r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d9435c884bf4a0777fdf4b57079ae09
7f04b9db47ffeec90ac6397416b7553e5336a550
fe77420ec3a11f547cf5172b68d30faa4fe0c13165ae305f0013b02914e61084
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE77420EC3A11F547CF5172B68D30FAA4FE0C13165AE305F0013B02914E61084"
Last-Modified: Sat, 25 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15288
Expires: Sun, 26 Mar 2023 02:38:02 GMT
Date: Sat, 25 Mar 2023 22:23:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfd491ebe7381221b3674c2c8bf9e566
d2ac5badf17f348c28a52e9db10e6eb80e5a231a
34a026664386054b0b73c36cd1ddfce023551ee41963df0e38248bac1e1eb56c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34A026664386054B0B73C36CD1DDFCE023551EE41963DF0E38248BAC1E1EB56C"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17327
Expires: Sun, 26 Mar 2023 03:12:01 GMT
Date: Sat, 25 Mar 2023 22:23:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Mar 2023 22:15:29 GMT
content-type: application/json
age: 465
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1313ee2f06606d09c45b06ff9e8e1001
285ca89d1d3ea45d35832bc6d9827f834b3bfe21
63463447d29550c3734f621be02ec85290fbdf4612f79f9fad7e94f7e066dcb0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63463447D29550C3734F621BE02EC85290FBDF4612F79F9FAD7E94F7E066DCB0"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4780
Expires: Sat, 25 Mar 2023 23:42:54 GMT
Date: Sat, 25 Mar 2023 22:23:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jfadarT9/t/m3YjURJD6B4l3M4pzcYdRmYWO++sZ+X6sX32ggOOFsyBRy7peW6H3BDLRFP9CAUI7VqGXCTeFfA==
x-amz-request-id: F050W5HD82HRS4CG
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Mar 2023 22:00:57 GMT
age: 1338
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik
54.232.233.188301 Moved Permanently 134 B URL HTTP/1.1 offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik
IP 54.232.233.188:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Sat, 25 Mar 2023 22:23:14 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://offdeck.jumpmobile.com.br:443/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 22:23:14 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Mar 2023 22:14:33 GMT
age: 522
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 717ebcc65cb1390c2509851bac7b5878
1e04e3058329f3809bc01022d441172dcacc1aaa
3c8d41efe14dc75e001ce50aae65e133d90bcb2e2f86b2426cefe7abe4c7b588
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C8D41EFE14DC75E001CE50AAE65E133D90BCB2E2F86B2426CEFE7ABE4C7B588"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8716
Expires: Sun, 26 Mar 2023 00:48:31 GMT
Date: Sat, 25 Mar 2023 22:23:15 GMT
Connection: keep-alive
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash fae26745ac2bb4779b884dadafbb02e5
b5c7e072561ee07a58b561883d7aea5c16c0e96e
81d81564fcd7352fa0cfba50cdbf77429addb1288486c0e43f4072195b70345b
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143760
Date: Sat, 25 Mar 2023 22:23:15 GMT
Etag: "641f02e3-1d7"
Expires: Mon, 27 Mar 2023 14:19:15 GMT
Last-Modified: Sat, 25 Mar 2023 14:19:15 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hf56_nG2JYaEdbMuZBe_WeUQU2yd_C_cxoCxfs5qT8dRI11bGXOW_w==
push.services.mozilla.com/
54.186.87.181101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.87.181:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FbcosvM9m4jUWhOJFn0eiw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wO7L6hlmvhYqMh5i3s0fIOJUgNI=
offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik
54.232.233.188302 Found 0 B URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik
IP 54.232.233.188:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /prouser/taplingo/tim/checkout/?campaignId=Jump&clickId=193tz8e97gik HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Sat, 25 Mar 2023 22:23:15 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: http://checkout.jumpmobile.com.br/c/usercheck?s=1FF224902D5C49AF87802707C5F934BE
