlT3QzWi9LNXJsbS95MWtWcVhTd2ZNa2Rpa2lYYjV6Uyt6dEdSelBTM2tWSFhkYlpFODR5ZTR1bzFSQXJJT25JVGIrTU9mNXdFa2F0akdzL1h0Wnc9IiwibWFjIjoiYjAwMDYzYjVmMWI0YmZmOGQwMjM1OWZjMDM4Yjk3NGJjN2NjYTlhNmE2ZTRmMDJiZTlkMDJkMmYwODczOWIzMCIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IlROSEU2Y0xickFNb2RtRWdoVzhmU1E9PSIsInZhbHVlIjoiZWc1TzNnSzVFa3BsVDQ0akZrM2Zmc1gzK1kxT3JHMzd5Z2tUczFJbHRadVZKUDhPbjU3a0txbWtySVA1OEhlbVZEVXhGS1A0cjFWR21TZlJ5TkxuZHVNRUIwM1ZPSWdxMGxLTlczQW93MFk9IiwibWFjIjoiZGYwZWU4MGNiYzQ3OTRlOWYyNWE3NWViOGUzZGZiYmNkYmUxNjEyODgxMDJmMzNhZjdlYmIyZjczZTc5NTVjNCIsInRhZyI6IiJ9; userPermID=eyJpdiI6Im5lVmVNOUF1WHJ6d0tRWGNUQThUVkE9PSIsInZhbHVlIjoiZlk4WGIvNWw1YWI0VU1MdmFJbDJIWGZLalhENXRRcjkzSmcyMGVQaEVKaW5tbU5QcFJKL3gyd0dpcHptbmZPbUxKZ3BObHliRGJKdlhPVVVmb1kwY2FYV2FiREFLS0JJbW5TSFFuOVdmVGM9IiwibWFjIjoiYzY1ZGM5MDNiZjhhMjIzMzczOWNkNTM2MDRhYTEzM2EwMGI1MzllMGY2ZTk4NjNjODVjMTk1Njk1ODQ5ZmY1ZCIsInRhZyI6IiJ9; TS01c950bd=01b02e3e8942438b145ad230d479630861e4b41e127174c9739f23068b344113f2c72a3036776fa1d6a353be744685d87a20141253

HTTP/1.1 200 
Date: Thu, 09 Feb 2023 12:15:00 GMT
Cache-Control: no-store, private
Content-Disposition: attachment; filename="pixel"
Pragma: no-cache
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 51
Keep-Alive: timeout=5, max=999
Connection: Keep-Alive
Access-Control-Allow-Origin: *

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 12:15:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-K3HVTMM

142.250.74.168

200 OK

50 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-K3HVTMM
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1942)
Size
50 kB (49802 bytes)
Hash
c29e33a18956be81d420381349536cd8
c161763541cc2d106602ca840415cb13d2ae79f6
4c516ac9c44ba89ea8da95763c8d5d8ac1a1b6b1cbebbd2c2398725ad73af456

HTTP Headers

GET /gtm.js?id=GTM-K3HVTMM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Feb 2023 12:15:01 GMT
expires: Thu, 09 Feb 2023 12:15:01 GMT
cache-control: private, max-age=900
last-modified: Thu, 09 Feb 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 49802
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 12:15:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

offdeck.jumpmobile.com.br/prouser/taplingo/tim/header/

177.71.241.165

200 OK

234 B

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/header/
IP
177.71.241.165:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
234 B (234 bytes)
Hash
cc160afb27685807b41ec5fe29db1c08
f76fa2c371cf87fe3fc2c5c70bca7ce7018cb05a
76e4c70d262f73e9d822908a9e435ae891daf97493b53ca027ea58c2a7b56956

HTTP Headers

GET /prouser/taplingo/tim/header/ HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 09 Feb 2023 12:15:01 GMT
content-type: text/html; charset=UTF-8
content-length: 234
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
x-frame-options: allow-from http://auth3.tim.com.br/
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/bg.png

177.71.241.165

200 OK

6.3 kB

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/bg.png
IP
177.71.241.165:0
ASN
#16509 AMAZON-02

File type
PNG image data, 395 x 698, 8-bit/color RGBA, non-interlaced\012- data
Size
6.3 kB (6332 bytes)
Hash
98a6b2fed5d4c43b68d84d3d42f84f7e
3974191efeeace9ca2937d465a6af3e8f95121dd
bf991152257a91ba3a9fb0319d5b580148369650310e938b9c5a2bfb6bf31fac

HTTP Headers

GET /prouser/taplingo/tim/images/bg.png HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/css/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 09 Feb 2023 12:15:01 GMT
content-type: image/png
content-length: 6332
server: Apache/2.4.38 (Debian)
last-modified: Sat, 19 Mar 2022 00:28:49 GMT
etag: "18bc-5da8758cfb240"
accept-ranges: bytes
X-Firefox-Spdy: h2

www.timpromos.com.br/security-platform-web/api/v1/beacon/retrieve?secureSessionId=AQ4z3kk-FzgvjsoGQoFp0Op5pHtDG4V5boAkRN7G_nDYJ4c7xTlQIP6oSnWT1bGCrQVh

91.241.94.8

200

0 B

URL HTTP/1.1
www.timpromos.com.br/security-platform-web/api/v1/beacon/retrieve?secureSessionId=AQ4z3kk-FzgvjsoGQoFp0Op5pHtDG4V5boAkRN7G_nDYJ4c7xTlQIP6oSnWT1bGCrQVh
IP
91.241.94.8:0
ASN
#49582 Upstream Telecommunications And Software Systems S.A.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /security-platform-web/api/v1/beacon/retrieve?secureSessionId=AQ4z3kk-FzgvjsoGQoFp0Op5pHtDG4V5boAkRN7G_nDYJ4c7xTlQIP6oSnWT1bGCrQVh HTTP/1.1
Host: www.timpromos.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=A9367429139042268245D2103B26B49D&campaign=58&clickID=2p34458f14ik&trafficSource=TECHFLOW&publisher=TECHFLOW
Cookie: ng_session=eyJpdiI6InNjeWJwR0FqQmxraE9sRmxJeEY5SUE9PSIsInZhbHVlIjoicjNwMk02UjhGdTZRSVl2Y3dMa0R1UHVUN1VwTzRoaVc2TXRaMGZHa0tDWE93Znh1bGRnRUNUVmtXd1lmVXRYc3JhaDlQZDZreXpKNGZxZDhuQlVwZC9jZ3ppUjErV1VUWHVvMWx1SjNLZ3A5VVQzWFFZdVcyR0pkVmZaMC9BcDgiLCJtYWMiOiI0YzY4ZDQ5YTQ0NzhlNDNmMjg2N2RhZmQ5MGU4OWM4MDMyZjVjYWNjNjYzMmQxYjU0YTdlNjQ2MDE5ZTc1YmY1IiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6InAxMEZYYlNCNXVUd0pQYklmYmZMNnc9PSIsInZhbHVlIjoiUmZiNUJ5Y294Y2ZsNnRXa0VPQ2RmbGxlT3QzWi9LNXJsbS95MWtWcVhTd2ZNa2Rpa2lYYjV6Uyt6dEdSelBTM2tWSFhkYlpFODR5ZTR1bzFSQXJJT25JVGIrTU9mNXdFa2F0akdzL1h0Wnc9IiwibWFjIjoiYjAwMDYzYjVmMWI0YmZmOGQwMjM1OWZjMDM4Yjk3NGJjN2NjYTlhNmE2ZTRmMDJiZTlkMDJkMmYwODczOWIzMCIsInRhZyI6IiJ9; userSessionID=eyJpdiI6IlROSEU2Y0xickFNb2RtRWdoVzhmU1E9PSIsInZhbHVlIjoiZWc1TzNnSzVFa3BsVDQ0akZrM2Zmc1gzK1kxT3JHMzd5Z2tUczFJbHRadVZKUDhPbjU3a0txbWtySVA1OEhlbVZEVXhGS1A0cjFWR21TZlJ5TkxuZHVNRUIwM1ZPSWdxMGxLTlczQW93MFk9IiwibWFjIjoiZGYwZWU4MGNiYzQ3OTRlOWYyNWE3NWViOGUzZGZiYmNkYmUxNjEyODgxMDJmMzNhZjdlYmIyZjczZTc5NTVjNCIsInRhZyI6IiJ9; userPermID=eyJpdiI6Im5lVmVNOUF1WHJ6d0tRWGNUQThUVkE9PSIsInZhbHVlIjoiZlk4WGIvNWw1YWI0VU1MdmFJbDJIWGZLalhENXRRcjkzSmcyMGVQaEVKaW5tbU5QcFJKL3gyd0dpcHptbmZPbUxKZ3BObHliRGJKdlhPVVVmb1kwY2FYV2FiREFLS0JJbW5TSFFuOVdmVGM9IiwibWFjIjoiYzY1ZGM5MDNiZjhhMjIzMzczOWNkNTM2MDRhYTEzM2EwMGI1MzllMGY2ZTk4NjNjODVjMTk1Njk1ODQ5ZmY1ZCIsInRhZyI6IiJ9; TS01c950bd=01b02e3e8942438b145ad230d479630861e4b41e127174c9739f23068b344113f2c72a3036776fa1d6a353be744685d87a20141253