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
X-Firefox-Spdy: h2
checkout.jumpmobile.com.br/c/usercheck?s=1FF224902D5C49AF87802707C5F934BE
15.197.162.153307 Temporary Redirect 0 B URL HTTP/1.1 checkout.jumpmobile.com.br/c/usercheck?s=1FF224902D5C49AF87802707C5F934BE
IP 15.197.162.153:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/usercheck?s=1FF224902D5C49AF87802707C5F934BE HTTP/1.1
Host: checkout.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 307 Temporary Redirect
Date: Sat, 25 Mar 2023 22:23:16 GMT
Content-Length: 0
Connection: keep-alive
Location: http://www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW
Set-Cookie: sessionId=1FF224902D5C49AF87802707C5F934BE;Version=1
Server: Jetty(9.3.15.v20161220)
www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW
91.241.94.8200 OK 43 kB URL HTTP/1.1 www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW
IP 91.241.94.8:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62428)
Hash 2f3bb10441cb682d7d018452c4478fe9
de244fcafdb4b101e8c565ac469628d328beb8e1
a17b8ab789fb10c913349076e1e1a1a6e2a8bbbe66c83a33a4552f0c167e97cd
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET /PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW HTTP/1.1
Host: www.timpromos.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 25 Mar 2023 22:23:16 GMT
Cache-Control: no-cache, private
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
X-Varnish: 432524413
Age: 0
Via: 1.1 varnish (Varnish/6.0)
X-Cache: MISS
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Set-Cookie: ng_session=eyJpdiI6IjNPbXAvdG5SYmV2cG94akJUVVBEOUE9PSIsInZhbHVlIjoiU3dMYVVqR3E3V0IvcTRHeDNyTW1UZTN6OEVzRk5iUnBZbFdoSHpHdnZObFBmZm16dXh4K2JNRUlnTXRkaGZDL29tcGZFVk85L1NWd3dSTjRRd28xdTA0cnE1SEpFZzdqZlNJZTNDQ2xwS09xV01IM1ZzOVpBQmFEYkNIN2VtaU8iLCJtYWMiOiI4MDZjZmRlODRiYzRjY2Q3Y2I5OGE3YWUxMTNlY2QyYTk1ZjQ5ZGZlNGVlZjgxNGUzNGU5OTJkOGIxN2UxMzdjIiwidGFnIjoiIn0%3D; expires=Sun, 26-Mar-2023 04:23:16 GMT; Max-Age=21600; path=/; httponly; samesite=lax
ctxid=eyJpdiI6IkFydkFabGhmMGJxQm9uOG56K0FvckE9PSIsInZhbHVlIjoib0VNRmI5VyttSlVPbGo2ZnhrTmJ6enZrODdvYWovc2dWMjNOR1l5ZDhxbElwYVBQVUZxdXRoSmp1TURaaGd0UUdmUUluUDI3T1dvR3diZGpLS2pCejVoSTNyUGR1OG84MHdGQUNWOVlsS1k9IiwibWFjIjoiNTE3ZWVmOTJmODkwZjM4MjkwMTM1N2Y1MzNhNmRmMDFhZmU3MTI4MWI1YzE4ZTFjY2Q5YTY4NDgyMWQ0MjFmOCIsInRhZyI6IiJ9; expires=Tue, 22-Mar-2033 22:23:16 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
rd=deleted; expires=Fri, 25-Mar-2022 22:23:15 GMT; Max-Age=0; path=/; httponly; samesite=lax
userSessionID=eyJpdiI6InZ2Vkc0Z2NEMGtLL094WDJ2Zk9McHc9PSIsInZhbHVlIjoiRkVuUnJUSkx5bCtGNERZRTVSNSt5c2ZsMTNnNEN0UGhSWnR6K1NORlU0N0dFUTdYTlQ0Njk2ajBITU9uTW1nbG9WcTR2N252dGw2UTkyTFNZaW5XY2c4WjZkZUlxTWhaWk5Ick9oZE9lV1U9IiwibWFjIjoiYmNlMzViNDI2MTUzNTBmYjliY2JjNjBiNTllY2IwZjkyY2E4NDM2NDU1NThmNTcwNzllMDJhMmIxMGYyNjljMiIsInRhZyI6IiJ9; expires=Sat, 25-Mar-2023 22:53:16 GMT; Max-Age=1800; path=/; httponly; samesite=lax
userPermID=eyJpdiI6IndMbEZyV2tOQlpyajV0OWUyalJwQkE9PSIsInZhbHVlIjoiOFA3emc2VHg5c2J1bUVndlc3VVZZY1dIVm54cjN6S3YxY0g1V0JXT3kyTjBrRnV4UVJWeFRwSDkraUVyK3grTVZyNENKVElDdzBUeXVtdHczQlBKZzJtemRvYVhMMlRsZTRPYkJIQ1oxTjQ9IiwibWFjIjoiZmNmNjUxM2NjOTQxMzdiMjdlZDg0Zjg4OWVkODEyY2FiYjc5MjQyNjJhNjQ2ZjZjOTkzZWJkMGU2YjRiMDRhZiIsInRhZyI6IiJ9; expires=Tue, 22-Mar-2033 22:23:16 GMT; Max-Age=315360000; path=/; httponly; samesite=lax
TS01c950bd=01b02e3e8983e6ea6bfd8022cae15c688442c9b818cce3d4146805f270f49395ed30d0339d6001701f758c75030d173c67cbb37979; Path=/; Domain=.www.timpromos.com.br
Keep-Alive: timeout=5, max=1000
Connection: Keep-Alive
Transfer-Encoding: chunked
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11251
Expires: Sun, 26 Mar 2023 01:30:48 GMT
Date: Sat, 25 Mar 2023 22:23:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11251
Expires: Sun, 26 Mar 2023 01:30:48 GMT
Date: Sat, 25 Mar 2023 22:23:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11251
Expires: Sun, 26 Mar 2023 01:30:48 GMT
Date: Sat, 25 Mar 2023 22:23:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb3b49ab-f78e-4860-8aae-369eacfe43e3.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb3b49ab-f78e-4860-8aae-369eacfe43e3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6530dbbc16d84b7047fa4bc66364fbf4
a53e0919923151e009e12010c60acb5a9175d37e
e64a2699e763d75a068ee6ceafd4eb2a1922488dc2e052699fb4242f0bf20524
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb3b49ab-f78e-4860-8aae-369eacfe43e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9486
x-amzn-requestid: b0324b5e-303e-485a-ae57-c001378aa401
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW2eRHjaoAMF74w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f6ac1-27f002da252bd7ee19802f3d;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:42:25 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: V-lhHgr1lyxVF9XaxHQ6abgEwVC_llAl8opmQ8qKJ7Ee76HWSP1ZoA==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 22:08:53 GMT
age: 864
etag: "a53e0919923151e009e12010c60acb5a9175d37e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: I3GuoZ4ZxAtz0sKe3wrW67aitLlCAbaZkiPw23fl0F3FoumJDEnXiQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 05:56:24 GMT
age: 59213
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75161517-cef9-4f1d-98e1-296b5088de2a.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75161517-cef9-4f1d-98e1-296b5088de2a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ff8bb94dc368c89ab13dfcfe312e5cd
7819408faa7e232c57bf448d78cf00e7f98469f6
2a04de377d0d4c7cd4a720420806e3f7a872290fad006ef6a172b86d7c249378
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75161517-cef9-4f1d-98e1-296b5088de2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7882
x-amzn-requestid: cdb6c312-e4b1-41e4-a13e-723f8628961d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW3M0G_3oAMFpWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f6beb-37ff37b35f2de72b6faf0bf9;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:47:23 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 36IijBFVCfKpOEcor_pSyo94rbX4Ym1SD_XbGZIoY16BLfcALXcS1w==
via: 1.1 ba490acb2ea716cd57876286ed686786.cloudfront.net (CloudFront), 1.1 1570d93226c1bbca2ebaad510cff3e0c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 22:08:53 GMT
etag: "7819408faa7e232c57bf448d78cf00e7f98469f6"
content-type: image/jpeg
age: 864
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd27448b3-5d7d-4249-939a-22a55ff03bfc.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd27448b3-5d7d-4249-939a-22a55ff03bfc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4079fe41a14c57ac6160bdb654f6ef64
99d9cd4a1d423d776284f2d638763ebe33e247ad
218e38cf89853672bb8b24c1c53d58092a75827fb9f7aad02c8e4bbc02d44325
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd27448b3-5d7d-4249-939a-22a55ff03bfc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5916
x-amzn-requestid: 86502622-4d93-4767-a7ab-b963bfc9900b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1kUHgjoAMFmug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f694e-069ef5781ce60e9821010204;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:36:14 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: r9nGZ_sMvuN7uuq8utQofWNeZtbpZfPWOzrNkaBYrmWCV5KUtGzK4w==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:37:07 GMT
age: 2770
etag: "99d9cd4a1d423d776284f2d638763ebe33e247ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9e781aa-3802-4cf5-a484-251a54be7c3b.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9e781aa-3802-4cf5-a484-251a54be7c3b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6ca6091f5f9efa5c7a2e171b1c1538eb
32f01282a1c9e7db058c85e92a1228d498988ac2
9befacd1e0f1f863b1290e9742979a62ece98feff88f7cc3db57f4497ea96a49
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9e781aa-3802-4cf5-a484-251a54be7c3b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7156
x-amzn-requestid: 4c7fa12f-7a53-4960-bcf2-e88ccda4ea12
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1uTGq2IAMFY9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f698e-381360a95cc2762d499e2839;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:37:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 9CXL22uAnmLM15tpB3yS-cgRugdZre0cgBqhnsDrdxDp-xvFzy7A4g==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:37:18 GMT
etag: "32f01282a1c9e7db058c85e92a1228d498988ac2"
content-type: image/jpeg
age: 2759
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F381b1b42-2394-4e4e-bb0a-986511a19bd1.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F381b1b42-2394-4e4e-bb0a-986511a19bd1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8dc799aaa2f69ef1109501a605dbdcfd
58cefa986d580ee408fbca288e3e45ba86fb97ac
54fa967d6b96b456416c62140a4eb9b6cda29b80d5083b5d1321b1fb89b3455f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F381b1b42-2394-4e4e-bb0a-986511a19bd1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9124
x-amzn-requestid: 30a39bb7-d3cc-473a-a5f9-4921367832c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1kUESiIAMFVEQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f694e-6c9bb97512fc3c8a3ecedc43;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:36:14 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: _4VxID1v_auG0Vuzp87FJoPbgJovhYYYa1fpzQZze51I6HwFKbja6w==
via: 1.1 6af36c6902a46beec743522a9bbb3ab0.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 21:37:20 GMT
age: 2757
etag: "58cefa986d580ee408fbca288e3e45ba86fb97ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash fae26745ac2bb4779b884dadafbb02e5
b5c7e072561ee07a58b561883d7aea5c16c0e96e
81d81564fcd7352fa0cfba50cdbf77429addb1288486c0e43f4072195b70345b
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143758
Date: Sat, 25 Mar 2023 22:23:17 GMT
Etag: "641f02e3-1d7"
Expires: Mon, 27 Mar 2023 14:19:15 GMT
Last-Modified: Sat, 25 Mar 2023 14:19:15 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: s8HgskGot84BhkchORSxqMyfTerEuWfL9N-Rka2mD5sHdRue7kShsg==
offdeck.jumpmobile.com.br/prouser/taplingo/tim/css/
54.232.233.188200 OK 3.4 kB URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/css/
IP 54.232.233.188:0
Hash 08a77650246fbbab17f83c15713d79c9
08c4849acd7f03ceee96c95b2cdf3be577d99b37
7e28c236869355471ce54cb16993984fb1c5266ec0b479b4fa11b422b73fd0f0
GET /prouser/taplingo/tim/css/ HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:17 GMT
content-type: text/css;charset=UTF-8
content-length: 3426
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
www.timpromos.com.br/security-platform-web/web/v1/content/view/Confirmation/br_tim/AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E
91.241.94.8200 51 B URL HTTP/1.1 www.timpromos.com.br/security-platform-web/web/v1/content/view/Confirmation/br_tim/AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E
IP 91.241.94.8:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 49cdc214849d5ced018d230677b14076
0e75513436e6b01963759f6a88282445ff2e5b3a
7455bacb03f7ef04d79010638db14d8434cf7a349914c2ee99eb5d4220338675
GET /security-platform-web/web/v1/content/view/Confirmation/br_tim/AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E HTTP/1.1
Host: www.timpromos.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW
Cookie: ng_session=eyJpdiI6IjNPbXAvdG5SYmV2cG94akJUVVBEOUE9PSIsInZhbHVlIjoiU3dMYVVqR3E3V0IvcTRHeDNyTW1UZTN6OEVzRk5iUnBZbFdoSHpHdnZObFBmZm16dXh4K2JNRUlnTXRkaGZDL29tcGZFVk85L1NWd3dSTjRRd28xdTA0cnE1SEpFZzdqZlNJZTNDQ2xwS09xV01IM1ZzOVpBQmFEYkNIN2VtaU8iLCJtYWMiOiI4MDZjZmRlODRiYzRjY2Q3Y2I5OGE3YWUxMTNlY2QyYTk1ZjQ5ZGZlNGVlZjgxNGUzNGU5OTJkOGIxN2UxMzdjIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6IkFydkFabGhmMGJxQm9uOG56K0FvckE9PSIsInZhbHVlIjoib0VNRmI5VyttSlVPbGo2ZnhrTmJ6enZrODdvYWovc2dWMjNOR1l5ZDhxbElwYVBQVUZxdXRoSmp1TURaaGd0UUdmUUluUDI3T1dvR3diZGpLS2pCejVoSTNyUGR1OG84MHdGQUNWOVlsS1k9IiwibWFjIjoiNTE3ZWVmOTJmODkwZjM4MjkwMTM1N2Y1MzNhNmRmMDFhZmU3MTI4MWI1YzE4ZTFjY2Q5YTY4NDgyMWQ0MjFmOCIsInRhZyI6IiJ9; userSessionID=eyJpdiI6InZ2Vkc0Z2NEMGtLL094WDJ2Zk9McHc9PSIsInZhbHVlIjoiRkVuUnJUSkx5bCtGNERZRTVSNSt5c2ZsMTNnNEN0UGhSWnR6K1NORlU0N0dFUTdYTlQ0Njk2ajBITU9uTW1nbG9WcTR2N252dGw2UTkyTFNZaW5XY2c4WjZkZUlxTWhaWk5Ick9oZE9lV1U9IiwibWFjIjoiYmNlMzViNDI2MTUzNTBmYjliY2JjNjBiNTllY2IwZjkyY2E4NDM2NDU1NThmNTcwNzllMDJhMmIxMGYyNjljMiIsInRhZyI6IiJ9; userPermID=eyJpdiI6IndMbEZyV2tOQlpyajV0OWUyalJwQkE9PSIsInZhbHVlIjoiOFA3emc2VHg5c2J1bUVndlc3VVZZY1dIVm54cjN6S3YxY0g1V0JXT3kyTjBrRnV4UVJWeFRwSDkraUVyK3grTVZyNENKVElDdzBUeXVtdHczQlBKZzJtemRvYVhMMlRsZTRPYkJIQ1oxTjQ9IiwibWFjIjoiZmNmNjUxM2NjOTQxMzdiMjdlZDg0Zjg4OWVkODEyY2FiYjc5MjQyNjJhNjQ2ZjZjOTkzZWJkMGU2YjRiMDRhZiIsInRhZyI6IiJ9; TS01c950bd=01b02e3e8983e6ea6bfd8022cae15c688442c9b818cce3d4146805f270f49395ed30d0339d6001701f758c75030d173c67cbb37979
HTTP/1.1 200
Date: Sat, 25 Mar 2023 22:23:18 GMT
Cache-Control: no-store, private
Content-Disposition: attachment; filename="pixel"
Pragma: no-cache
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 51
Keep-Alive: timeout=5, max=999
Connection: Keep-Alive
Access-Control-Allow-Origin: *
analytics-br-tim.securewebfraud.io/web/v1/content/view/Confirmation/br_tim/AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E
91.220.208.18200 51 B URL HTTP/1.1 analytics-br-tim.securewebfraud.io/web/v1/content/view/Confirmation/br_tim/AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E
IP 91.220.208.18:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
File type GIF image data, version 89a, 1 x 1\012- data
Hash 49cdc214849d5ced018d230677b14076
0e75513436e6b01963759f6a88282445ff2e5b3a
7455bacb03f7ef04d79010638db14d8434cf7a349914c2ee99eb5d4220338675
GET /web/v1/content/view/Confirmation/br_tim/AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E HTTP/1.1
Host: analytics-br-tim.securewebfraud.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.timpromos.com.br/
HTTP/1.1 200
Date: Sat, 25 Mar 2023 22:23:18 GMT
Cache-Control: no-store, private
Content-Disposition: attachment; filename="pixel"
Pragma: no-cache
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 51
Keep-Alive: timeout=2, max=1000
Connection: Keep-Alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e6775cb573aaee995c89d41b6be93723
cad165485f34023136370b32999077f4928c68c5
c14056ae20c7cd552209571a3430df2711ec94a5f8ee42c1693a3bf2d04b30ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-K3HVTMM
142.250.74.168200 OK 51 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-K3HVTMM
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash af18e1ea8bb9081000bac9fbd2fb5b34
9cf5b3d38dca2d3b7cc3a2d5b3da9f00c43d81ed
55577ba224189836b35e7473880570434f7a5eb38fe7a754e1ff903678568059
GET /gtm.js?id=GTM-K3HVTMM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Mar 2023 22:23:18 GMT
expires: Sat, 25 Mar 2023 22:23:18 GMT
cache-control: private, max-age=900
last-modified: Sat, 25 Mar 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50793
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e6775cb573aaee995c89d41b6be93723
cad165485f34023136370b32999077f4928c68c5
c14056ae20c7cd552209571a3430df2711ec94a5f8ee42c1693a3bf2d04b30ce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.timpromos.com.br/security-platform-web/api/v1/beacon/retrieve?secureSessionId=AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E
91.241.94.8200 0 B URL HTTP/1.1 www.timpromos.com.br/security-platform-web/api/v1/beacon/retrieve?secureSessionId=AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E
IP 91.241.94.8:0
ASN #49582 Upstream Telecommunications And Software Systems S.A.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /security-platform-web/api/v1/beacon/retrieve?secureSessionId=AQ4z3kkdXclzfX2jC0iBLZLTqSyP5bV0SvykcQNempI_KNpELSU2vkL1KO_qc1o-yh0E HTTP/1.1
Host: www.timpromos.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.timpromos.com.br/PTS/redirect?appid=14559&serviceProvider=prouser&requestId=1FF224902D5C49AF87802707C5F934BE&campaign=58&clickID=193tz8e97gik&trafficSource=TECHFLOW&publisher=TECHFLOW
Cookie: ng_session=eyJpdiI6IjNPbXAvdG5SYmV2cG94akJUVVBEOUE9PSIsInZhbHVlIjoiU3dMYVVqR3E3V0IvcTRHeDNyTW1UZTN6OEVzRk5iUnBZbFdoSHpHdnZObFBmZm16dXh4K2JNRUlnTXRkaGZDL29tcGZFVk85L1NWd3dSTjRRd28xdTA0cnE1SEpFZzdqZlNJZTNDQ2xwS09xV01IM1ZzOVpBQmFEYkNIN2VtaU8iLCJtYWMiOiI4MDZjZmRlODRiYzRjY2Q3Y2I5OGE3YWUxMTNlY2QyYTk1ZjQ5ZGZlNGVlZjgxNGUzNGU5OTJkOGIxN2UxMzdjIiwidGFnIjoiIn0%3D; ctxid=eyJpdiI6IkFydkFabGhmMGJxQm9uOG56K0FvckE9PSIsInZhbHVlIjoib0VNRmI5VyttSlVPbGo2ZnhrTmJ6enZrODdvYWovc2dWMjNOR1l5ZDhxbElwYVBQVUZxdXRoSmp1TURaaGd0UUdmUUluUDI3T1dvR3diZGpLS2pCejVoSTNyUGR1OG84MHdGQUNWOVlsS1k9IiwibWFjIjoiNTE3ZWVmOTJmODkwZjM4MjkwMTM1N2Y1MzNhNmRmMDFhZmU3MTI4MWI1YzE4ZTFjY2Q5YTY4NDgyMWQ0MjFmOCIsInRhZyI6IiJ9; userSessionID=eyJpdiI6InZ2Vkc0Z2NEMGtLL094WDJ2Zk9McHc9PSIsInZhbHVlIjoiRkVuUnJUSkx5bCtGNERZRTVSNSt5c2ZsMTNnNEN0UGhSWnR6K1NORlU0N0dFUTdYTlQ0Njk2ajBITU9uTW1nbG9WcTR2N252dGw2UTkyTFNZaW5XY2c4WjZkZUlxTWhaWk5Ick9oZE9lV1U9IiwibWFjIjoiYmNlMzViNDI2MTUzNTBmYjliY2JjNjBiNTllY2IwZjkyY2E4NDM2NDU1NThmNTcwNzllMDJhMmIxMGYyNjljMiIsInRhZyI6IiJ9; userPermID=eyJpdiI6IndMbEZyV2tOQlpyajV0OWUyalJwQkE9PSIsInZhbHVlIjoiOFA3emc2VHg5c2J1bUVndlc3VVZZY1dIVm54cjN6S3YxY0g1V0JXT3kyTjBrRnV4UVJWeFRwSDkraUVyK3grTVZyNENKVElDdzBUeXVtdHczQlBKZzJtemRvYVhMMlRsZTRPYkJIQ1oxTjQ9IiwibWFjIjoiZmNmNjUxM2NjOTQxMzdiMjdlZDg0Zjg4OWVkODEyY2FiYjc5MjQyNjJhNjQ2ZjZjOTkzZWJkMGU2YjRiMDRhZiIsInRhZyI6IiJ9; TS01c950bd=01b02e3e8983e6ea6bfd8022cae15c688442c9b818cce3d4146805f270f49395ed30d0339d6001701f758c75030d173c67cbb37979
HTTP/1.1 200
Date: Sat, 25 Mar 2023 22:23:18 GMT
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Keep-Alive: timeout=5, max=998
Connection: Keep-Alive
Access-Control-Allow-Origin: *
offdeck.jumpmobile.com.br/prouser/taplingo/tim/header/
54.232.233.188200 OK 234 B URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/header/
IP 54.232.233.188:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cc160afb27685807b41ec5fe29db1c08
f76fa2c371cf87fe3fc2c5c70bca7ce7018cb05a
76e4c70d262f73e9d822908a9e435ae891daf97493b53ca027ea58c2a7b56956
GET /prouser/taplingo/tim/header/ HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:18 GMT
content-type: text/html; charset=UTF-8
content-length: 234
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
x-frame-options: allow-from http://auth3.tim.com.br/
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/footer/
54.232.233.188200 OK 357 B URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/footer/
IP 54.232.233.188:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 860dbd50a412d73e09a685597cc23459
c18867fd61ed6c526f8a14a22f9f297b9b9e5515
aa358b227501939cf749bf56e4566f49499b5f13e4e4438e2c678df1e051a1cc
GET /prouser/taplingo/tim/footer/ HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:18 GMT
content-type: text/html; charset=UTF-8
content-length: 357
server: Apache/2.4.38 (Debian)
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
x-frame-options: allow-from http://auth3.tim.com.br/
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/bg.png
54.232.233.188200 OK 6.3 kB URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/bg.png
IP 54.232.233.188:0
File type PNG image data, 395 x 698, 8-bit/color RGBA, non-interlaced\012- data
Hash 98a6b2fed5d4c43b68d84d3d42f84f7e
3974191efeeace9ca2937d465a6af3e8f95121dd
bf991152257a91ba3a9fb0319d5b580148369650310e938b9c5a2bfb6bf31fac
GET /prouser/taplingo/tim/images/bg.png HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/css/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:18 GMT
content-type: image/png
content-length: 6332
server: Apache/2.4.38 (Debian)
last-modified: Sat, 19 Mar 2022 00:28:49 GMT
etag: "18bc-5da8758cfb240"
accept-ranges: bytes
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.78200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 25 Mar 2023 22:05:11 GMT
expires: Sun, 26 Mar 2023 00:05:11 GMT
cache-control: public, max-age=7200
age: 1088
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5716bd17f0cc1d649bcba4a6400ad0fa
752def7b1cf7d2f2e8213b28cb17f93e1015d333
ef78bd37975cc2a43c78562c8fcd9977f92a2ef525b87cfcef89f114f28eac3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&gjid=1039078428&_gid=1637007602.1679783013&_u=YCDAgEABAAAAAEAAI~&z=1122296904
173.194.221.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&gjid=1039078428&_gid=1637007602.1679783013&_u=YCDAgEABAAAAAEAAI~&z=1122296904
IP 173.194.221.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&gjid=1039078428&_gid=1637007602.1679783013&_u=YCDAgEABAAAAAEAAI~&z=1122296904 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.timpromos.com.br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://www.timpromos.com.br
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 25 Mar 2023 22:23:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5716bd17f0cc1d649bcba4a6400ad0fa
752def7b1cf7d2f2e8213b28cb17f93e1015d333
ef78bd37975cc2a43c78562c8fcd9977f92a2ef525b87cfcef89f114f28eac3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/footer.png
54.232.233.188200 OK 9.2 kB URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/footer.png
IP 54.232.233.188:0
File type PNG image data, 395 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash ee016d74f31893d53abe00745a623884
22156ecac466c0042b2c0274338d3b7ac5c41328
b5ce00dc7f8a7fc2d0caaf2836b9380741baa74cf28abfe46d130bfe918c40e5
GET /prouser/taplingo/tim/images/footer.png HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/footer/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:19 GMT
content-type: image/png
content-length: 9159
server: Apache/2.4.38 (Debian)
last-modified: Sat, 19 Mar 2022 00:28:49 GMT
etag: "23c7-5da8758cfb240"
accept-ranges: bytes
X-Firefox-Spdy: h2
offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/header.png
54.232.233.188200 OK 44 kB URL HTTP/2 offdeck.jumpmobile.com.br/prouser/taplingo/tim/images/header.png
IP 54.232.233.188:0
File type PNG image data, 371 x 271, 8-bit/color RGBA, non-interlaced\012- data
Hash fbfc13255d88a6dc8f97c851256cf6a2
0b9ee7207a0f23b72d09efebbe0da2cc8ad1375b
a30dba0eedff8c59660e537579869c711d63fe002dd2649ac9fcb4bb55ae1b02
GET /prouser/taplingo/tim/images/header.png HTTP/1.1
Host: offdeck.jumpmobile.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://offdeck.jumpmobile.com.br/prouser/taplingo/tim/header/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:19 GMT
content-type: image/png
content-length: 43907
server: Apache/2.4.38 (Debian)
last-modified: Sat, 19 Mar 2022 00:28:49 GMT
etag: "ab83-5da8758cfb240"
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ef8608ef03d2e48c9cd6b665e8b3a946
894e7d4897dabb155138a7cbad323943c0c95122
b1a0d70bdae876e192cb4b9ba7c7f8fb7064ef3796a5d48e14c7b014789f63c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 6bac14ff70f1fb910e47debdd40434da
c2ce59c6cae9af589143a911a086f35db830654d
670d54ab31df749a0b913c0d490e3b1cf835aff2df965d7b6522c6e9ad3d6be2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&_u=YCDAgEABAAAAAEAAI~&z=2075994415
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&_u=YCDAgEABAAAAAEAAI~&z=2075994415
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&_u=YCDAgEABAAAAAEAAI~&z=2075994415 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 22:23:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&_u=YCDAgEABAAAAAEAAI~&z=2075994415
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&_u=YCDAgEABAAAAAEAAI~&z=2075994415
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-145115646-58&cid=1828691068.1679783013&jid=1771289370&_u=YCDAgEABAAAAAEAAI~&z=2075994415 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 22:23:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ef8608ef03d2e48c9cd6b665e8b3a946
894e7d4897dabb155138a7cbad323943c0c95122
b1a0d70bdae876e192cb4b9ba7c7f8fb7064ef3796a5d48e14c7b014789f63c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 7e3ff6b78faf64b75d13e5e4c390f7c5
1ec395988633a280be5876ea74b91b994ca88bda
470501dd8e4cb351f2b3effe7507b9582758ecf492d587545f740c13527289d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Mar 2023 22:23:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-Z2QSK4XKQP>m=45je33m0&_p=782494748&cid=1828691068.1679783013&ul=en-us&sr=1280x1024&_s=1&sid=1679783013&sct=1&seg=0&dl=http%3A%2F%2Fwww.timpromos.com.br%2FPTS%2Fredirect%3Fappid%3D14559%26serviceProvider%3Dprouser%26requestId%3D1FF224902D5C49AF87802707C5F934BE%26campaign%3D58%26clickID%3D193tz8e97gik%26trafficSource%3DTECHFLOW%26publisher%3DTECHFLOW&dt=&en=OTA_Taplingo_Wifi_Users&_fv=1&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-Z2QSK4XKQP>m=45je33m0&_p=782494748&cid=1828691068.1679783013&ul=en-us&sr=1280x1024&_s=1&sid=1679783013&sct=1&seg=0&dl=http%3A%2F%2Fwww.timpromos.com.br%2FPTS%2Fredirect%3Fappid%3D14559%26serviceProvider%3Dprouser%26requestId%3D1FF224902D5C49AF87802707C5F934BE%26campaign%3D58%26clickID%3D193tz8e97gik%26trafficSource%3DTECHFLOW%26publisher%3DTECHFLOW&dt=&en=OTA_Taplingo_Wifi_Users&_fv=1&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-Z2QSK4XKQP>m=45je33m0&_p=782494748&cid=1828691068.1679783013&ul=en-us&sr=1280x1024&_s=1&sid=1679783013&sct=1&seg=0&dl=http%3A%2F%2Fwww.timpromos.com.br%2FPTS%2Fredirect%3Fappid%3D14559%26serviceProvider%3Dprouser%26requestId%3D1FF224902D5C49AF87802707C5F934BE%26campaign%3D58%26clickID%3D193tz8e97gik%26trafficSource%3DTECHFLOW%26publisher%3DTECHFLOW&dt=&en=OTA_Taplingo_Wifi_Users&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.timpromos.com.br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://www.timpromos.com.br
date: Sat, 25 Mar 2023 22:23:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
auth3.tim.com.br/OTP/css/TIM-Login-styles-sheet.css
45.60.65.22200 OK 0 B URL HTTP/2 auth3.tim.com.br/OTP/css/TIM-Login-styles-sheet.css
IP 45.60.65.22:0
GET /OTP/css/TIM-Login-styles-sheet.css HTTP/1.1
Host: auth3.tim.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.timpromos.com.br/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Mar 2023 22:23:18 GMT
server: Apache
last-modified: Thu, 04 May 2017 03:57:51 GMT
etag: "f8065-539a-54eaac6d7edc0"
accept-ranges: bytes
content-type: text/css
set-cookie: tim_cookie=rd51o00000000000000000000ffff0aa91fb4o20101; expires=Sat, 25-Mar-2023 23:23:18 GMT; path=/; Httponly; Secure
visid_incap_2787765=AoMmX5KFQNOqFyicFxGDQEd0H2QAAAAAQUIPAAAAAACr8W7LStRwDnKvtKf/Un/w; expires=Sat, 23 Mar 2024 22:50:10 GMT; HttpOnly; path=/; Domain=.tim.com.br
incap_ses_276_2787765=MiWWJbH93R+Kizv4Lo3UA1V0H2QAAAAAk4W66mFfkP7Lyr5zOhS1zw==; path=/; Domain=.tim.com.br
x-cdn: Imperva
content-encoding: gzip
x-iinfo: 5-14075371-14075373 NNYN CT(257 777 0) RT(1679782996030 18) q(0 0 10 0) r(13 13) U24
X-Firefox-Spdy: h2