HTTP/1.1 200 
Date: Thu, 09 Feb 2023 12:15:01 GMT
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Keep-Alive: timeout=5, max=998
Connection: Keep-Alive
Access-Control-Allow-Origin: *

offdeck.jumpmobile.com.br/prouser/taplingo/tim/footer/

177.71.241.165

200 OK

357 B

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/footer/
IP
177.71.241.165:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
357 B (357 bytes)
Hash
860dbd50a412d73e09a685597cc23459
c18867fd61ed6c526f8a14a22f9f297b9b9e5515
aa358b227501939cf749bf56e4566f49499b5f13e4e4438e2c678df1e051a1cc

HTTP Headers

GET /prouser/taplingo/tim/footer/ HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 09 Feb 2023 12:15:01 GMT
content-type: text/html; charset=UTF-8
content-length: 357
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
x-frame-options: allow-from http://auth3.tim.com.br/
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.46

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 09 Feb 2023 11:45:20 GMT
expires: Thu, 09 Feb 2023 13:45:20 GMT
cache-control: public, max-age=7200
age: 1781
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a746d459d4fbc7da99072462ed09b456
6ca7c899101b7ddcc1228f148cdcf16113a805f7
cbed8854f94d225ec82298e5039b9c163f58f9fede0db72510d22867003cb4a6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 12:15:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-145115646-58&cid=1619321933.1675944961&jid=1542727601&gjid=724146821&_gid=1208294713.1675944961&_u=YCDAgEABAAAAAEAAI~&z=1720116254

64.233.164.154

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-145115646-58&cid=1619321933.1675944961&jid=1542727601&gjid=724146821&_gid=1208294713.1675944961&_u=YCDAgEABAAAAAEAAI~&z=1720116254
IP
64.233.164.154:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-145115646-58&cid=1619321933.1675944961&jid=1542727601&gjid=724146821&_gid=1208294713.1675944961&_u=YCDAgEABAAAAAEAAI~&z=1720116254 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.timpromos.com.br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://www.timpromos.com.br
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 09 Feb 2023 12:15:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a746d459d4fbc7da99072462ed09b456
6ca7c899101b7ddcc1228f148cdcf16113a805f7
cbed8854f94d225ec82298e5039b9c163f58f9fede0db72510d22867003cb4a6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 12:15:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
84889b914548f7820766f27a40699cfa
bc674cdb5819759b5ecd5aabfde47f56127f5d89
e2a69fe4edd028d00a8a744b62ef51dada2aff144da0cd9813efc887a11f70a8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 12:15:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
72226fa2f9513f894889fa652cb2a8bf
8a1b4f108db687c34b334a94e6d931544fd7508e
a70034db82d42d5deb58f551cb4de47a5cf6b226dbc9aa98892adb62c2f73289

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 12:15:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1619321933.1675944961&jid=1542727601&_u=YCDAgEABAAAAAEAAI~&z=1168987507

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1619321933.1675944961&jid=1542727601&_u=YCDAgEABAAAAAEAAI~&z=1168987507
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1619321933.1675944961&jid=1542727601&_u=YCDAgEABAAAAAEAAI~&z=1168987507 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 09 Feb 2023 12:15:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1619321933.1675944961&jid=1542727601&_u=YCDAgEABAAAAAEAAI~&z=1168987507

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1619321933.1675944961&jid=1542727601&_u=YCDAgEABAAAAAEAAI~&z=1168987507
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1619321933.1675944961&jid=1542727601&_u=YCDAgEABAAAAAEAAI~&z=1168987507 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 09 Feb 2023 12:15:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/header.png

177.71.241.165

200 OK

44 kB

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/header.png
IP
177.71.241.165:0
ASN
#16509 AMAZON-02

File type
PNG image data, 371 x 271, 8-bit/color RGBA, non-interlaced\012- data
Size
44 kB (43907 bytes)
Hash
fbfc13255d88a6dc8f97c851256cf6a2
0b9ee7207a0f23b72d09efebbe0da2cc8ad1375b
a30dba0eedff8c59660e537579869c711d63fe002dd2649ac9fcb4bb55ae1b02

HTTP Headers

GET /prouser/taplingo/tim/images/header.png HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/header/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 09 Feb 2023 12:15:01 GMT
content-type: image/png
content-length: 43907
server: Apache/2.4.38 (Debian)
last-modified: Sat, 19 Mar 2022 00:28:49 GMT
etag: "ab83-5da8758cfb240"
accept-ranges: bytes
X-Firefox-Spdy: h2

offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/footer.png

177.71.241.165

200 OK

9.2 kB

URL HTTP/2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/footer.png
IP
177.71.241.165:0
ASN
#16509 AMAZON-02

File type
PNG image data, 395 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
9.2 kB (9159 bytes)
Hash
ee016d74f31893d53abe00745a623884
22156ecac466c0042b2c0274338d3b7ac5c41328
b5ce00dc7f8a7fc2d0caaf2836b9380741baa74cf28abfe46d130bfe918c40e5

HTTP Headers

GET /prouser/taplingo/tim/images/footer.png HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/footer/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 09 Feb 2023 12:15:01 GMT
content-type: image/png
content-length: 9159
server: Apache/2.4.38 (Debian)
last-modified: Sat, 19 Mar 2022 00:28:49 GMT
etag: "23c7-5da8758cfb240"
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
44fc0cb48c26edb9ce36736707b9182a
62de7faa3e8171c0d38a2e03a604d2545a3ede7f
9e511ad6ed9e7c5f28f573422e3891d2f4e5c2ba5107f7eda808c529a95931a2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 12:15:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
72226fa2f9513f894889fa652cb2a8bf
8a1b4f108db687c34b334a94e6d931544fd7508e
a70034db82d42d5deb58f551cb4de47a5cf6b226dbc9aa98892adb62c2f73289

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 12:15:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

region1.google-analytics.com/g/collect?v=2&tid=G-Z2QSK4XKQP&gtm=45je3280&_p=197149587&cid=1619321933.1675944961&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675944960&sct=1&seg=0&dl=http%3A%2F%2Fwww.timpromos.com.br%2FPTS%2Fredirect%3Fappid%3D14559%26serviceProvider%3Dprouser%26requestId%3DA9367429139042268245D2103B26B49D%26campaign%3D58%26clickID%3D2p34458f14ik%26trafficSource%3DTECHFLOW%26publisher%3DTECHFLOW&dt=&en=OTA_Taplingo_Wifi_Users&_fv=1&_nsi=1&_ss=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-Z2QSK4XKQP&gtm=45je3280&_p=197149587&cid=1619321933.1675944961&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675944960&sct=1&seg=0&dl=http%3A%2F%2Fwww.timpromos.com.br%2FPTS%2Fredirect%3Fappid%3D14559%26serviceProvider%3Dprouser%26requestId%3DA9367429139042268245D2103B26B49D%26campaign%3D58%26clickID%3D2p34458f14ik%26trafficSource%3DTECHFLOW%26publisher%3DTECHFLOW&dt=&en=OTA_Taplingo_Wifi_Users&_fv=1&_nsi=1&_ss=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-Z2QSK4XKQP&gtm=45je3280&_p=197149587&cid=1619321933.1675944961&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675944960&sct=1&seg=0&dl=http%3A%2F%2Fwww.timpromos.com.br%2FPTS%2Fredirect%3Fappid%3D14559%26serviceProvider%3Dprouser%26requestId%3DA9367429139042268245D2103B26B49D%26campaign%3D58%26clickID%3D2p34458f14ik%26trafficSource%3DTECHFLOW%26publisher%3DTECHFLOW&dt=&en=OTA_Taplingo_Wifi_Users&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.timpromos.com.br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: http://www.timpromos.com.br
date: Thu, 09 Feb 2023 12:15:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

auth3.tim.com.br/OTP/css/TIM-Login-styles-sheet.css

45.60.65.22

200 OK

0 B

URL HTTP/2
auth3.tim.com.br/OTP/css/TIM-Login-styles-sheet.css
IP
45.60.65.22:0
ASN
#19551 INCAPSULA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /OTP/css/TIM-Login-styles-sheet.css HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 09 Feb 2023 12:15:00 GMT
server: Apache
last-modified: Thu, 04 May 2017 03:57:51 GMT
etag: "1742c1-539a-54eaac6d7edc0"
accept-ranges: bytes
content-type: text/css
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91fdeo20101; expires=Thu, 09-Feb-2023 13:15:00 GMT; path=/; Httponly; Secure
visid_incap_2787765=qZegAsxtRWGMoG8GKhoh5cPj5GMAAAAAQUIPAAAAAACNG+Dn+UFx86cqd3dKRCR4; expires=Thu, 08 Feb 2024 22:31:22 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_633_2787765=w3tXUEHvlBT0aVHSp97ICMTj5GMAAAAAF3y+Z/OlSn4pbRJSVsUVwg==; path=/; Domain=.tim.com.br
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 4-11413370-11413372 NNYN CT(240 727 0) RT(1675944899415 18) q(0 0 10 0) r(12 12) U5
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML